You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kl...@apache.org on 2016/03/15 21:14:32 UTC
[1/3] incubator-geode git commit: Repackage security test code and
resources
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-949-2 80757d98d -> 67dc693bb
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-ldap.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-ldap.xml
new file mode 100644
index 0000000..cc6383d
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-ldap.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "/Users/klund/dev/gemfire/open/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/templates/authz5_5.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire3</user>
+ <user>gemfire4</user>
+ <user>gemfire5</user>
+ </role>
+
+ <role name="writer">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire6</user>
+ <user>gemfire7</user>
+ <user>gemfire8</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>gemfire9</user>
+ <user>gemfire10</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire1.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire1.keystore
new file mode 100644
index 0000000..15270bb
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire1.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire10.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire10.keystore
new file mode 100644
index 0000000..bb6f827
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire10.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire11.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire11.keystore
new file mode 100644
index 0000000..6839c74
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire11.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire2.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire2.keystore
new file mode 100644
index 0000000..fcb7ab8
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire2.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire3.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire3.keystore
new file mode 100644
index 0000000..19afc4b
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire3.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire4.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire4.keystore
new file mode 100644
index 0000000..c65916a
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire4.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire5.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire5.keystore
new file mode 100644
index 0000000..d738cca
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire5.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire6.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire6.keystore
new file mode 100644
index 0000000..1fea2d3
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire6.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire7.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire7.keystore
new file mode 100644
index 0000000..7a3187c
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire7.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire8.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire8.keystore
new file mode 100644
index 0000000..a3bb886
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire8.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire9.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire9.keystore
new file mode 100644
index 0000000..674b4e6
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/gemfire9.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire1.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire1.keystore
new file mode 100644
index 0000000..4f9120c
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire1.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire10.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire10.keystore
new file mode 100644
index 0000000..0bd97d7
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire10.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire11.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire11.keystore
new file mode 100644
index 0000000..62ae3c7
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire11.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire2.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire2.keystore
new file mode 100644
index 0000000..c65bc81
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire2.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire3.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire3.keystore
new file mode 100644
index 0000000..b0796e0
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire3.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire4.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire4.keystore
new file mode 100644
index 0000000..9c94018
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire4.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire5.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire5.keystore
new file mode 100644
index 0000000..33f6937
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire5.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire6.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire6.keystore
new file mode 100644
index 0000000..568f674
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire6.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire7.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire7.keystore
new file mode 100644
index 0000000..80e2d80
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire7.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire8.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire8.keystore
new file mode 100644
index 0000000..a15def5
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire8.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire9.keystore b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire9.keystore
new file mode 100644
index 0000000..72087f3
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/gemfire9.keystore differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/publickeyfile b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/publickeyfile
new file mode 100644
index 0000000..1b13872
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/ibm/publickeyfile differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/publickeyfile b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/publickeyfile
new file mode 100644
index 0000000..9c2daa3
Binary files /dev/null and b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/keys/publickeyfile differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd
new file mode 100644
index 0000000..81a8150
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz5_5.dtd
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+
+This is the XML DTD for the GemFire sample XML based authorization callback
+in templates.security.XmlAuthorization.
+
+All XMLs must include a DOCTYPE of the following form:
+
+ <!DOCTYPE acl PUBLIC
+ "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "http://www.gemstone.com/dtd/authz5_5.dtd">
+
+The contents of a declarative XML file correspond to APIs found in the
+
+ com.gemstone.gemfire.security.AccessControl
+
+package. The sample implementation may be used to specify access control
+policies.
+
+-->
+
+<!--
+
+The following conventions apply to all GemFire sample authorization
+XML file elements unless indicated otherwise.
+
+- In elements that contain PCDATA, leading and trailing whitespace in
+ the data may be ignored.
+
+- In elements whose value is an "enumerated type", the value is case
+ sensitive.
+
+-->
+
+
+<!--
+The "acl" element is the root element of the authorization file.
+This element contains the role to user mappings and role to permissions
+mapping on a per region per operation basis.
+-->
+
+<!ELEMENT acl (role+,permission+)>
+
+<!--
+The "role" element contains the set of users that have the permissions of
+given role. A user can be present in more than one "role" elements in
+which case the union of the permissions to all those roles determines
+the full set of permissions to be given to the user.
+-->
+
+<!ELEMENT role (user*)>
+<!ATTLIST role
+ name CDATA #REQUIRED
+>
+
+<!--
+The "user" element is contained within the "role" element and contains
+the name of a user having the permissions of that role.
+-->
+
+<!ELEMENT user (#PCDATA)>
+
+<!--
+The "permission" element specifies the list of operations that are allowed
+for a particular role in the given regions as provided in the optional
+"regions" attribute. The value of "regions" attribute should be a comma
+separated list of region names for which permissions are to be provided.
+If no "regions" attribute is provided then those permissions are provided
+for all the other regions (i.e. other than those that have been explicitly
+specified). Permissions for cache level operations REGION_DESTROY,
+REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
+attribute. If cache-level permission is not provided for QUERY or CQ operations
+then the permission for all the region names in the query string is checked.
+-->
+
+<!ELEMENT permission (operation*)>
+<!ATTLIST permission
+ role CDATA #REQUIRED
+ regions CDATA #IMPLIED
+>
+
+
+<!--
+The operation should be one of the following strings:
+ GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
+ CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
+ REGION_CREATE, REGION_DESTROY
+-->
+<!ELEMENT operation (#PCDATA)>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd
new file mode 100755
index 0000000..06cceff
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/templates/authz6_0.dtd
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<!--
+
+This is the XML DTD for the GemFire sample XML based authorization callback
+in templates.security.XmlAuthorization.
+
+All XMLs must include a DOCTYPE of the following form:
+
+ <!DOCTYPE acl PUBLIC
+ "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "http://www.gemstone.com/dtd/authz5_5.dtd">
+
+The contents of a declarative XML file correspond to APIs found in the
+
+ com.gemstone.gemfire.security.AccessControl
+
+package. The sample implementation may be used to specify access control
+policies.
+
+-->
+
+<!--
+
+The following conventions apply to all GemFire sample authorization
+XML file elements unless indicated otherwise.
+
+- In elements that contain PCDATA, leading and trailing whitespace in
+ the data may be ignored.
+
+- In elements whose value is an "enumerated type", the value is case
+ sensitive.
+
+-->
+
+
+<!--
+The "acl" element is the root element of the authorization file.
+This element contains the role to user mappings and role to permissions
+mapping on a per region per operation basis.
+-->
+
+<!ELEMENT acl (role+,permission+)>
+
+<!--
+The "role" element contains the set of users that have the permissions of
+given role. A user can be present in more than one "role" elements in
+which case the union of the permissions to all those roles determines
+the full set of permissions to be given to the user.
+-->
+
+<!ELEMENT role (user*)>
+<!ATTLIST role
+ name CDATA #REQUIRED
+>
+
+<!--
+The "user" element is contained within the "role" element and contains
+the name of a user having the permissions of that role.
+-->
+
+<!ELEMENT user (#PCDATA)>
+
+<!--
+The "permission" element specifies the list of operations that are allowed
+for a particular role in the given regions as provided in the optional
+"regions" attribute. The value of "regions" attribute should be a comma
+separated list of region names for which permissions are to be provided.
+If no "regions" attribute is provided then those permissions are provided
+for all the other regions (i.e. other than those that have been explicitly
+specified). Permissions for cache level operations REGION_DESTROY,
+REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
+attribute. If cache-level permission is not provided for QUERY or CQ operations
+then the permission for all the region names in the query string is checked.
