You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by ai...@apache.org on 2008/07/07 16:44:54 UTC
svn commit: r674510 - in /incubator/qpid/trunk/qpid/java/broker/src:
main/java/org/apache/qpid/server/security/auth/sasl/amqplain/
main/java/org/apache/qpid/server/security/auth/sasl/plain/
test/java/org/apache/qpid/server/security/ test/java/org/apach...
Author: aidan
Date: Mon Jul 7 07:44:54 2008
New Revision: 674510
URL: http://svn.apache.org/viewvc?rev=674510&view=rev
Log:
QPID-474 Make sure that our SASL servers actually, y'know, validate the password
AmqPlainSaslServer.java: Actually check password
PlainSaslServer.java: Actually check password
SaslServerTestCase.java: base test case for testing our SASL impls
AMQPlainSaslServerTest.java: test the AMQPlainSaslServer dealie
PlainSaslServerTest.java: test the PlainSaslServer
TestPrincipalDatabase.java: Mockish TestPrincipalDatabase
Added:
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslServerTestCase.java
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/amqplain/
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/amqplain/AMQPlainSaslServerTest.java
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/
incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerTest.java
Modified:
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainSaslServer.java
incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java
Modified: incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainSaslServer.java
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainSaslServer.java?rev=674510&r1=674509&r2=674510&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainSaslServer.java (original)
+++ incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/amqplain/AmqPlainSaslServer.java Mon Jul 7 07:44:54 2008
@@ -68,12 +68,15 @@
PasswordCallback passwordCb = new PasswordCallback("prompt", false);
// TODO: should not get pwd as a String but as a char array...
String pwd = (String) ft.getString("PASSWORD");
- passwordCb.setPassword(pwd.toCharArray());
AuthorizeCallback authzCb = new AuthorizeCallback(username, username);
Callback[] callbacks = new Callback[]{nameCb, passwordCb, authzCb};
_cbh.handle(callbacks);
- _complete = true;
- if (authzCb.isAuthorized())
+ String storedPwd = new String(passwordCb.getPassword());
+ if (storedPwd.equals(pwd))
+ {
+ _complete = true;
+ }
+ if (authzCb.isAuthorized() && _complete)
{
_authorizationId = authzCb.getAuthenticationID();
return null;
Modified: incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java?rev=674510&r1=674509&r2=674510&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java (original)
+++ incubator/qpid/trunk/qpid/java/broker/src/main/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServer.java Mon Jul 7 07:44:54 2008
@@ -72,17 +72,19 @@
// we do not care about the prompt but it throws if null
NameCallback nameCb = new NameCallback("prompt", authzid);
- // we do not care about the prompt but it throws if null
PasswordCallback passwordCb = new PasswordCallback("prompt", false);
// TODO: should not get pwd as a String but as a char array...
int passwordLen = response.length - authcidNullPosition - 1;
String pwd = new String(response, authcidNullPosition + 1, passwordLen, "utf8");
- passwordCb.setPassword(pwd.toCharArray());
AuthorizeCallback authzCb = new AuthorizeCallback(authzid, authzid);
Callback[] callbacks = new Callback[]{nameCb, passwordCb, authzCb};
_cbh.handle(callbacks);
- _complete = true;
- if (authzCb.isAuthorized())
+ String storedPwd = new String(passwordCb.getPassword());
+ if (storedPwd.equals(pwd))
+ {
+ _complete = true;
+ }
+ if (authzCb.isAuthorized() && _complete)
{
_authorizationId = authzCb.getAuthenticationID();
return null;
Added: incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslServerTestCase.java
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslServerTestCase.java?rev=674510&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslServerTestCase.java (added)
+++ incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslServerTestCase.java Mon Jul 7 07:44:54 2008
@@ -0,0 +1,45 @@
+package org.apache.qpid.server.security.auth.sasl;
+
+import javax.security.sasl.SaslException;
+import javax.security.sasl.SaslServer;
+
+import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+
+import junit.framework.TestCase;
+
+public abstract class SaslServerTestCase extends TestCase
+{
+ protected SaslServer server;
+ protected String username = "u";
+ protected String password = "p";
+ protected String notpassword = "a";
+ protected PrincipalDatabase db = new TestPrincipalDatabase();
