1   /*
2    * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.
8    *
9    * This code is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12   * version 2 for more details (a copy is included in the LICENSE file that
13   * accompanied this code).
14   *
15   * You should have received a copy of the GNU General Public License version
16   * 2 along with this work; if not, write to the Free Software Foundation,
17   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18   *
19   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20   * or visit www.oracle.com if you need additional information or have any
21   * questions.
22   */
23  
24  /*
25   * @test 1.2 07/03/29
26   * @bug 4634892
27   * @summary Ensure that client requesting integrity causes resulting channel to
28   * be integrity-protected.
29   */
30  
31  /*
32   * Can set logging to FINEST to view exchange.
33   */
34  import javax.security.sasl.*;
35  import javax.security.auth.callback.*;
36  import java.security.Security;
37  import java.util.*;
38  
39  public class Integrity {
40      private static final String MECH = "DIGEST-MD5";
41      private static final String SERVER_FQDN = "machineX.imc.org";
42      private static final String PROTOCOL = "jmx";
43  
44      private static final byte[] EMPTY = new byte[0];
45  
46      private static String pwfile, namesfile, proxyfile;
47      private static boolean auto;
48      private static boolean verbose = false;
49  
50      private static byte[][] clntdata, srvdata;
51  
52      private static void init(String[] args) throws Exception {
53          if (args.length == 0) {
54              pwfile = "pw.properties";
55              namesfile = "names.properties";
56              auto = true;
57          } else {
58              int i = 0;
59              if (args[i].equals("-m")) {
60                  i++;
61                  auto = false;
62              }
63              if (args.length > i) {
64                  pwfile = args[i++];
65  
66                  if (args.length > i) {
67                      namesfile = args[i++];
68  
69                      if (args.length > i) {
70                          proxyfile = args[i];
71                      }
72                  }
73              } else {
74                  pwfile = "pw.properties";
75                  namesfile = "names.properties";
76              }
77          }
78  
79          initData();
80      }
81  
82  
83      public static void main(String[] args) throws Exception {
84  
85          init(args);
86  
87          CallbackHandler clntCbh = new ClientCallbackHandler(auto);
88  
89          CallbackHandler srvCbh =
90              new PropertiesFileCallbackHandler(pwfile, namesfile, proxyfile);
91  
92          Map srvProps = new HashMap();
93          srvProps.put(Sasl.QOP, "auth-int");
94  
95          Map clntProps = new HashMap();
96          clntProps.put(Sasl.QOP, "auth-int");
97  
98          SaslClient clnt = Sasl.createSaslClient(
99              new String[]{MECH}, null, PROTOCOL, SERVER_FQDN, clntProps, clntCbh);
100 
101         SaslServer srv = Sasl.createSaslServer(MECH, PROTOCOL, SERVER_FQDN,
102             srvProps, srvCbh);
103 
104         if (clnt == null) {
105             throw new IllegalStateException(
106                 "Unable to find client impl for " + MECH);
107         }
108         if (srv == null) {
109             throw new IllegalStateException(
110                 "Unable to find server impl for " + MECH);
111         }
112 
113         byte[] response = (clnt.hasInitialResponse()?
114             clnt.evaluateChallenge(EMPTY) : EMPTY);
115         byte[] challenge;
116 
117         while (!clnt.isComplete() || !srv.isComplete()) {
118             challenge = srv.evaluateResponse(response);
119 
120             if (challenge != null) {
121                 response = clnt.evaluateChallenge(challenge);
122             }
123         }
124 
125         if (clnt.isComplete() && srv.isComplete()) {
126             if (verbose) {
127                 System.out.println("SUCCESS");
128                 System.out.println("authzid is " + srv.getAuthorizationID());
129             }
130         } else {
131             throw new IllegalStateException("FAILURE: mismatched state:" +
132                     " client complete? " + clnt.isComplete() +
133                     " server complete? " + srv.isComplete());
134         }
135 
136         /* Use security layer */
137         int count = 0;
138         for (int i = 0; i < clntStrs.length; i++) {
139             byte[] orig = clntdata[i];
140             byte[] wrapped = clnt.wrap(clntdata[i], 0, clntdata[i].length);
141             byte[] unwrapped = srv.unwrap(wrapped, 0, wrapped.length);
142 
143             if (!Arrays.equals(orig, unwrapped)) {
144                 throw new SaslException("Server cannot unwrap client data");
145             }
146 
147             byte[] sorig = srvdata[i];
148             byte[] swrapped = srv.wrap(srvdata[i], 0, srvdata[i].length);
149             byte[] sunwrapped = clnt.unwrap(swrapped, 0, swrapped.length);
150 
151             if (!Arrays.equals(sorig, sunwrapped)) {
152                 throw new SaslException("Client cannot unwrap server data");
153             }
154             ++count;
155         }
156 
157         if (verbose)
158             System.out.println(count + " sets of wrap/unwrap between client/server");
159 
160         clnt.dispose();
161         srv.dispose();
162     }
163 
164     private static final String[] srvStrs = new String[] {
165 "A is the 1st letter",
166 "B is the 2nd letter",
167 "C is the 3rd letter",
168 "D is the 4th letter",
169 "E is the 5th letter",
170 "F is the 6th letter",
171 "G is the 7th letter",
172 "H is the 8th letter",
173 "I is the 9th letter",
174 "J is the 10th letter",
175 "K is the 11th letter",
176 "L is the 12th letter",
177 "M is the 13th letter",
178     };
179 
180     private static final String[] clntStrs = new String[] {
181 "0",
182 "1",
183 "2",
184 "3",
185 "4",
186 "5",
187 "6",
188 "7",
189 "8",
190 "9",
191 "10",
192 "11",
193 "12",
194     };
195 
196     private static void initData() {
197         clntdata = new byte[clntStrs.length][];
198         for (int i = 0; i < clntStrs.length; i++) {
199             clntdata[i] = clntStrs[i].getBytes();
200         }
201 
202         srvdata = new byte[srvStrs.length][];
203         for (int i = 0; i < srvStrs.length; i++) {
204             srvdata[i] = srvStrs[i].getBytes();
205         }
206     }
207 }