+-->
+
+<!ELEMENT permission (operation*)>
+<!ATTLIST permission
+ role CDATA #REQUIRED
+ regions CDATA #IMPLIED
+>
+
+
+<!--
+The operation should be one of the following strings:
+ GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
+ CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
+ REGION_CREATE, REGION_DESTROY
+-->
+<!ELEMENT operation (#PCDATA)>
+<!ATTLIST operation
+ functionIds CDATA #IMPLIED
+ optimizeForWrite CDATA #IMPLIED
+ keySet CDATA #IMPLIED
+>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/authz-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/authz-dummy.xml b/geode-core/src/test/resources/lib/authz-dummy.xml
deleted file mode 100644
index 7f73808..0000000
--- a/geode-core/src/test/resources/lib/authz-dummy.xml
+++ /dev/null
@@ -1,126 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "authz6_0.dtd" >
-<acl>
-
- <role name="reader">
- <user>reader0</user>
- <user>reader1</user>
- <user>reader2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="writer">
- <user>writer0</user>
- <user>writer1</user>
- <user>writer2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="cacheOps">
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="queryRegions">
- <user>reader3</user>
- <user>reader4</user>
- </role>
-
- <role name="registerInterest">
- <user>reader5</user>
- <user>reader6</user>
- </role>
-
- <role name="unregisterInterest">
- <user>reader5</user>
- <user>reader7</user>
- </role>
-
- <role name="onRegionFunctionExecutor">
- <user>reader8</user>
- </role>
-
- <role name="onServerFunctionExecutor">
- <user>reader9</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- <operation>REGION_CREATE</operation>
- <operation>REGION_DESTROY</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="onRegionFunctionExecutor" regions="secureRegion,Positions">
- <operation>PUT</operation>
- <operation functionIds="SecureFunction,OptimizationFunction" optimizeForWrite="false" keySet="KEY-0,KEY-1">EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="onServerFunctionExecutor" >
- <operation>PUT</operation>
- <operation functionIds="SecureFunction,OptimizationFunction">EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="registerInterest">
- <operation>REGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
- <permission role="unregisterInterest">
- <operation>UNREGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/authz-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/authz-ldap.xml b/geode-core/src/test/resources/lib/authz-ldap.xml
deleted file mode 100644
index e63c23b..0000000
--- a/geode-core/src/test/resources/lib/authz-ldap.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "authz5_5.dtd" >
-<acl>
-
- <role name="reader">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire3</user>
- <user>gemfire4</user>
- <user>gemfire5</user>
- </role>
-
- <role name="writer">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire6</user>
- <user>gemfire7</user>
- <user>gemfire8</user>
- </role>
-
- <role name="cacheOps">
- <user>gemfire1</user>
- <user>gemfire2</user>
- </role>
-
- <role name="queryRegions">
- <user>gemfire9</user>
- <user>gemfire10</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- <operation>REGION_CREATE</operation>
- <operation>REGION_DESTROY</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/authz-multiUser-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/authz-multiUser-dummy.xml b/geode-core/src/test/resources/lib/authz-multiUser-dummy.xml
deleted file mode 100644
index 0f3bbab..0000000
--- a/geode-core/src/test/resources/lib/authz-multiUser-dummy.xml
+++ /dev/null
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "authz6_0.dtd" >
-<acl>
-
- <role name="reader">
- <user>user1</user>
- <user>user2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="writer">
- <user>user3</user>
- <user>user4</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="cacheOps">
- <user>user1</user>
- <user>user2</user>
- <user>root</user>
- <user>admin</user>
- <user>administrator</user>
- </role>
-
- <role name="queryRegions">
- <user>user5</user>
- <user>user6</user>
- </role>
-
- <role name="registerInterest">
- <user>user7</user>
- <user>user8</user>
- </role>
-
- <role name="unregisterInterest">
- <user>user5</user>
- <user>user7</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="registerInterest">
- <operation>REGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
- <permission role="unregisterInterest">
- <operation>UNREGISTER_INTEREST</operation>
- <operation>GET</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/authz-multiUser-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/authz-multiUser-ldap.xml b/geode-core/src/test/resources/lib/authz-multiUser-ldap.xml
deleted file mode 100644
index a8e5392..0000000
--- a/geode-core/src/test/resources/lib/authz-multiUser-ldap.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "authz5_5.dtd" >
-<acl>
-
- <role name="reader">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire3</user>
- <user>gemfire4</user>
- <user>gemfire5</user>
- </role>
-
- <role name="writer">
- <user>gemfire1</user>
- <user>gemfire2</user>
- <user>gemfire6</user>
- <user>gemfire7</user>
- <user>gemfire8</user>
- </role>
-
- <role name="cacheOps">
- <user>gemfire1</user>
- <user>gemfire2</user>
- </role>
-
- <role name="queryRegions">
- <user>gemfire9</user>
- <user>gemfire10</user>
- </role>
-
- <permission role="cacheOps">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
- <permission role="reader">
- <operation>GET</operation>
- <operation>REGISTER_INTEREST</operation>
- <operation>UNREGISTER_INTEREST</operation>
- <operation>KEY_SET</operation>
- <operation>CONTAINS_KEY</operation>
- <operation>EXECUTE_FUNCTION</operation>
- </permission>
-
- <permission role="writer">
- <operation>PUT</operation>
- <operation>PUTALL</operation>
- <operation>DESTROY</operation>
- <operation>INVALIDATE</operation>
- <operation>REGION_CLEAR</operation>
- </permission>
-
- <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
- <operation>QUERY</operation>
- <operation>EXECUTE_CQ</operation>
- <operation>STOP_CQ</operation>
- <operation>CLOSE_CQ</operation>
- </permission>
-
-</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire1.keystore b/geode-core/src/test/resources/lib/keys/gemfire1.keystore
deleted file mode 100644
index 15270bb..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire1.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire10.keystore b/geode-core/src/test/resources/lib/keys/gemfire10.keystore
deleted file mode 100644
index bb6f827..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire10.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire11.keystore b/geode-core/src/test/resources/lib/keys/gemfire11.keystore
deleted file mode 100644
index 6839c74..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire11.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire2.keystore b/geode-core/src/test/resources/lib/keys/gemfire2.keystore
deleted file mode 100644
index fcb7ab8..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire2.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire3.keystore b/geode-core/src/test/resources/lib/keys/gemfire3.keystore
deleted file mode 100644
index 19afc4b..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire3.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire4.keystore b/geode-core/src/test/resources/lib/keys/gemfire4.keystore
deleted file mode 100644
index c65916a..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire4.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire5.keystore b/geode-core/src/test/resources/lib/keys/gemfire5.keystore
deleted file mode 100644
index d738cca..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire5.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire6.keystore b/geode-core/src/test/resources/lib/keys/gemfire6.keystore
deleted file mode 100644
index 1fea2d3..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire6.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire7.keystore b/geode-core/src/test/resources/lib/keys/gemfire7.keystore
deleted file mode 100644
index 7a3187c..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire7.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire8.keystore b/geode-core/src/test/resources/lib/keys/gemfire8.keystore
deleted file mode 100644
index a3bb886..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire8.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/gemfire9.keystore b/geode-core/src/test/resources/lib/keys/gemfire9.keystore
deleted file mode 100644
index 674b4e6..0000000
Binary files a/geode-core/src/test/resources/lib/keys/gemfire9.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire1.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire1.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire1.keystore
deleted file mode 100644
index 4f9120c..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire1.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire10.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire10.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire10.keystore
deleted file mode 100644
index 0bd97d7..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire10.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire11.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire11.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire11.keystore
deleted file mode 100644
index 62ae3c7..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire11.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire2.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire2.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire2.keystore
deleted file mode 100644
index c65bc81..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire2.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire3.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire3.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire3.keystore
deleted file mode 100644
index b0796e0..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire3.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire4.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire4.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire4.keystore
deleted file mode 100644
index 9c94018..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire4.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire5.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire5.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire5.keystore
deleted file mode 100644
index 33f6937..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire5.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire6.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire6.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire6.keystore
deleted file mode 100644
index 568f674..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire6.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire7.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire7.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire7.keystore
deleted file mode 100644
index 80e2d80..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire7.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire8.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire8.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire8.keystore
deleted file mode 100644
index a15def5..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire8.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/gemfire9.keystore
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/gemfire9.keystore b/geode-core/src/test/resources/lib/keys/ibm/gemfire9.keystore
deleted file mode 100644
index 72087f3..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/gemfire9.keystore and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/ibm/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/ibm/publickeyfile b/geode-core/src/test/resources/lib/keys/ibm/publickeyfile
deleted file mode 100644
index 1b13872..0000000
Binary files a/geode-core/src/test/resources/lib/keys/ibm/publickeyfile and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/lib/keys/publickeyfile
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/lib/keys/publickeyfile b/geode-core/src/test/resources/lib/keys/publickeyfile
deleted file mode 100644
index 9c2daa3..0000000
Binary files a/geode-core/src/test/resources/lib/keys/publickeyfile and /dev/null differ
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/templates/security/authz5_5.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/templates/security/authz5_5.dtd b/geode-core/src/test/resources/templates/security/authz5_5.dtd
deleted file mode 100644
index 81a8150..0000000
--- a/geode-core/src/test/resources/templates/security/authz5_5.dtd
+++ /dev/null
@@ -1,105 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-
-This is the XML DTD for the GemFire sample XML based authorization callback
-in templates.security.XmlAuthorization.
