RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test (original) (raw)

Artem Smotrakov artem.smotrakov at oracle.com
Thu Sep 7 07:29:12 UTC 2017

• Previous message (by thread): RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test
• Next message (by thread): RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Max,

In general, looks fine to me. Below are a couple of comments you might want to address.

1. BasicProc.java, it might be better to use named constants for parameters for once() method. That would make it easier to understand what each particular onse() call does

•                once(true, true, true); // pure java

•                if (LIBNAME != null) {

•                    // save a cache for client

•                    Context.fromUserPass(USER, PASS, false)

•                            .ccache("ccache.base");

•                    once(false, false, false); // fail fast for all

native

•                    once(false, true, true);

•                    once(false, true, false);

•                    once(false, false, true);

•                    once(true, true, false);

•                    once(true, false, true);

•                    once(true, false, false);

Enums may help, and might make it simper as well:

•    // Just a marker for which test case is finished

•    String label = (jc?"j":"n") + (js?"j":"n") + (jb?"j":"n");

1. BasicProc.java, could you please add an exception message?

•            if (!Arrays.equals(msg, msg2)) {

•                throw new Exception();

•            }

•            break;

1. BasicProc.java, should the test do some cleanup then?

•        Files.copy(Paths.get("ccache.base"), Paths.get("ccache." +

label));

Artem

On 09/07/2017 03:07 AM, Weijun Wang wrote:

Please take a review at

http://cr.openjdk.java.net/~weijun/8186884/webrev.00/ BasicProc.java is enhanced to use a native JGSS provider, and KDC.java is enhanced to start (not use) a native KDC. For example, you would be able to test interop among Java JGSS, native JGSS (with MIT krb5) and Heimdal KDC with _jtreg -Dnative.krb5.lib=/usr/local/krb5/lib/libgssapikrb5.so _ _-Dnative.kdc.path=/usr/local/heimdal _ test/sun/security/krb5/auto/BasicProc.java Without those 2 new system properties, it behaves like before, i.e. Java GSS on the embedded KDC. Another change in Context.java. Instead of using shared states to provide username and password when doing a krb5 login, a callback handler is used. This is considered more common. An extra permission is needed to read the default username (though I think this can coded as optional). Thanks Max

• Previous message (by thread): RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test
• Next message (by thread): RFR 8186884: Test native KDC, Java krb5 lib, and native krb5 lib in one test
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the security-dev mailing list