+
+ protected byte[] correctresponse;
+ protected byte[] wrongresponse;
+
+ public void testSucessfulAuth() throws SaslException
+ {
+ byte[] resp = this.server.evaluateResponse(correctresponse);
+ assertNull(resp);
+ }
+
+ public void testFailAuth()
+ {
+ boolean exceptionCaught = false;
+ try
+ {
+ byte[] resp = this.server.evaluateResponse(wrongresponse);
+ }
+ catch (SaslException e)
+ {
+ assertEquals("Authentication failed", e.getCause().getMessage());
+ exceptionCaught = true;
+ }
+ if (!exceptionCaught)
+ {
+ fail("Should have thrown SaslException");
+ }
+ }
+
+}
Added: incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java?rev=674510&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java (added)
+++ incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/TestPrincipalDatabase.java Mon Jul 7 07:44:54 2008
@@ -0,0 +1,65 @@
+package org.apache.qpid.server.security.auth.sasl;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.AccountNotFoundException;
+
+import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
+import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
+
+public class TestPrincipalDatabase implements PrincipalDatabase
+{
+
+ public boolean createPrincipal(Principal principal, char[] password)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ public boolean deletePrincipal(Principal principal) throws AccountNotFoundException
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ public Map<String, AuthenticationProviderInitialiser> getMechanisms()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public Principal getUser(String username)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public List<Principal> getUsers()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ public void setPassword(Principal principal, PasswordCallback callback) throws IOException,
+ AccountNotFoundException
+ {
+ callback.setPassword("p".toCharArray());
+ }
+
+ public boolean updatePassword(Principal principal, char[] password) throws AccountNotFoundException
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ public boolean verifyPassword(String principal, char[] password) throws AccountNotFoundException
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
Added: incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/amqplain/AMQPlainSaslServerTest.java
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/amqplain/AMQPlainSaslServerTest.java?rev=674510&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/amqplain/AMQPlainSaslServerTest.java (added)
+++ incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/amqplain/AMQPlainSaslServerTest.java Mon Jul 7 07:44:54 2008
@@ -0,0 +1,43 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.amqplain;
+
+import org.apache.qpid.framing.FieldTable;
+import org.apache.qpid.framing.FieldTableFactory;
+import org.apache.qpid.server.security.auth.sasl.SaslServerTestCase;
+import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser;
+
+public class AMQPlainSaslServerTest extends SaslServerTestCase
+{
+ protected void setUp() throws Exception
+ {
+ UsernamePasswordInitialiser handler = new AmqPlainInitialiser();
+ handler.initialise(db);
+ this.server = new AmqPlainSaslServer(handler.getCallbackHandler());
+ FieldTable table = FieldTableFactory.newFieldTable();
+ table.setString("LOGIN", username);
+ table.setString("PASSWORD", password);
+ correctresponse = table.getDataAsBytes();
+ table.setString("PASSWORD", notpassword);
+ wrongresponse = table.getDataAsBytes();
+ }
+}
Added: incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerTest.java
URL: http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerTest.java?rev=674510&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerTest.java (added)
+++ incubator/qpid/trunk/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainSaslServerTest.java Mon Jul 7 07:44:54 2008
@@ -0,0 +1,39 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.plain;
+
+import org.apache.qpid.server.security.auth.sasl.SaslServerTestCase;
+import org.apache.qpid.server.security.auth.sasl.UsernamePasswordInitialiser;
+
+public class PlainSaslServerTest extends SaslServerTestCase
+{
+
+ protected void setUp() throws Exception
+ {
+ UsernamePasswordInitialiser handler = new PlainInitialiser();
+ handler.initialise(db);
+ this.server = new PlainSaslServer(handler.getCallbackHandler());
+ correctresponse = new byte[]{0x0, (byte) username.charAt(0), 0x0, (byte) password.charAt(0)};
+ wrongresponse = new byte[]{0x0,(byte) username.charAt(0), 0x0, (byte) notpassword.charAt(0)};
+ }
+
+}