-
-All XMLs must include a DOCTYPE of the following form:
-
- <!DOCTYPE acl PUBLIC
- "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "http://www.gemstone.com/dtd/authz5_5.dtd">
-
-The contents of a declarative XML file correspond to APIs found in the
-
- com.gemstone.gemfire.security.AccessControl
-
-package. The sample implementation may be used to specify access control
-policies.
-
--->
-
-<!--
-
-The following conventions apply to all GemFire sample authorization
-XML file elements unless indicated otherwise.
-
-- In elements that contain PCDATA, leading and trailing whitespace in
- the data may be ignored.
-
-- In elements whose value is an "enumerated type", the value is case
- sensitive.
-
--->
-
-
-<!--
-The "acl" element is the root element of the authorization file.
-This element contains the role to user mappings and role to permissions
-mapping on a per region per operation basis.
--->
-
-<!ELEMENT acl (role+,permission+)>
-
-<!--
-The "role" element contains the set of users that have the permissions of
-given role. A user can be present in more than one "role" elements in
-which case the union of the permissions to all those roles determines
-the full set of permissions to be given to the user.
--->
-
-<!ELEMENT role (user*)>
-<!ATTLIST role
- name CDATA #REQUIRED
->
-
-<!--
-The "user" element is contained within the "role" element and contains
-the name of a user having the permissions of that role.
--->
-
-<!ELEMENT user (#PCDATA)>
-
-<!--
-The "permission" element specifies the list of operations that are allowed
-for a particular role in the given regions as provided in the optional
-"regions" attribute. The value of "regions" attribute should be a comma
-separated list of region names for which permissions are to be provided.
-If no "regions" attribute is provided then those permissions are provided
-for all the other regions (i.e. other than those that have been explicitly
-specified). Permissions for cache level operations REGION_DESTROY,
-REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
-attribute. If cache-level permission is not provided for QUERY or CQ operations
-then the permission for all the region names in the query string is checked.
--->
-
-<!ELEMENT permission (operation*)>
-<!ATTLIST permission
- role CDATA #REQUIRED
- regions CDATA #IMPLIED
->
-
-
-<!--
-The operation should be one of the following strings:
- GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
- CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
- REGION_CREATE, REGION_DESTROY
--->
-<!ELEMENT operation (#PCDATA)>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/templates/security/authz6_0.dtd
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/templates/security/authz6_0.dtd b/geode-core/src/test/resources/templates/security/authz6_0.dtd
deleted file mode 100755
index 06cceff..0000000
--- a/geode-core/src/test/resources/templates/security/authz6_0.dtd
+++ /dev/null
@@ -1,110 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<!--
-
-This is the XML DTD for the GemFire sample XML based authorization callback
-in templates.security.XmlAuthorization.
-
-All XMLs must include a DOCTYPE of the following form:
-
- <!DOCTYPE acl PUBLIC
- "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
- "http://www.gemstone.com/dtd/authz5_5.dtd">
-
-The contents of a declarative XML file correspond to APIs found in the
-
- com.gemstone.gemfire.security.AccessControl
-
-package. The sample implementation may be used to specify access control
-policies.
-
--->
-
-<!--
-
-The following conventions apply to all GemFire sample authorization
-XML file elements unless indicated otherwise.
-
-- In elements that contain PCDATA, leading and trailing whitespace in
- the data may be ignored.
-
-- In elements whose value is an "enumerated type", the value is case
- sensitive.
-
--->
-
-
-<!--
-The "acl" element is the root element of the authorization file.
-This element contains the role to user mappings and role to permissions
-mapping on a per region per operation basis.
--->
-
-<!ELEMENT acl (role+,permission+)>
-
-<!--
-The "role" element contains the set of users that have the permissions of
-given role. A user can be present in more than one "role" elements in
-which case the union of the permissions to all those roles determines
-the full set of permissions to be given to the user.
--->
-
-<!ELEMENT role (user*)>
-<!ATTLIST role
- name CDATA #REQUIRED
->
-
-<!--
-The "user" element is contained within the "role" element and contains
-the name of a user having the permissions of that role.
--->
-
-<!ELEMENT user (#PCDATA)>
-
-<!--
-The "permission" element specifies the list of operations that are allowed
-for a particular role in the given regions as provided in the optional
-"regions" attribute. The value of "regions" attribute should be a comma
-separated list of region names for which permissions are to be provided.
-If no "regions" attribute is provided then those permissions are provided
-for all the other regions (i.e. other than those that have been explicitly
-specified). Permissions for cache level operations REGION_DESTROY,
-REGION_CREATE, QUERY and CQ operations should be specified with no "regions"
-attribute. If cache-level permission is not provided for QUERY or CQ operations
-then the permission for all the region names in the query string is checked.
