| /* |
| * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| import com.sun.security.auth.UnixPrincipal; |
| |
| import javax.security.auth.Subject; |
| import javax.security.auth.callback.*; |
| import javax.security.auth.login.FailedLoginException; |
| import javax.security.auth.login.LoginContext; |
| import javax.security.auth.login.LoginException; |
| import javax.security.auth.spi.LoginModule; |
| import java.io.IOException; |
| import java.security.Principal; |
| import java.util.ArrayList; |
| import java.util.List; |
| import java.util.Map; |
| |
| /* |
| * @test |
| * @bug 8050460 |
| * @summary Test checks that proper methods associated with login/logout process |
| * of LoginContext are called for different configurations and circumstances. |
| * @modules jdk.security.auth |
| * |
| * @run main/othervm LCTest EmptyModuleConfig false |
| * @run main/othervm LCTest IncorrectName false |
| * @run main/othervm LCTest AbortRequisite false abort |
| * @run main/othervm LCTest AbortSufficient false abort |
| * @run main/othervm LCTest AbortRequired false abort |
| * @run main/othervm LCTest LogoutRequisite false logout |
| * @run main/othervm LCTest LogoutSufficient true logout |
| * @run main/othervm LCTest LogoutRequired false logout |
| * @run main/othervm LCTest LoginRequisite false login |
| * @run main/othervm LCTest LoginSufficient true login |
| * @run main/othervm LCTest LoginRequired false login |
| */ |
| |
| public class LCTest { |
| |
| private static final String USER_NAME = "testUser"; |
| private static final String PASSWORD = "testPassword"; |
| private static final List<String> loggedActions = new ArrayList<>(); |
| |
| static { |
| System.setProperty("java.security.auth.login.config", |
| System.getProperty("test.src") |
| + System.getProperty("file.separator") |
| + "LCTest.jaas.config"); |
| } |
| |
| public static void main(String[] args) { |
| if (args.length < 2) { |
| throw new RuntimeException("Incorrect test params"); |
| } |
| String nameOfContext = args[0]; |
| boolean isPositive = Boolean.parseBoolean(args[1]); |
| String actionName = null; |
| if (args.length == 3) { |
| actionName = args[2]; |
| } |
| try { |
| LoginContext lc = new LoginContext(nameOfContext, |
| new MyCallbackHandler()); |
| lc.login(); |
| checkPrincipal(lc, true); |
| lc.logout(); |
| checkPrincipal(lc, false); |
| if (!isPositive) { |
| throw new RuntimeException("Test failed. Exception expected."); |
| } |
| } catch (LoginException le) { |
| if (isPositive) { |
| throw new RuntimeException("Test failed. Unexpected " + |
| "exception", le); |
| } |
| System.out.println("Expected exception: " |
| + le.getMessage()); |
| } |
| checkActions(actionName); |
| System.out.println("Test passed."); |
| } |
| |
| /* |
| * Log action from login modules |
| */ |
| private static void logAction(String actionName) { |
| loggedActions.add(actionName); |
| } |
| |
| /* |
| * Check if logged actions are as expected. We always expected 3 actions |
| * if any. |
| */ |
| private static void checkActions(String actionName) { |
| if (actionName == null) { |
| if (loggedActions.size() != 0) { |
| throw new RuntimeException("No logged actions expected"); |
| } |
| } else { |
| int loggedActionsFound = 0; |
| System.out.println("Logged actions : " + loggedActions); |
| for (String s : loggedActions) { |
| if (s.equals(actionName)) { |
| loggedActionsFound++; |
| } |
| } |
| if (loggedActionsFound != 3) { |
| throw new RuntimeException("Incorrect number of actions " + |
| actionName + " : " + loggedActionsFound); |
| } |
| } |
| } |
| |
| /* |
| * Check context for principal of the test user. |
| */ |
| private static void checkPrincipal(LoginContext loginContext, boolean |
| principalShouldExist) { |
| if (!principalShouldExist) { |
| if (loginContext.getSubject().getPrincipals().size() != 0) { |
| throw new RuntimeException("Test failed. Principal was not " + |
| "cleared."); |
| } |
| } else { |
| for (Principal p : loginContext.getSubject().getPrincipals()) { |
| if (p instanceof UnixPrincipal && |
| USER_NAME.equals(p.getName())) { |
| //Proper principal was found, return. |
| return; |
| } |
| } |
| throw new RuntimeException("Test failed. UnixPrincipal " |
| + USER_NAME + " expected."); |
| } |
| } |
| |
| private static class MyCallbackHandler implements CallbackHandler { |
| |
| @Override |
| public void handle(Callback[] callbacks) throws IOException, |
| UnsupportedCallbackException { |
| for (Callback callback : callbacks) { |
| if (callback instanceof NameCallback) { |
| ((NameCallback) callback).setName(USER_NAME); |
