예제 #1
0
public class NoKerberos {

  static final List<String> KERBEROS_CIPHER_SUITES =
      Arrays.asList(
          "TLS_KRB5_WITH_RC4_128_SHA",
          "TLS_KRB5_WITH_RC4_128_MD5",
          "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
          "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
          "TLS_KRB5_WITH_DES_CBC_SHA",
          "TLS_KRB5_WITH_DES_CBC_MD5",
          "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
          "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
          "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
          "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5");

  /**
   * Checks that the given array of supported cipher suites does not include any Kerberos cipher
   * suites.
   */
  static void checkNotSupported(String[] supportedSuites) {
    for (String suites : supportedSuites) {
      if (KERBEROS_CIPHER_SUITES.contains(suites)) {
        throw new RuntimeException(
            "Supported list of cipher suites " + " should not include Kerberos cipher suites");
      }
    }
  }

  public static void main(String[] args) throws Exception {
    try {
      Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
      System.out.println("Kerberos is present, nothing to test");
      return;
    } catch (ClassNotFoundException okay) {
    }

    // test SSLSocket
    try (Socket s = SSLSocketFactory.getDefault().createSocket()) {
      SSLSocket sslSocket = (SSLSocket) s;

      checkNotSupported(sslSocket.getSupportedCipherSuites());

      // attempt to enable each of the Kerberos cipher suites
      for (String kcs : KERBEROS_CIPHER_SUITES) {
        String[] suites = {kcs};
        try {
          sslSocket.setEnabledCipherSuites(suites);
          throw new RuntimeException(
              "SSLSocket.setEnabledCipherSuitessuites allowed "
                  + kcs
                  + " but Kerberos not supported");
        } catch (IllegalArgumentException expected) {
        }
      }
    }

    // test SSLServerSocket
    try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {
      SSLServerSocket sslSocket = (SSLServerSocket) ss;

      checkNotSupported(sslSocket.getSupportedCipherSuites());

      // attempt to enable each of the Kerberos cipher suites
      for (String kcs : KERBEROS_CIPHER_SUITES) {
        String[] suites = {kcs};
        try {
          sslSocket.setEnabledCipherSuites(suites);
          throw new RuntimeException(
              "SSLSocket.setEnabledCipherSuitessuites allowed "
                  + kcs
                  + " but Kerberos not supported");
        } catch (IllegalArgumentException expected) {
        }
      }
    }
  }
}
예제 #2
0
  /**
   * Wait for values.
   *
   * @param objmor the object mor
   * @param filterProps the filter props
   * @param endWaitProps the end wait props
   * @param expectedVals the expected vals
   * @return the object[]
   * @throws RemoteException the remote exception
   * @throws Exception the exception
   */
  private static Object[] waitForValues(
      ManagedObjectReference objmor,
      String[] filterProps,
      String[] endWaitProps,
      Object[][] expectedVals)
      throws RemoteException, Exception {
    // version string is initially null
    String version = "";
    Object[] endVals = new Object[endWaitProps.length];
    Object[] filterVals = new Object[filterProps.length];

    PropertyFilterSpec spec = new PropertyFilterSpec();

    spec.getObjectSet().add(new ObjectSpec());

    spec.getObjectSet().get(0).setObj(objmor);

    spec.getPropSet().addAll(Arrays.asList(new PropertySpec[] {new PropertySpec()}));

    spec.getPropSet().get(0).getPathSet().addAll(Arrays.asList(filterProps));

    spec.getPropSet().get(0).setType(objmor.getType());

    spec.getObjectSet().get(0).setSkip(Boolean.FALSE);

    ManagedObjectReference filterSpecRef = vimPort.createFilter(propCollectorRef, spec, true);

    boolean reached = false;

    UpdateSet updateset = null;
    PropertyFilterUpdate[] filtupary = null;
    PropertyFilterUpdate filtup = null;
    ObjectUpdate[] objupary = null;
    ObjectUpdate objup = null;
    PropertyChange[] propchgary = null;
    PropertyChange propchg = null;
    while (!reached) {
      boolean retry = true;
      while (retry) {
        try {
          updateset = vimPort.waitForUpdates(propCollectorRef, version);
          retry = false;
        } catch (SOAPFaultException sfe) {
          printSoapFaultException(sfe);
        } catch (Exception e) {
          e.printStackTrace();
        }
      }
      if (updateset != null) {
        version = updateset.getVersion();
      }
      if (updateset == null || updateset.getFilterSet() == null) {
        continue;
      }
      List<PropertyFilterUpdate> listprfup = updateset.getFilterSet();
      filtupary = listprfup.toArray(new PropertyFilterUpdate[listprfup.size()]);
      filtup = null;
      for (int fi = 0; fi < filtupary.length; fi++) {
        filtup = filtupary[fi];
        List<ObjectUpdate> listobjup = filtup.getObjectSet();
        objupary = listobjup.toArray(new ObjectUpdate[listobjup.size()]);
        objup = null;
        propchgary = null;
        for (int oi = 0; oi < objupary.length; oi++) {
          objup = objupary[oi];
          if (objup.getKind() == ObjectUpdateKind.MODIFY
              || objup.getKind() == ObjectUpdateKind.ENTER
              || objup.getKind() == ObjectUpdateKind.LEAVE) {
            List<PropertyChange> listchset = objup.getChangeSet();
            propchgary = listchset.toArray(new PropertyChange[listchset.size()]);
            for (int ci = 0; ci < propchgary.length; ci++) {
              propchg = propchgary[ci];
              updateValues(endWaitProps, endVals, propchg);
              updateValues(filterProps, filterVals, propchg);
            }
          }
        }
      }
      Object expctdval = null;
      // Check if the expected values have been reached and exit the loop if done.
      // Also exit the WaitForUpdates loop if this is the case.
      for (int chgi = 0; chgi < endVals.length && !reached; chgi++) {
        for (int vali = 0; vali < expectedVals[chgi].length && !reached; vali++) {
          expctdval = expectedVals[chgi][vali];
          reached = expctdval.equals(endVals[chgi]) || reached;
        }
      }
    }

    // Destroy the filter when we are done.
    vimPort.destroyPropertyFilter(filterSpecRef);
    return filterVals;
  }