--->
-
-<!ELEMENT permission (operation*)>
-<!ATTLIST permission
- role CDATA #REQUIRED
- regions CDATA #IMPLIED
->
-
-
-<!--
-The operation should be one of the following strings:
- GET, PUT, PUTALL, DESTROY, REGISTER_INTEREST, UNREGISTER_INTEREST,
- CONTAINS_KEY, KEY_SET, QUERY, EXECUTE_CQ, STOP_CQ, CLOSE_CQ, REGION_CLEAR,
- REGION_CREATE, REGION_DESTROY
--->
-<!ELEMENT operation (#PCDATA)>
-<!ATTLIST operation
- functionIds CDATA #IMPLIED
- optimizeForWrite CDATA #IMPLIED
- keySet CDATA #IMPLIED
->
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientAuthzObjectModDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientAuthzObjectModDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientAuthzObjectModDUnitTest.java
index d8e675e..e29691b 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientAuthzObjectModDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientAuthzObjectModDUnitTest.java
@@ -21,6 +21,9 @@ import java.util.List;
import java.util.Properties;
import java.util.Random;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyAuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
import com.gemstone.gemfire.DataSerializable;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientCQPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientCQPostAuthorizationDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientCQPostAuthorizationDUnitTest.java
index 82b3b5c..138b90b 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientCQPostAuthorizationDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientCQPostAuthorizationDUnitTest.java
@@ -39,6 +39,8 @@ import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.Invoke;
import com.gemstone.gemfire.test.dunit.LogWriterUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
index a1f0149..6cef09a 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/ClientPostAuthorizationDUnitTest.java
@@ -24,6 +24,8 @@ import java.util.Random;
import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.LogWriterUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
index 9e824c6..8693217 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserAPIDUnitTest.java
@@ -16,6 +16,8 @@
*/
package com.gemstone.gemfire.security;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
import hydra.Log;
import java.io.IOException;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserDurableCQAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserDurableCQAuthzDUnitTest.java b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserDurableCQAuthzDUnitTest.java
index 68e4cf2..6c641d0 100644
--- a/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserDurableCQAuthzDUnitTest.java
+++ b/geode-cq/src/test/java/com/gemstone/gemfire/security/MultiuserDurableCQAuthzDUnitTest.java
@@ -35,6 +35,8 @@ import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.Invoke;
import com.gemstone.gemfire.test.dunit.LogWriterUtils;
@@ -137,7 +139,7 @@ public class MultiuserDurableCQAuthzDUnitTest extends
}
private void doTest(Integer numOfUsers, Integer numOfPuts,
- Boolean[] postAuthzAllowed, AuthzCredentialGenerator gen, Boolean keepAlive)
+ Boolean[] postAuthzAllowed, AuthzCredentialGenerator gen, Boolean keepAlive)
throws Exception {
CredentialGenerator cGen = gen.getCredentialGenerator();
Properties extraAuthProps = cGen.getSystemProperties();
[2/3] incubator-geode git commit: Repackage security test code and
resources
Posted by kl...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/XmlAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/XmlAuthzCredentialGenerator.java
deleted file mode 100755
index b03fd04..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/XmlAuthzCredentialGenerator.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.util.test.TestUtil;
-import com.gemstone.gemfire.security.templates.UsernamePrincipal;
-import com.gemstone.gemfire.security.templates.XmlAuthorization;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
-
- private static final String dummyXml = "authz-dummy.xml";
- private static final String ldapXml = "authz-ldap.xml";
- private static final String pkcsXml = "authz-pkcs.xml";
- private static final String sslXml = "authz-ssl.xml";
-
- private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" };
-
- public static OperationCode[] READER_OPS = {
- OperationCode.GET,
- OperationCode.REGISTER_INTEREST,
- OperationCode.UNREGISTER_INTEREST,
- OperationCode.KEY_SET,
- OperationCode.CONTAINS_KEY,
- OperationCode.EXECUTE_FUNCTION };
-
- public static OperationCode[] WRITER_OPS = {
- OperationCode.PUT,
- OperationCode.DESTROY,
- OperationCode.INVALIDATE,
- OperationCode.REGION_CLEAR };
-
- public static OperationCode[] QUERY_OPS = {
- OperationCode.QUERY,
- OperationCode.EXECUTE_CQ,
- OperationCode.STOP_CQ,
- OperationCode.CLOSE_CQ };
-
- private static final byte READER_ROLE = 1;
- private static final byte WRITER_ROLE = 2;
- private static final byte QUERY_ROLE = 3;
- private static final byte ADMIN_ROLE = 4;
-
- private static Set readerOpsSet;
- private static Set writerOpsSet;
- private static Set queryOpsSet;
- private static Set queryRegionSet;
-
- static {
- readerOpsSet = new HashSet();
- for (int index = 0; index < READER_OPS.length; index++) {
- readerOpsSet.add(READER_OPS[index]);
- }
-
- writerOpsSet = new HashSet();
- for (int index = 0; index < WRITER_OPS.length; index++) {
- writerOpsSet.add(WRITER_OPS[index]);
- }
-
- queryOpsSet = new HashSet();
- for (int index = 0; index < QUERY_OPS.length; index++) {
- queryOpsSet.add(QUERY_OPS[index]);
- }
-
- queryRegionSet = new HashSet();
- for (int index = 0; index < QUERY_REGIONS.length; index++) {
- queryRegionSet.add(QUERY_REGIONS[index]);
- }
- }
-
- @Override
- protected Properties init() throws IllegalArgumentException {
- final Properties sysProps = new Properties();
- final String dirName = "/lib/";
-
- if (this.generator.classCode().isDummy()) {
- final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
- sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
-
- } else if (this.generator.classCode().isLDAP()) {
- final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
- sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
-
- // } else if (this.generator.classCode().isPKCS()) {
- // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
- // }
- // } else if (this.generator.classCode().isSSL()) {
- // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
- // }
-
- } else {
- throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator());
- }
- return sysProps;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.XML;
- }
-
- @Override
- public String getAuthorizationCallback() {
- return XmlAuthorization.class.getName() + ".create";
- }
-
- private Principal getDummyPrincipal(final byte roleType, final int index) {
- final String[] admins = new String[] { "root", "admin", "administrator" };
- final int numReaders = 3;
- final int numWriters = 3;
-
- switch (roleType) {
- case READER_ROLE:
- return new UsernamePrincipal("reader" + (index % numReaders));
- case WRITER_ROLE:
- return new UsernamePrincipal("writer" + (index % numWriters));
- case QUERY_ROLE:
- return new UsernamePrincipal("reader" + ((index % 2) + 3));
- default:
- return new UsernamePrincipal(admins[index % admins.length]);
- }
- }
-
- @Override
- protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- if (this.generator.classCode().isDummy()) {
- final byte roleType = getRequiredRole(opCodes, regionNames);
- return getDummyPrincipal(roleType, index);
-
- } else if (this.generator.classCode().isLDAP()) {
- final byte roleType = getRequiredRole(opCodes, regionNames);
- return getLdapPrincipal(roleType, index);
- }
-
- return null;
- }
-
- @Override
- protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- final byte roleType = getRequiredRole(opCodes, regionNames);
-
- byte disallowedRoleType = READER_ROLE;
- switch (roleType) {
- case READER_ROLE:
- disallowedRoleType = WRITER_ROLE;
- break;
- case WRITER_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- case QUERY_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- case ADMIN_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- }
-
- if (this.generator.classCode().isDummy()) {
- return getDummyPrincipal(disallowedRoleType, index);
-
- } else if (this.generator.classCode().isLDAP()) {
- return getLdapPrincipal(disallowedRoleType, index);
- }
-
- return null;
- }
-
- @Override
- protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
- return 5;
- }
-
- private Principal getLdapPrincipal(final byte roleType, final int index) {
- final String userPrefix = "gemfire";
- final int[] readerIndices = { 3, 4, 5 };
- final int[] writerIndices = { 6, 7, 8 };
- final int[] queryIndices = { 9, 10 };
- final int[] adminIndices = { 1, 2 };
-
- switch (roleType) {
- case READER_ROLE:
- int readerIndex = readerIndices[index % readerIndices.length];
- return new UsernamePrincipal(userPrefix + readerIndex);
- case WRITER_ROLE:
- int writerIndex = writerIndices[index % writerIndices.length];
- return new UsernamePrincipal(userPrefix + writerIndex);
- case QUERY_ROLE:
- int queryIndex = queryIndices[index % queryIndices.length];
- return new UsernamePrincipal(userPrefix + queryIndex);
- default:
- int adminIndex = adminIndices[index % adminIndices.length];
- return new UsernamePrincipal(userPrefix + adminIndex);
- }
- }
-
- private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) {
- byte roleType = ADMIN_ROLE;
- boolean requiresReader = true;
- boolean requiresWriter = true;
- boolean requiresQuery = true;
-
- for (int opNum = 0; opNum < opCodes.length; opNum++) {
- final OperationCode opCode = opCodes[opNum];
- if (requiresReader && !readerOpsSet.contains(opCode)) {
- requiresReader = false;
- }
- if (requiresWriter && !writerOpsSet.contains(opCode)) {
- requiresWriter = false;
- }
- if (requiresQuery && !queryOpsSet.contains(opCode)) {
- requiresQuery = false;
- }
- }
-
- if (requiresReader) {
- roleType = READER_ROLE;
-
- } else if (requiresWriter) {
- roleType = WRITER_ROLE;
-
- } else if (requiresQuery) {
- if (regionNames != null && regionNames.length > 0) {
- for (int index = 0; index < regionNames.length; index++) {
- final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]);
- if (requiresQuery && !queryRegionSet.contains(regionName)) {
- requiresQuery = false;
- break;
- }
- }
- if (requiresQuery) {
- roleType = QUERY_ROLE;
- }
- }
- }
-
- return roleType;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java
new file mode 100755
index 0000000..f39fc84
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/AuthzCredentialGenerator.java
@@ -0,0 +1,446 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AccessControl;
+import com.gemstone.gemfire.security.templates.DummyAuthorization;
+import com.gemstone.gemfire.security.templates.XmlAuthorization;
+import org.apache.logging.log4j.Logger;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * Encapsulates obtaining authorized and unauthorized credentials for a given
+ * operation in a region. Implementations will be for different kinds of
+ * authorization scheme and authentication scheme combos.
+ *
+ * @since 5.5
+ */
+public abstract class AuthzCredentialGenerator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ /**
+ * The {@link CredentialGenerator} being used.