| } else if (callback instanceof PasswordCallback) { |
| ((PasswordCallback) callback).setPassword( |
| PASSWORD.toCharArray()); |
| } else { |
| throw new UnsupportedCallbackException(callback); |
| } |
| } |
| } |
| } |
| |
| /* ------------------------------------------------------------------------- |
| * Test login modules |
| * ------------------------------------------------------------------------- |
| */ |
| |
| /* |
| * Login module that should pass through all phases. |
| */ |
| public static class LoginModuleAllPass extends LoginModuleBase { |
| |
| } |
| |
| /* |
| * Login module that throws Exception in abort method. |
| */ |
| public static class LoginModuleWithAbortException extends LoginModuleBase { |
| |
| @Override |
| public boolean abort() throws LoginException { |
| super.abort(); |
| throw new LoginException("Abort failed!"); |
| } |
| } |
| |
| /* |
| * Login module that throws Exception in login method. |
| */ |
| public static class LoginModuleWithLoginException extends LoginModuleBase { |
| |
| @Override |
| public boolean login() throws LoginException { |
| super.login(); |
| throw new FailedLoginException("Login failed!"); |
| } |
| } |
| |
| /* |
| * Login module that throws Exception in logout method. |
| */ |
| public static class LoginModuleWithLogoutException extends LoginModuleBase { |
| |
| @Override |
| public boolean logout() throws LoginException { |
| super.logout(); |
| throw new FailedLoginException("Logout failed!"); |
| } |
| } |
| |
| /* |
| * Base class for login modules |
| */ |
| public static abstract class LoginModuleBase implements LoginModule { |
| // initial state |
| private Subject subject; |
| private CallbackHandler callbackHandler; |
| private Map sharedState; |
| private Map options; |
| private UnixPrincipal userPrincipal; |
| |
| // username and password |
| private String username; |
| private String password; |
| |
| // the authentication status |
| private boolean succeeded = false; |
| private boolean commitSucceeded = false; |
| |
| @Override |
| public void initialize(Subject subject, CallbackHandler callbackHandler, |
| Map<String, ?> sharedState, Map<String, ?> options) { |
| |
| this.subject = subject; |
| this.callbackHandler = callbackHandler; |
| this.sharedState = sharedState; |
| this.options = options; |
| System.out.println("Login module initialized."); |
| } |
| |
| /* |
| * Authenticate the user by prompting for a username and password. |
| */ |
| @Override |
| public boolean login() throws LoginException { |
| LCTest.logAction("login"); |
| if (callbackHandler == null) { |
| throw new LoginException("No CallbackHandler available"); |
| } |
| |
| Callback[] callbacks = new Callback[2]; |
| callbacks[0] = new NameCallback("Username: "); |
| callbacks[1] = new PasswordCallback("Password: ", false); |
| |
| try { |
| callbackHandler.handle(callbacks); |
| username = ((NameCallback) callbacks[0]).getName(); |
| password = new String(((PasswordCallback) callbacks[1]) |
| .getPassword()); |
| if (username.equals(LCTest.USER_NAME) && |
| password.equals(LCTest.PASSWORD)) { |
| succeeded = true; |
| return true; |
| } |
| throw new FailedLoginException("Incorrect username/password!"); |
| } catch (IOException | UnsupportedCallbackException e) { |
| throw new LoginException("Login failed: " + e.getMessage()); |
| } |
| } |
| |
| @Override |
| public boolean commit() throws LoginException { |
| LCTest.logAction("commit"); |
| if (succeeded == false) { |
| return false; |
| } |
| userPrincipal = new UnixPrincipal(username); |
| final Subject s = subject; |
| final UnixPrincipal up = userPrincipal; |
| java.security.AccessController.doPrivileged |
| ((java.security.PrivilegedAction) () -> { |
| if (!s.getPrincipals().contains(up)) { |
| s.getPrincipals().add(up); |
| } |
| return null; |
| }); |
| password = null; |
| commitSucceeded = true; |
| return true; |
| } |
| |
| @Override |
| public boolean abort() throws LoginException { |
| LCTest.logAction("abort"); |
| if (succeeded == false) { |
| return false; |
| } |
| clearState(); |
| return true; |
| } |
| |
| @Override |
| public boolean logout() throws LoginException { |
| LCTest.logAction("logout"); |
| clearState(); |
| return true; |
| } |
| |
| private void clearState() { |
| if (commitSucceeded) { |
| final Subject s = subject; |
| final UnixPrincipal up = userPrincipal; |
| java.security.AccessController.doPrivileged |
| ((java.security.PrivilegedAction) () -> { |
| s.getPrincipals().remove(up); |
| return null; |
| }); |
| } |
| username = null; |
| password = null; |
| userPrincipal = null; |
| } |
| } |
| |
| } |
