Bug 1172492 - LoginException thrown by security tests on IPv6 with OpenJDK6
Summary: LoginException thrown by security tests on IPv6 with OpenJDK6
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Testsuite
Version: 6.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Josef Cacek
QA Contact: Petr Kremensky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-10 08:11 UTC by Petr Kremensky
Modified: 2015-01-12 09:45 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-01-12 09:45:25 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1011056 0 unspecified CLOSED Fail of AdvancedLdapLoginModuleTestCase on IPV6 due to Server not found in Kerberos database 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1033128 0 unspecified CLOSED org.jboss.as.test.integration.security.loginmodules.negotiation tests and SAML2AttributeMappingTestCase fail due to "jav... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1143931 0 unspecified CLOSED [QE] (6.4.0) SAML2KerberosAuthenticationTestCase fails on RHEL7 w/ OpenJDK6 2021-02-22 00:41:40 UTC

Internal Links: 1011056 1033128 1143931

Description Petr Kremensky 2014-12-10 08:11:41 UTC 
Description of problem:
Some security tests fails on IPv6+OpenJDK6 combination with:
javax.security.auth.login.LoginException: [2620
	at java.net.InetAddress.getAllByName(InetAddress.java:1119)

Version-Release number of selected component (if applicable):
 EAP 6.4.0.DR12 (these would fail also in previous relesaes, but were hidden by issues like BZ1011056)

How reproducible:
 IPv6 + OpenJDK6

List of tests failing on OpenJDK6 w/ IPv6 due to 'javax.security.auth.login.LoginException: [2620'

org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test1
org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test2
org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test3
org.jboss.as.test.integration.security.loginmodules.negotiation.AdvancedLdapLoginModuleTestCase.test4
org.jboss.as.test.integration.security.picketlink.SAML2AttributeMappingTestCase.testPassUserPrincipalToAttributeManager
org.jboss.as.test.integration.security.picketlink.SAML2KerberosAuthenticationTestCase.testJDukeRoles
org.jboss.as.test.integration.security.picketlink.SAML2KerberosAuthenticationTestCase.testJDukePrincipal
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testForHostAsteriskKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testNotSuitableKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testWrongPrincipalKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testWrongRealmKeyTab
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testDoNotRemoveKerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testRemoveKerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInWrong1KerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInWrong2KerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInWrong3KerberosRealm
org.jboss.as.test.manualmode.security.realms.KerberosHttpInterfaceTestCase.testFallBackInKerberosRealm

See 
https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/eap-6x-as-testsuite-IPv6-rhel/26/RELEASE=6.4.0,jdk=openjdk1.6_local,label_exp=linux-pure-ipv6/testReport/
Comment 1 Tomas Hofman 2015-01-06 11:33:14 UTC 
Looks like a bug in OpenJDK 1.6. 

KDC address in krb5 configuration file is parsed incorrectly - it presumes that address part after ':' character is a port number and therefore only the first segment of given IPv6 address is taken as a host address, which throws UnknownHostException during login attempt.

Problem seems to be in sun.security.krb5.KrbKdcReq#send(String, String, boolean):

        StringTokenizer strTok = new StringTokenizer(tempKdc, ":"); // tempKdc = "[2001::1]:6088"
        String kdc = strTok.nextToken();
        if (strTok.hasMoreTokens()) {
            String portStr = strTok.nextToken();
            int tempPort = parsePositiveIntString(portStr);
            if (tempPort > 0)
                port = tempPort;
        }
Note You need to log in before you can comment on or make changes to this bug.