public class NoKerberos {
static final List<String> KERBEROS_CIPHER_SUITES =
Arrays.asList(
"TLS_KRB5_WITH_RC4_128_SHA",
"TLS_KRB5_WITH_RC4_128_MD5",
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
"TLS_KRB5_WITH_DES_CBC_SHA",
"TLS_KRB5_WITH_DES_CBC_MD5",
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5");
/**
* Checks that the given array of supported cipher suites does not include any Kerberos cipher
* suites.
*/
static void checkNotSupported(String[] supportedSuites) {
for (String suites : supportedSuites) {
if (KERBEROS_CIPHER_SUITES.contains(suites)) {
throw new RuntimeException(
"Supported list of cipher suites " + " should not include Kerberos cipher suites");
}
}
}
public static void main(String[] args) throws Exception {
try {
Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
System.out.println("Kerberos is present, nothing to test");
return;
} catch (ClassNotFoundException okay) {
}
// test SSLSocket
try (Socket s = SSLSocketFactory.getDefault().createSocket()) {
SSLSocket sslSocket = (SSLSocket) s;
checkNotSupported(sslSocket.getSupportedCipherSuites());
// attempt to enable each of the Kerberos cipher suites
for (String kcs : KERBEROS_CIPHER_SUITES) {
String[] suites = {kcs};
try {
sslSocket.setEnabledCipherSuites(suites);
throw new RuntimeException(
"SSLSocket.setEnabledCipherSuitessuites allowed "
+ kcs
+ " but Kerberos not supported");
} catch (IllegalArgumentException expected) {
}
}
}
// test SSLServerSocket
try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {
SSLServerSocket sslSocket = (SSLServerSocket) ss;
checkNotSupported(sslSocket.getSupportedCipherSuites());
// attempt to enable each of the Kerberos cipher suites
for (String kcs : KERBEROS_CIPHER_SUITES) {
String[] suites = {kcs};
try {
sslSocket.setEnabledCipherSuites(suites);
throw new RuntimeException(
"SSLSocket.setEnabledCipherSuitessuites allowed "
+ kcs
+ " but Kerberos not supported");
} catch (IllegalArgumentException expected) {
}
}
}
}
}
/**
* Wait for values.
*
* @param objmor the object mor
* @param filterProps the filter props
* @param endWaitProps the end wait props
* @param expectedVals the expected vals
* @return the object[]
* @throws RemoteException the remote exception
* @throws Exception the exception
*/
private static Object[] waitForValues(
ManagedObjectReference objmor,
String[] filterProps,
String[] endWaitProps,
Object[][] expectedVals)
throws RemoteException, Exception {
// version string is initially null
String version = "";
Object[] endVals = new Object[endWaitProps.length];
Object[] filterVals = new Object[filterProps.length];
PropertyFilterSpec spec = new PropertyFilterSpec();
spec.getObjectSet().add(new ObjectSpec());
spec.getObjectSet().get(0).setObj(objmor);
spec.getPropSet().addAll(Arrays.asList(new PropertySpec[] {new PropertySpec()}));
spec.getPropSet().get(0).getPathSet().addAll(Arrays.asList(filterProps));
spec.getPropSet().get(0).setType(objmor.getType());
spec.getObjectSet().get(0).setSkip(Boolean.FALSE);
ManagedObjectReference filterSpecRef = vimPort.createFilter(propCollectorRef, spec, true);
boolean reached = false;
UpdateSet updateset = null;
PropertyFilterUpdate[] filtupary = null;
PropertyFilterUpdate filtup = null;
ObjectUpdate[] objupary = null;
ObjectUpdate objup = null;
PropertyChange[] propchgary = null;
PropertyChange propchg = null;
while (!reached) {
boolean retry = true;
while (retry) {
try {
updateset = vimPort.waitForUpdates(propCollectorRef, version);
retry = false;
} catch (SOAPFaultException sfe) {
printSoapFaultException(sfe);
} catch (Exception e) {
e.printStackTrace();
}
}
if (updateset != null) {
version = updateset.getVersion();
}
if (updateset == null || updateset.getFilterSet() == null) {
continue;
}
List<PropertyFilterUpdate> listprfup = updateset.getFilterSet();
filtupary = listprfup.toArray(new PropertyFilterUpdate[listprfup.size()]);
filtup = null;
for (int fi = 0; fi < filtupary.length; fi++) {
filtup = filtupary[fi];
List<ObjectUpdate> listobjup = filtup.getObjectSet();
objupary = listobjup.toArray(new ObjectUpdate[listobjup.size()]);
objup = null;
propchgary = null;
for (int oi = 0; oi < objupary.length; oi++) {
objup = objupary[oi];
if (objup.getKind() == ObjectUpdateKind.MODIFY
|| objup.getKind() == ObjectUpdateKind.ENTER
|| objup.getKind() == ObjectUpdateKind.LEAVE) {
List<PropertyChange> listchset = objup.getChangeSet();
propchgary = listchset.toArray(new PropertyChange[listchset.size()]);
for (int ci = 0; ci < propchgary.length; ci++) {
propchg = propchgary[ci];
updateValues(endWaitProps, endVals, propchg);
updateValues(filterProps, filterVals, propchg);
}
}
}
}
Object expctdval = null;
// Check if the expected values have been reached and exit the loop if done.
// Also exit the WaitForUpdates loop if this is the case.
for (int chgi = 0; chgi < endVals.length && !reached; chgi++) {
for (int vali = 0; vali < expectedVals[chgi].length && !reached; vali++) {
expctdval = expectedVals[chgi][vali];
reached = expctdval.equals(endVals[chgi]) || reached;
}
}
}
// Destroy the filter when we are done.
vimPort.destroyPropertyFilter(filterSpecRef);
return filterVals;
}