+ */
+ protected CredentialGenerator generator;
+
+ /**
+ * A set of system properties that should be added to the gemfire system
+ * properties before using the authorization module.
+ */
+ private Properties systemProperties;
+
+ /**
+ * A factory method to create a new instance of an
+ * {@link AuthzCredentialGenerator} for the given {@link ClassCode}. Caller
+ * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
+ * after obtaining the instance.
+ *
+ * @param classCode
+ * the {@code ClassCode} of the {@code AuthzCredentialGenerator}
+ * implementation
+ *
+ * @return an instance of {@code AuthzCredentialGenerator} for the given
+ * class code
+ */
+ public static AuthzCredentialGenerator create(final ClassCode classCode) {
+ switch (classCode.classType) {
+ case ClassCode.ID_DUMMY:
+ return new DummyAuthzCredentialGenerator();
+ case ClassCode.ID_XML:
+ return new XmlAuthzCredentialGenerator();
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Initialize the authorized credential generator.
+ *
+ * @param generator
+ * an instance of {@link CredentialGenerator} of the credential
+ * implementation for which to obtain authorized/unauthorized
+ * credentials.
+ *
+ * @return false when the given {@link CredentialGenerator} is incompatible
+ * with this authorization module.
+ */
+ public boolean init(final CredentialGenerator generator) {
+ this.generator = generator;
+ try {
+ this.systemProperties = init();
+ } catch (IllegalArgumentException ex) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getSystemProperties() {
+ return this.systemProperties;
+ }
+
+ /**
+ * Get the {@link CredentialGenerator} being used by this instance.
+ */
+ public CredentialGenerator getCredentialGenerator() {
+ return this.generator;
+ }
+
+ /**
+ * Initialize the authorized credential generator.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException when the {@link CredentialGenerator} is
+ * incompatible with this authorization module.
+ */
+ protected abstract Properties init() throws IllegalArgumentException;
+
+ /**
+ * The {@link ClassCode} of the particular implementation.
+ *
+ * @return the {@code ClassCode}
+ */
+ public abstract ClassCode classCode();
+
+ /**
+ * The name of the {@link AccessControl} factory function that should be used
+ * as the authorization module on the server side.
+ *
+ * @return name of the {@code AccessControl} factory function
+ */
+ public abstract String getAuthorizationCallback();
+
+ /**
+ * Get a set of credentials generated using the given index allowed to perform
+ * the given {@link OperationCode}s for the given regions.
+ *
+ * @param opCodes
+ * the list of {@link OperationCode}s of the operations requiring
+ * authorization; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization; a value of
+ * null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing different
+ * values for this
+ *
+ * @return the set of credentials authorized to perform the given operation in
+ * the given regions
+ */
+ public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ int numTries = getNumPrincipalTries(opCodes, regionNames);
+ if (numTries <= 0) {
+ numTries = 1;
+ }
+
+ for (int tries = 0; tries < numTries; tries++) {
+ final Principal principal = getAllowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
+ try {
+ return this.generator.getValidCredentials(principal);
+ } catch (IllegalArgumentException ex) {
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get a set of credentials generated using the given index not allowed to
+ * perform the given {@link OperationCode}s for the given regions. The
+ * credentials are required to be valid for authentication.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure; should not be null
+ * @param regionNames
+ * list of the region names requiring authorization failure; a value
+ * of null indicates all regions
+ * @param index
+ * used to generate multiple such credentials by passing different
+ * values for this
+ *
+ * @return the set of credentials that are not authorized to perform the given
+ * operation in the given region
+ */
+ public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ // This may not be very correct since we use the value of
+ // getNumPrincipalTries() but is used to avoid adding another method.
+ // Also something like getNumDisallowedPrincipals() will be normally always
+ // infinite, and the number here is just to perform some number of tries
+ // before giving up.
+
+ int numTries = getNumPrincipalTries(opCodes, regionNames);
+ if (numTries <= 0) {
+ numTries = 1;
+ }
+
+ for (int tries = 0; tries < numTries; tries++) {
+ final Principal principal = getDisallowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
+ try {
+ return this.generator.getValidCredentials(principal);
+ } catch (IllegalArgumentException ex) {
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Get the number of tries to be done for obtaining valid credentials for the
+ * given operations in the given region. It is required that
+ * {@link #getAllowedPrincipal} method returns valid principals for values of
+ * {@code index} from 0 through (n-1) where {@code n} is the
+ * value returned by this method. It is recommended that the principals so
+ * returned be unique for efficiency.
+ *
+ * This will be used by {@link #getAllowedCredentials} to step through
+ * different principals and obtain a set of valid credentials.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of null
+ * indicates all regions
+ *
+ * @return the number of principals allowed to perform the given operation in
+ * the given region
+ */
+ protected abstract int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames);
+
+ /**
+ * Get a {@link Principal} generated using the given index allowed to perform
+ * the given {@link OperationCode}s for the given region.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization
+ * @param regionNames
+ * list of the region names requiring authorization; a value of null
+ * indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing different
+ * values for this
+ *
+ * @return the {@link Principal} authorized to perform the given operation in
+ * the given region
+ */
+ protected abstract Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
+
+ /**
+ * Get a {@link Principal} generated using the given index not allowed to
+ * perform the given {@link OperationCode}s for the given region.
+ *
+ * Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @param opCodes
+ * the {@link OperationCode}s of the operations requiring
+ * authorization failure
+ * @param regionNames
+ * list of the region names requiring authorization failure; a value
+ * of null indicates all regions
+ * @param index
+ * used to generate multiple such principals by passing different
+ * values for this
+ *
+ * @return a {@link Principal} not authorized to perform the given operation
+ * in the given region
+ */
+ protected abstract Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
+
+ /**
+ * Enumeration for various {@link AuthzCredentialGenerator} implementations.
+ *
+ * <p>The following schemes are supported as of now:
+ * <ul>
+ * <li>{@code DummyAuthorization} with {@code DummyAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code DummyAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code LDAPAuthenticator}</li>
+ * <li>{@code XMLAuthorization} with {@code PKCSAuthenticator}</li>
+ * <li>{@code XMLAuthorization} when using SSL sockets</li>
+ * </ul>
+ *
+ * <p>To add a new authorization scheme the following needs to be done:
+ * <ul>
+ * <li>Add implementation for {@link AccessControl}.</li>
+ * <li>Choose the authentication schemes that it shall work with from
+ * {@link CredentialGenerator.ClassCode}</li>
+ * <li>Add a new enumeration value for the scheme in this class. Notice the
+ * size of {@code VALUES} array and increase that if it is getting
+ * overflowed. Note the methods and fields for existing schemes and add for
+ * the new one in a similar manner.</li>
+ * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
+ * {@link AuthzCredentialGenerator#init} method where different authentication
+ * schemes can be passed and initialize differently for the authentication
+ * schemes that shall be handled.</li>
+ * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
+ * creation of an instance of the new implementation for the
+ * {@code ClassCode} enumeration value.</li>
+ * </ul>
+ *
+ * <p>All dunit tests will automagically start testing the new implementation
+ * after this.
+ *
+ * @since 5.5
+ */
+ public static final class ClassCode {
+
+ private static byte nextOrdinal = 0;
+
+ private static final byte ID_DUMMY = 1;
+ private static final byte ID_XML = 2;
+
+ private static final ClassCode[] VALUES = new ClassCode[10];
+ private static final Map CODE_NAME_MAP = new HashMap();
+
+ public static final ClassCode DUMMY = new ClassCode(DummyAuthorization.class.getName() + ".create", ID_DUMMY);
+ public static final ClassCode XML = new ClassCode(XmlAuthorization.class.getName() + ".create", ID_XML);
+
+ /** The name of this class. */
+ private final String name;
+
+ /** byte used as ordinal to represent this class */
+ private final byte ordinal;
+
+ /**
+ * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
+ */
+ private final byte classType;
+
+ /** Creates a new instance of class code. */
+ private ClassCode(final String name, final byte classType) {
+ this.name = name;
+ this.classType = classType;
+ this.ordinal = nextOrdinal++;
+ VALUES[this.ordinal] = this;
+ CODE_NAME_MAP.put(name, this);
+ }
+
+ public boolean isDummy() {
+ return this.classType == ID_DUMMY;
+ }
+
+ public boolean isXml() {
+ return this.classType == ID_XML;
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified ordinal.
