Examples of javax.security.auth.kerberos.DelegationPermission

• javax.security.auth.kerberos.DelegationPermission
  This class is used to restrict the usage of the Kerberos delegation model, ie: forwardable and proxiable tickets.

  The target name of this {@code Permission} specifies a pair ofkerberos service principals. The first is the subordinate service principal being entrusted to use the TGT. The second service principal designates the target service the subordinate service principal is to interact with on behalf of the initiating KerberosPrincipal. This latter service principal is specified to restrict the use of a proxiable ticket.

  For example, to specify the "host" service use of a forwardable TGT the target permission is specified as follows:

   DelegationPermission("\"host/foo.example.com@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\""); 

  To give the "backup" service a proxiable nfs service ticket the target permission might be specified:

   DelegationPermission("\"backup/bar.example.com@EXAMPLE.COM\" \"nfs/home.EXAMPLE.COM@EXAMPLE.COM\""); 

  @since 1.4

 */
public class KrbDelegationPermissionCollectionTest extends SerializationTest {

    @Override
    protected Object[] getData() {
        Permission p1 = new DelegationPermission("\"AAA\" \"BBB\"", "action");
        Permission p2 = new DelegationPermission("\"AAA\" \"CCC\"");
        Permission p3 = new DelegationPermission("\"BBB\" \"CCC\"");
        PermissionCollection pc1 = p1.newPermissionCollection();
        PermissionCollection pc2 = p1.newPermissionCollection();
        pc2.add(p3);
        PermissionCollection pc3 = p1.newPermissionCollection();
        pc3.add(p1);

public class DelegationPermissionTest extends SerializationTest {

    @Override
    protected Object[] getData() {
        return new Object[] {
                new DelegationPermission("\"AAA\" \"BBB\"", "action"),
                new DelegationPermission("\"AAA\" \"CCC\"") };
    }

    /**
     * testing of a incorrect ctor
     */
    public void testFailCtor() {
        try {
            new DelegationPermission(null);
            fail("no expected NPE");
        } catch(NullPointerException e){
        }
        try {
            new DelegationPermission("");
            fail("no expected IAE");
        } catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\"aaa.bbb.com\" ccc.ddd.com");
            fail("Target name must be enveloped by quotes");
        } catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\"aaa.bbb.com\" ccc.ddd.com\"");
            fail("Target name must be enveloped by quotes");
        } catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\"aaa.bbb.com\" \"ccc.ddd.com");
            fail("Target name must be enveloped by quotes");
        } catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\" \" \" \"");
            //TODO: fail("Target name is empty");
        }catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\"\"");
            fail("Target name is incorrect");
        } catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\"aaa.bbb.com\" \"\"");
            fail("service principal is empty");
        } catch(IllegalArgumentException e){
        }
        try {
            new DelegationPermission("\"\" \"aaa.bbb.com\"");
            fail("subordinate service principal is empty");
        } catch(IllegalArgumentException e){
        }

    }

    }

    public void testFailCtor_2() {
        try {
            new DelegationPermission("\"AAA\"");
            fail("target name should be specifies a pair of kerberos service principals");
        } catch (IllegalArgumentException e) {
        }
    }

    }

    // testing of the equals method
    @SuppressWarnings("serial")
    public void testEquals() {
        DelegationPermission dp1 = new DelegationPermission("\"AAA\" \"BBB\"");
        DelegationPermission dp2 = new DelegationPermission("\"AAA\" \"BBB\"");

        assertTrue(dp1.equals(dp1));
        assertFalse(dp1.equals(new DelegationPermission("\"aaa\" \"bbb\"")));
        assertTrue(dp2.equals(dp1));
        assertTrue(dp1.equals(dp2));
        assertTrue(dp1.hashCode() == dp2.hashCode());
        assertFalse(dp1.equals(new BasicPermission("\"AAA\""){}));
    }

        assertTrue(dp1.hashCode() == dp2.hashCode());
        assertFalse(dp1.equals(new BasicPermission("\"AAA\""){}));
    }
    // testing of the implies method
    public void testImplies() {
        DelegationPermission dp1 = new DelegationPermission("\"AAA\" \"BBB\"");
        DelegationPermission dp2 = new DelegationPermission("\"BBB\" \"AAA\"");
        assertFalse(dp1.implies(dp2));
        assertFalse(dp2.implies(dp1));
        assertTrue(dp1.implies(dp1));
        assertFalse(dp1.implies(new ServicePermission("aaa", "accept")));
        assertFalse(dp1.implies(null));
    }

    // testing of the KrbDelegationPermissionCollection


    // testing of the add collection method
    public void testAddCollection()   {
        DelegationPermission dp = new DelegationPermission("\"AAA\" \"BBB\"");
        PermissionCollection pc1 = dp.newPermissionCollection();
        PermissionCollection pc2 = dp.newPermissionCollection();
        assertNotSame(pc1, pc2);
        pc1.add(new DelegationPermission("\"BBB\" \"AAA\""));
        try {
            pc1.add(new SecurityPermission("aaa"));
            fail("should not add non DelegationPermission");
        } catch (IllegalArgumentException e){
        }
    try {
        pc1.add(null);
        fail("permission is null");
    } catch (IllegalArgumentException e) {
    }
        pc1.setReadOnly();
    try {
      pc1.add(new DelegationPermission("\"CCC\" \"AAA\""));
      fail("read-only flag is ignored");
    } catch (SecurityException e) {
    }
    }

    }

    public void testImpliesCollection(){

        Permission ap = new AllPermission();
        Permission p = new DelegationPermission("\"AAA\" \"BBB\"");
        PermissionCollection pc = p.newPermissionCollection();
        assertFalse(pc.implies(ap));
        assertFalse(pc.implies(p));
        pc.add(p);
        assertTrue(pc.implies(p));
        assertFalse(pc.implies(null));
        DelegationPermission dp1 = new DelegationPermission("\"AAA\" \"BBB\"");
        assertTrue(dp1.implies(dp1));
        DelegationPermission dp2 = new DelegationPermission("\"BBB\" \"AAA\"");
        assertFalse(dp1.implies(dp2));
        assertFalse(dp1.implies(null));
        assertFalse(dp1.implies(new ServicePermission("aaa", "accept")));
    }

        assertFalse(dp1.implies(null));
        assertFalse(dp1.implies(new ServicePermission("aaa", "accept")));
    }

  public void testElements() throws Exception {
        Permission p = new DelegationPermission("\"AAA\" \"BBB\"");
        PermissionCollection pc = p.newPermissionCollection();
        try {
            pc.elements().nextElement();
            fail("expected NoSuchElementException");
        } catch (NoSuchElementException e) {
        }
        Enumeration<Permission> en = pc.elements();
        assertNotNull(en);
        assertFalse(en.hasMoreElements());
        Permission sp1 = new DelegationPermission("\"DDD\" \"BBB\"");
        Permission sp2 = new DelegationPermission("\"CCC\" \"BBB\"");
        pc.add(sp1);
        en = pc.elements();
        assertTrue(en.hasMoreElements());
        assertTrue(sp1.equals(en.nextElement()));
        assertFalse(en.hasMoreElements());

        assertFalse(sp.equals(sp1));
        assertFalse(sp.hashCode() == sp1.hashCode());
        assertFalse(sp.equals(sp2));
        assertFalse(sp1.equals(sp2));
        assertTrue(sp2.equals(sp2));
        assertFalse(sp.equals(new DelegationPermission("\"AAA\" \"BBB\"", "action")));
        assertFalse(sp.equals(null));
    }