#! /usr/bin/bash # ATTENTION: # # Please read spnegoReadme first to setup the testing # environment needed # the following ENV should be adjusted to match your environment WWW_REALM=JSL.BEIJING WWW_KDC=jsl-bjlab1.jsl.beijing WWW_URL=http://jsl-bjlab1.jsl.beijing/1.txt PROXY_REALM=JSLDUBLIN.IRELAND.SUN.COM PROXY_KDC=anchor.jsldublin.ireland.sun.com PROXY_URL=http://sceri.prc.sun.com/~ww155710/1.txt PROXY_PARA="-Dhttp.proxyHost=anchor.jsldublin.ireland.sun.com -Dhttp.proxyPort=8080" GOOD_PASS='-Duser=olala -Dpass=1q2w#E$R' GOOD_KPASS='-Dkuser=olala -Dkpass=1q2w#E$R' BAD_PASS='-Duser=olala -Dpass=false' BAD_KPASS='-Dkuser=olala -Dkpass=false' WWW_TAB=www.tab PROXY_TAB=proxy.tab TAB_PATH=/tmp/krb5cc_156710 FILE_CONTENT=content_of_web_file # these ENV determines how much to show in terminal. don't edit EXTRA_LOG="-Djava.util.logging.config.file=spnegoLog.properties -Dshowhint" ANY_EXCEPTION='Exception' IO_EXCEPTION='java.io.IOException' PROTO_EXCEPTION='java.net.ProtocolException' HEADER_200='HTTP/1.1 200' # a java run function runonce { echo Testing $AUTH_TYPE-$TEST_NAME ... java -Djava.security.krb5.realm=$USE_REALM \ -Djava.security.krb5.kdc=$USE_KDC \ -Djava.security.auth.login.config=spnegoLogin.conf \ -Dhttp.maxRedirects=2 \ $AUTH_PREF \ $EXTRA_PARA \ $EXTRA_LOG \ $USER_PASS \ $KUSER_PASS \ WebGet $USE_URL 2> err.log > out.log if [ "$HAS_CACHE" = true ]; then grep -i 'PROVIDING Kerberos' out.log && exit $LINENO else grep -i 'PROVIDING Kerberos' out.log > /dev/null || echo '....has not query Kerberos user/pass' fi } function testsuite { # normal runs USER_PASS=$GOOD_PASS KUSER_PASS=$GOOD_KPASS TEST_NAME=Authenticate AUTH_PREF= runonce grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO TEST_NAME="Authenticate with Negotiate" AUTH_PREF=-Dhttp.auth.preference=Negotiate runonce # first 40X and ask for authen i author-neg and 200 and success grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO TEST_NAME="Authenticate with Kerberos" AUTH_PREF=-Dhttp.auth.preference=Kerberos runonce # first 40X and ask for authen i author-neg and 200 and success grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null || exit $LINENO grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO TEST_NAME="Authenticate with Basic" AUTH_PREF=-Dhttp.auth.preference=Basic runonce # first 40X and ask for authen i author-basic and 200 and success grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO if [ "$HAS_CACHE" = true ]; then echo 'Skip bad kpass test if HAS_CACHE is true' else # bad kpass should fallback to basic TEST_NAME="Authenticate fallback" KUSER_PASS=$BAD_KPASS AUTH_PREF= runonce # first 40X and ask for authen i cannot author-neg but can author-basic and 200 and success grep -i "$FILE_CONTENT" out.log > /dev/null || exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_RESPONSE" err.log > /dev/null || exit $LINENO grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO grep -i "$HEADER_200" err.log > /dev/null || exit $LINENO grep -i "$ANY_EXCEPTION" err.log > /dev/null && exit $LINENO # auth.pref given, does not fallback TEST_NAME="Authenticate no fallback" KUSER_PASS=$BAD_KPASS AUTH_PREF=-Dhttp.auth.preference=Negotiate runonce # will fail # first 40X and ask for authen i cannot author-neg and fail with IO_EXCEPTION grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_ANY_REQUEST" err.log > /dev/null && exit $LINENO grep -i "$IO_EXCEPTION" err.log > /dev/null || exit $LINENO # bad kpass fallback to basic, but bad pass TEST_NAME="Authenticate fallback but still cannot go on" KUSER_PASS=$BAD_KPASS USER_PASS=$BAD_PASS AUTH_PREF= runonce # will fail # first 40X and ask for authen i cannot author-neg and author-basic again and again and fail with PROTO_EXCEPTION grep -i "$FILE_CONTENT" out.log > /dev/null && exit $LINENO grep -i "$HEADER_40X" err.log > /dev/null || exit $LINENO grep -i "$AUTH_NEG_REQUEST" err.log > /dev/null && exit $LINENO grep -i "$AUTH_BASIC_REQUEST" err.log > /dev/null || exit $LINENO grep -i "$PROTO_EXCEPTION" err.log > /dev/null || exit $LINENO fi } function testWWW { # WWW Part AUTH_TYPE=WWW USE_REALM=$WWW_REALM USE_KDC=$WWW_KDC USE_URL=$WWW_URL EXTRA_PARA= HEADER_40X='HTTP/1.1 401' AUTH_RESPONSE='WWW-Authenticate:' AUTH_NEG_REQUEST='{Authorization: Negotiate' AUTH_BASIC_REQUEST='{Authorization: Basic' AUTH_ANY_REQUEST='{Authorization:' testsuite echo Pass WWW } function testProxy { # Proxy Part AUTH_TYPE=Proxy USE_REALM=$PROXY_REALM USE_KDC=$PROXY_KDC USE_URL=$PROXY_URL EXTRA_PARA=$PROXY_PARA HEADER_40X='HTTP/1.1 407' AUTH_RESPONSE='Proxy-Authenticate:' AUTH_NEG_REQUEST='{Proxy-Authorization: Negotiate' AUTH_BASIC_REQUEST='{Proxy-Authorization: Basic' AUTH_ANY_REQUEST='{Proxy-Authorization:' testsuite echo Pass Proxy } HAS_CACHE='false' kdestroy testWWW testProxy HAS_CACHE='true' #kinit for WWW_REALM cp $WWW_TAB $TAB_PATH testWWW #kinit for PRXY_REALM cp $PROXY_TAB $TAB_PATH testProxy kdestroy rm err.log rm out.log exit 0