+ */
+ public static ClassCode fromOrdinal(final byte ordinal) {
+ return VALUES[ordinal];
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified string.
+ */
+ public static ClassCode parse(final String operationName) {
+ return (ClassCode) CODE_NAME_MAP.get(operationName);
+ }
+
+ /**
+ * Returns all the possible values.
+ */
+ public static List getAll() {
+ final List codes = new ArrayList();
+ for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
+ codes.add(iter.next());
+ }
+ return codes;
+ }
+
+ /**
+ * Returns the ordinal for this class code.
+ *
+ * @return the ordinal of this class code.
+ */
+ public byte toOrdinal() {
+ return this.ordinal;
+ }
+
+ /**
+ * Returns a string representation for this class code.
+ *
+ * @return the name of this class code.
+ */
+ @Override
+ public final String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ public final boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ClassCode)) {
+ return false;
+ }
+ final ClassCode other = (ClassCode)obj;
+ return other.ordinal == this.ordinal;
+ }
+
+ /**
+ * Indicates whether other {@code ClassCode} is same as this one.
+ *
+ * @return true if other {@code ClassCode} is same as this one.
+ */
+ public final boolean equals(final ClassCode opCode) {
+ return opCode != null && opCode.ordinal == this.ordinal;
+ }
+
+ /**
+ * Returns a hash code value for this {@code ClassCode} which is the
+ * same as its ordinal.
+ *
+ * @return the ordinal of this {@code ClassCode}.
+ */
+ @Override
+ public final int hashCode() {
+ return this.ordinal;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java
new file mode 100755
index 0000000..b15599f
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/CredentialGenerator.java
@@ -0,0 +1,327 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.Authenticator;
+import com.gemstone.gemfire.security.templates.DummyAuthenticator;
+import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
+import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
+
+/**
+ * Encapsulates obtaining valid and invalid credentials. Implementations will be
+ * for different kinds of authentication schemes.
+ *
+ * @since 5.5
+ */
+public abstract class CredentialGenerator {
+
+ /**
+ * A set of properties that should be added to the Gemfire system properties
+ * before using the authentication module.
+ */
+ private Properties systemProperties = null;
+
+ /**
+ * A set of properties that should be added to the java system properties
+ * before using the authentication module.
+ */
+ protected Properties javaProperties = null;
+
+ /**
+ * A factory method to create a new instance of an {@link CredentialGenerator}
+ * for the given {@link ClassCode}. Caller is supposed to invoke
+ * {@link CredentialGenerator#init} immediately after obtaining the instance.
+ *
+ * @param classCode
+ * the {@code ClassCode} of the {@code CredentialGenerator}
+ * implementation
+ *
+ * @return an instance of {@code CredentialGenerator} for the given class
+ * code
+ */
+ public static CredentialGenerator create(final ClassCode classCode) {
+ switch (classCode.classType) {
+ // Removing dummy one to reduce test run times
+ // case ClassCode.ID_DUMMY:
+ // return new DummyCredentialGenerator();
+ case ClassCode.ID_LDAP:
+ return new LdapUserCredentialGenerator();
+ // case ClassCode.ID_SSL:ΓΈ
+ // return new SSLCredentialGenerator();
+ case ClassCode.ID_PKCS:
+ return new PKCSCredentialGenerator();
+ default:
+ return null;
+ }
+ }
+
+ /**
+ * Initialize the credential generator.
+ *
+ * @throws IllegalArgumentException when there is a problem during
+ * initialization
+ */
+ public void init() throws IllegalArgumentException {
+ this.systemProperties = initialize();
+ }
+
+ /**
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getSystemProperties() {
+ return this.systemProperties;
+ }
+
+ /**
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ */
+ public Properties getJavaProperties() {
+ return this.javaProperties;
+ }
+
+ /**
+ * The {@link ClassCode} of this particular implementation.
+ *
+ * @return the {@code ClassCode}
+ */
+ public abstract ClassCode classCode();
+
+ /**
+ * The name of the {@link AuthInitialize} factory function that should be used
+ * in conjunction with the credentials generated by this generator.
+ *
+ * @return name of the {@code AuthInitialize} factory function
+ */
+ public abstract String getAuthInit();
+
+ /**
+ * The name of the {@link Authenticator} factory function that should be used
+ * in conjunction with the credentials generated by this generator.
+ *
+ * @return name of the {@code Authenticator} factory function
+ */
+ public abstract String getAuthenticator();
+
+ /**
+ * Get a set of valid credentials generated using the given index.
+ */
+ public abstract Properties getValidCredentials(final int index);
+
+ /**
+ * Get a set of valid credentials for the given {@link Principal}.
+ *
+ * @return credentials for the given {@code Principal} or null if none
+ * possible.
+ */
+ public abstract Properties getValidCredentials(final Principal principal);
+
+ /**
+ * Get a set of invalid credentials generated using the given index.
+ */
+ public abstract Properties getInvalidCredentials(final int index);
+
+ /**
+ * Initialize the credential generator. This is provided separately from the
+ * {@link #init()} method for convenience of implementations so that they do not
+ * need to store in {@link #systemProperties}. The latter is convenient for the users
+ * who do not need to store these properties rather can obtain it later by
+ * invoking {@link #getSystemProperties()}
+ *
+ * <p>Required to be implemented by concrete classes that implement this abstract
+ * class.
+ *
+ * @return A set of extra properties that should be added to Gemfire system
+ * properties when not null.
+ *
+ * @throws IllegalArgumentException when there is a problem during
+ * initialization
+ */
+ protected abstract Properties initialize() throws IllegalArgumentException;
+
+ /**
+ * Enumeration for various {@link CredentialGenerator} implementations.
+ *
+ * <p>The following schemes are supported as of now:
+ * {@code DummyAuthenticator}, {@code LdapUserAuthenticator},
+ * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual
+ * authentication is also supported.
+ *
+ * <p>To add a new authentication scheme the following needs to be done:
+ * <ul>
+ * <li>Add implementations for {@link AuthInitialize} and
+ * {@link Authenticator} classes for clients/peers.</li>
+ * <li>Add a new enumeration value for the scheme in this class. Notice the
+ * size of {@code VALUES} array and increase that if it is getting
+ * overflowed. Note the methods and fields for existing schemes and add for
+ * the new one in a similar manner.</li>
+ * <li>Add an implementation for {@link CredentialGenerator}.</li>
+ * <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add
+ * creation of an instance of the new implementation for the
+ * {@code ClassCode} enumeration value.</li>
+ * </ul>
+ *
+ * <p>All security dunit tests will automagically start testing the new
+ * implementation after this.
+ *
+ * @since 5.5
+ */
+ public static final class ClassCode {
+
+ private static byte nextOrdinal = 0;
+
+ private static final byte ID_DUMMY = 1;
+ private static final byte ID_LDAP = 2;
+ private static final byte ID_PKCS = 3;
+ private static final byte ID_SSL = 4;
+
+ private static final ClassCode[] VALUES = new ClassCode[10];
+ private static final Map CODE_NAME_MAP = new HashMap();
+
+ public static final ClassCode DUMMY = new ClassCode(DummyAuthenticator.class.getName() + ".create", ID_DUMMY);
+ public static final ClassCode LDAP = new ClassCode(LdapUserAuthenticator.class.getName() + ".create", ID_LDAP);
+ public static final ClassCode PKCS = new ClassCode(PKCSAuthenticator.class.getName() + ".create", ID_PKCS);
+ public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
+
+ /** The name of this class. */
+ private final String name;
+
+ /** byte used as ordinal to represent this class */
+ private final byte ordinal;
+
+ /**
+ * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS
+ */
+ private final byte classType;
+
+ /** Creates a new instance of class code. */
+ private ClassCode(final String name, final byte classType) {
+ this.name = name;
+ this.classType = classType;
+ this.ordinal = nextOrdinal++;
+ VALUES[this.ordinal] = this;
+ CODE_NAME_MAP.put(name, this);
+ }
+
+ public boolean isDummy() {
+ return this.classType == ID_DUMMY;
+ }
+
+ public boolean isLDAP() {
+ return this.classType == ID_LDAP;
+ }
+
+ public boolean isPKCS() {
+ return this.classType == ID_PKCS;
+ }
+
+ public boolean isSSL() {
+ return this.classType == ID_SSL;
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified ordinal.
