[9] RFR: 8075007: Additional tests for krb5-related cipher suites with unbound server

Weijun Wang weijun.wang at oracle.com
Mon Apr 27 12:51:24 UTC 2015


Looks fine.

Thanks
Max

On 4/23/2015 6:31 PM, Artem Smotrakov wrote:
> Agree.
>
> Please see an updated webrev:
>
> http://cr.openjdk.java.net/~asmotrak/8075007/webrev.02/
>
> Artem
>
> On 04/23/2015 11:18 AM, Weijun Wang wrote:
>> One question:
>>
>> As for the 3 boolean flags you added to KDC.java (BTW, maybe
>> "consumer"?), is it possible to wait for them to be true right at the
>> end of the startServer() method? I believe all the current tests can
>> actually benefit from this.
>>
>> --Max
>>
>> On 4/23/2015 2:30 PM, Artem Smotrakov wrote:
>>> Hi Max,
>>>
>>> On 04/22/2015 05:51 PM, Weijun Wang wrote:
>>>> Hi Artem
>>>>
>>>> These are splendid tests. So do they just all pass? :-)
>>> Yes, fortunately they do :)
>>>>
>>>> One question, does the policy file make any difference in
>>>> UnboundSSLMultipleKeys.java and UnboundSSLPrincipalProperty.java?
>>> No, these two don't requite the policy file. But they still need to be
>>> run in othervm mode since they use system properties. I updated these
>>> two tests not to use the policy file
>>>
>>> http://cr.openjdk.java.net/~asmotrak/8075007/webrev.01/
>>>
>>> Artem
>>>>
>>>> Thanks
>>>> Max
>>>>
>>>> On 4/21/2015 10:41 PM, Artem Smotrakov wrote:
>>>>> Hello,
>>>>>
>>>>> Please review a couple of new tests for krb5 cipher suites with
>>>>> unbound
>>>>> server:
>>>>> - tests check if an unbound server can handle connections only for
>>>>> allowed service principals
>>>>> - tests check if an unbound server picks up a correct key from keytab
>>>>> - tests check if an unbound server uses a service principal from
>>>>> "sun.security.krb5.principal" system property if specified
>>>>>
>>>>> I also added a helper method to KDC.java to check that a KDC
>>>>> instance is
>>>>> up.
>>>>>
>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8075007
>>>>> Webrev: http://cr.openjdk.java.net/~asmotrak/8075007/webrev.00/
>>>>>
>>>>> Artem
>>>
>


More information about the security-dev mailing list