+ */
+ public static ClassCode fromOrdinal(final byte ordinal) {
+ return VALUES[ordinal];
+ }
+
+ /**
+ * Returns the {@code ClassCode} represented by specified string.
+ */
+ public static ClassCode parse(final String operationName) {
+ return (ClassCode) CODE_NAME_MAP.get(operationName);
+ }
+
+ /**
+ * Returns all the possible values.
+ */
+ public static List getAll() {
+ final List codes = new ArrayList();
+ for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
+ codes.add(iter.next());
+ }
+ return codes;
+ }
+
+ /**
+ * Returns the ordinal for this operation code.
+ *
+ * @return the ordinal of this operation.
+ */
+ public byte toOrdinal() {
+ return this.ordinal;
+ }
+
+ /**
+ * Returns a string representation for this operation.
+ *
+ * @return the name of this operation.
+ */
+ @Override
+ public final String toString() {
+ return this.name;
+ }
+
+ /**
+ * Indicates whether other object is same as this one.
+ *
+ * @return true if other object is same as this one.
+ */
+ @Override
+ public final boolean equals(final Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (!(obj instanceof ClassCode)) {
+ return false;
+ }
+ final ClassCode other = (ClassCode)obj;
+ return other.ordinal == this.ordinal;
+ }
+
+ /**
+ * Indicates whether other {@code ClassCode} is same as this one.
+ *
+ * @return true if other {@code ClassCode} is same as this one.
+ */
+ public final boolean equals(final ClassCode opCode) {
+ return opCode != null && opCode.ordinal == this.ordinal;
+ }
+
+ /**
+ * Returns a hash code value for this {@code ClassCode} which is the
+ * same as its ordinal.
+ *
+ * @return the ordinal of this operation.
+ */
+ @Override
+ public final int hashCode() {
+ return this.ordinal;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java
new file mode 100755
index 0000000..64fb84a
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyAuthzCredentialGenerator.java
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.security.templates.DummyAuthorization;
+import com.gemstone.gemfire.security.templates.UsernamePrincipal;
+
+public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
+
+ public static final byte READER_ROLE = 1;
+ public static final byte WRITER_ROLE = 2;
+ public static final byte ADMIN_ROLE = 3;
+
+ private static Set readerOpsSet;
+ private static Set writerOpsSet;
+
+ static {
+ readerOpsSet = new HashSet();
+ for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) {
+ readerOpsSet.add(DummyAuthorization.READER_OPS[index]);
+ }
+
+ writerOpsSet = new HashSet();
+ for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) {
+ writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]);
+ }
+ }
+
+ public static byte getRequiredRole(final OperationCode[] opCodes) {
+ byte roleType = ADMIN_ROLE;
+ boolean requiresReader = true;
+ boolean requiresWriter = true;
+
+ for (int opNum = 0; opNum < opCodes.length; opNum++) {
+ if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) {
+ requiresReader = false;
+ }
+ if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) {
+ requiresWriter = false;
+ }
+ }
+ if (requiresReader) {
+ roleType = READER_ROLE;
+ }
+ else if (requiresWriter) {
+ roleType = WRITER_ROLE;
+ }
+ return roleType;
+ }
+
+ @Override
+ protected Properties init() throws IllegalArgumentException {
+ if (!this.generator.classCode().isDummy()) {
+ throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator");
+ }
+ return null;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.DUMMY;
+ }
+
+ @Override
+ public String getAuthorizationCallback() {
+ return DummyAuthorization.class.getName() + ".create";
+ }
+
+ @Override
+ protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ final byte roleType = getRequiredRole(opCodes);
+ return getPrincipal(roleType, index);
+ }
+
+ @Override
+ protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ byte roleType = getRequiredRole(opCodes);
+ byte disallowedRoleType;
+ switch (roleType) {
+ case READER_ROLE:
+ disallowedRoleType = WRITER_ROLE;
+ break;
+ case WRITER_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ default:
+ disallowedRoleType = READER_ROLE;
+ break;
+ }
+ return getPrincipal(disallowedRoleType, index);
+ }
+
+ @Override
+ protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
+ return 5;
+ }
+
+ private Principal getPrincipal(final byte roleType, final int index) {
+ String[] admins = new String[] { "root", "admin", "administrator" };
+ switch (roleType) {
+ case READER_ROLE:
+ return new UsernamePrincipal("reader" + index);
+ case WRITER_ROLE:
+ return new UsernamePrincipal("writer" + index);
+ default:
+ return new UsernamePrincipal(admins[index % admins.length]);
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java
new file mode 100755
index 0000000..b709dbc
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/DummyCredentialGenerator.java
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.security.templates.DummyAuthenticator;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+
+import java.security.Principal;
+import java.util.Properties;
+
+public class DummyCredentialGenerator extends CredentialGenerator {
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ return null;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.DUMMY;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return UserPasswordAuthInit.class.getName() + ".create";
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return DummyAuthenticator.class.getName() + ".create";
+ }
+
+ @Override
+ public Properties getValidCredentials(final int index) {
+ final String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
+ final String[] admins = new String[] { "root", "admin", "administrator" };
+
+ final Properties props = new Properties();
+ final int groupNum = index % validGroups.length;
+
+ String userName;
+ if (groupNum == 0) {
+ userName = admins[index % admins.length];
+ } else {
+ userName = validGroups[groupNum] + (index / validGroups.length);
+ }
+
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ final String userName = principal.getName();
+
+ if (DummyAuthenticator.checkValidName(userName)) {
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ return props;
+
+ } else {
+ throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user");
+ }
+ }
+
+ @Override
+ public Properties getInvalidCredentials(int index) {
+ Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java
new file mode 100755
index 0000000..cd2fbe2
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/LdapUserCredentialGenerator.java
@@ -0,0 +1,154 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake;
+import com.gemstone.gemfire.util.test.TestUtil;
+import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+
+import java.security.Principal;
+import java.util.Properties;
+import java.util.Random;
+
+public class LdapUserCredentialGenerator extends CredentialGenerator {
+
+ private static final String USER_PREFIX = "gemfire";
+ private static final Random RANDOM = new Random();
+ private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" };
+
+ private static boolean enableServerAuthentication = false;
+
+ private boolean serverAuthEnabled = false;
+
+ public LdapUserCredentialGenerator() {
+ // Toggle server authentication enabled for each test
+ // This is done instead of running all the tests with both
+ // server auth enabled/disabled to reduce test run time.
+ enableServerAuthentication = !enableServerAuthentication;
+ this.serverAuthEnabled = enableServerAuthentication;
+ }
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ final String ldapServer = System.getProperty("gf.ldap.server", "ldap");
+ final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
+ final String ldapUseSSL = System.getProperty("gf.ldap.usessl");
+
+ final Properties extraProps = new Properties();
+ extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer);
+ extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN);
+
+ if (ldapUseSSL != null && ldapUseSSL.length() > 0) {
+ extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL);
+ }
+
+ if (serverAuthEnabled) {
+ String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore");
+ extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile);
+ extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1");
+ extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return extraProps;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.LDAP;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return UserPasswordAuthInit.class.getName() + ".create";
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return LdapUserAuthenticator.class.getName() + ".create";
+ }
+
+ @Override
+ public Properties getValidCredentials(final int index) {
+ final Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1));
+ props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1));
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
+ if (serverAuthEnabled) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
+ props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ Properties props = null;
+ final String userName = principal.getName();
+
+ if (userName != null && userName.startsWith(USER_PREFIX)) {
+ boolean isValid;
+
+ try {
+ final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
+ isValid = (suffix >= 1 && suffix <= 10);
+ } catch (Exception ex) {
+ isValid = false;
+ }
+
+ if (isValid) {
+ props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
+ }
+ }
+
+ if (props == null) {
+ throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user");
+ }
+
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
+ if (serverAuthEnabled) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
+ props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return props;
+ }
+
+ @Override
+ public Properties getInvalidCredentials(final int index) {
+ final Properties props = new Properties();
+ props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
+ props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
+ props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
+
+ if (serverAuthEnabled) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
+ props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
+ props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
+ }
+
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java
new file mode 100755
index 0000000..a78259c
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/PKCSCredentialGenerator.java
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.util.test.TestUtil;
+import com.gemstone.gemfire.security.templates.PKCSAuthInit;
+import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
+
+import java.security.Principal;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+
+public class PKCSCredentialGenerator extends CredentialGenerator {
+
+ public static String keyStoreDir = getKeyStoreDir();
+ public static boolean usesIBMJSSE;
+
+ // Checks if the current JVM uses only IBM JSSE providers.
+ private static boolean usesIBMProviders() {
+ final Provider[] providers = Security.getProviders();
+ for (int index = 0; index < providers.length; ++index) {
+ if (!providers[index].getName().toLowerCase().startsWith("ibm")) {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private static String getKeyStoreDir() {
+ usesIBMJSSE = usesIBMProviders();
+ if (usesIBMJSSE) {
+ return "/com/gemstone/gemfire/security/generator/lib/keys/ibm";
+ } else {
+ return "/com/gemstone/gemfire/security/generator/lib/keys";
+ }
+ }
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
+ props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.PKCS;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return PKCSAuthInit.class.getName() + ".create";
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return PKCSAuthenticator.class.getName() + ".create";
+ }
+
+ @Override
+ public Properties getInvalidCredentials(int index) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
+ props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11");
+ props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(int index) {
+ final int aliasnum = (index % 10) + 1;
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
+ props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum);
+ props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+
+ @Override
+ public Properties getValidCredentials(Principal principal) {
+ final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
+
+ final Properties props = new Properties();
+ props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
+ props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName());
+ props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
+
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java
new file mode 100755
index 0000000..10e2e18
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/SSLCredentialGenerator.java
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import org.apache.logging.log4j.Logger;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Properties;
+
+public class SSLCredentialGenerator extends CredentialGenerator {
+
+ private static final Logger logger = LogService.getLogger();
+
+ @Override
+ protected Properties initialize() throws IllegalArgumentException {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.SSL;
+ }
+
+ @Override
+ public String getAuthInit() {
+ return null;
+ }
+
+ @Override
+ public String getAuthenticator() {
+ return null;
+ }
+
+ @Override
+ public Properties getValidCredentials(int index) {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public Properties getValidCredentials(final Principal principal) {
+ this.javaProperties = getValidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ @Override
+ public Properties getInvalidCredentials(final int index) {
+ this.javaProperties = getInvalidJavaSSLProperties();
+ return getSSLProperties();
+ }
+
+ private File findTrustedJKS() {
+ final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
+ return new File(ssldir, "trusted.keystore");
+ }
+
+ private File findUntrustedJKS() {
+ final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
+ return new File(ssldir, "untrusted.keystore");
+ }
+
+ private Properties getValidJavaSSLProperties() {
+ final File jks = findTrustedJKS();
+
+ try {
+ final Properties props = new Properties();
+ props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.trustStorePassword", "password");
+ props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.keyStorePassword", "password");
+ return props;
+
+ } catch (IOException ex) {
+ throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
+ }
+ }
+
+ private Properties getInvalidJavaSSLProperties() {
+ final File jks = findUntrustedJKS();
+
+ try {
+ final Properties props = new Properties();
+ props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.trustStorePassword", "password");
+ props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
+ props.setProperty("javax.net.ssl.keyStorePassword", "password");
+ return props;
+
+ } catch (IOException ex) {
+ throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
+ }
+ }
+
+ private Properties getSSLProperties() {
+ Properties props = new Properties();
+ props.setProperty("ssl-enabled", "true");
+ props.setProperty("ssl-require-authentication", "true");
+ props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5");
+ props.setProperty("ssl-protocols", "TLSv1");
+ return props;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java
new file mode 100755
index 0000000..ad96440
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/UserPasswordWithExtraPropsAuthInit.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.distributed.DistributedMember;
+import com.gemstone.gemfire.security.AuthInitialize;
+import com.gemstone.gemfire.security.AuthenticationFailedException;
+import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+/**
+ * An {@link AuthInitialize} implementation that obtains the user name and
+ * password as the credentials from the given set of properties. If
+ * keep-extra-props property exits, it will copy rest of the
+ * properties provided in getCredential props argument will also be
+ * copied as new credentials.
+ *
+ * @since 5.5
+ */
+public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
+
+ public static final String SECURITY_PREFIX = "security-";
+ public static final String EXTRA_PROPS = "security-keep-extra-props";
+
+ public static AuthInitialize create() {
+ return new UserPasswordWithExtraPropsAuthInit();
+ }
+
+ public UserPasswordWithExtraPropsAuthInit() {
+ super();
+ }
+
+ public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
+ final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer);
+ final String extraProps = securityProperties.getProperty(EXTRA_PROPS);
+
+ if (extraProps != null) {
+ for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) {
+ final String key = (String) it.next();
+ if (key.startsWith(SECURITY_PREFIX) &&
+ key.equalsIgnoreCase(USER_NAME) == false &&
+ key.equalsIgnoreCase(PASSWORD) == false &&
+ key.equalsIgnoreCase(EXTRA_PROPS) == false) {
+ securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key));
+ }
+ }
+ this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString());
+ }
+
+ return securityPropertiesCopy;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java
new file mode 100755
index 0000000..cf431b9
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/generator/XmlAuthzCredentialGenerator.java
@@ -0,0 +1,257 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.security.generator;
+
+import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
+import com.gemstone.gemfire.util.test.TestUtil;
+import com.gemstone.gemfire.security.templates.UsernamePrincipal;
+import com.gemstone.gemfire.security.templates.XmlAuthorization;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+
+public class XmlAuthzCredentialGenerator extends AuthzCredentialGenerator {
+
+ private static final String dummyXml = "authz-dummy.xml";
+ private static final String ldapXml = "authz-ldap.xml";
+ private static final String pkcsXml = "authz-pkcs.xml";
+ private static final String sslXml = "authz-ssl.xml";
+
+ private static final String[] QUERY_REGIONS = { "/Portfolios", "/Positions", "/AuthRegion" };
+
+ public static OperationCode[] READER_OPS = {
+ OperationCode.GET,
+ OperationCode.REGISTER_INTEREST,
+ OperationCode.UNREGISTER_INTEREST,
+ OperationCode.KEY_SET,
+ OperationCode.CONTAINS_KEY,
+ OperationCode.EXECUTE_FUNCTION };
+
+ public static OperationCode[] WRITER_OPS = {
+ OperationCode.PUT,
+ OperationCode.DESTROY,
+ OperationCode.INVALIDATE,
+ OperationCode.REGION_CLEAR };
+
+ public static OperationCode[] QUERY_OPS = {
+ OperationCode.QUERY,
+ OperationCode.EXECUTE_CQ,
+ OperationCode.STOP_CQ,
+ OperationCode.CLOSE_CQ };
+
+ private static final byte READER_ROLE = 1;
+ private static final byte WRITER_ROLE = 2;
+ private static final byte QUERY_ROLE = 3;
+ private static final byte ADMIN_ROLE = 4;
+
+ private static Set readerOpsSet;
+ private static Set writerOpsSet;
+ private static Set queryOpsSet;
+ private static Set queryRegionSet;
+
+ static {
+ readerOpsSet = new HashSet();
+ for (int index = 0; index < READER_OPS.length; index++) {
+ readerOpsSet.add(READER_OPS[index]);
+ }
+
+ writerOpsSet = new HashSet();
+ for (int index = 0; index < WRITER_OPS.length; index++) {
+ writerOpsSet.add(WRITER_OPS[index]);
+ }
+
+ queryOpsSet = new HashSet();
+ for (int index = 0; index < QUERY_OPS.length; index++) {
+ queryOpsSet.add(QUERY_OPS[index]);
+ }
+
+ queryRegionSet = new HashSet();
+ for (int index = 0; index < QUERY_REGIONS.length; index++) {
+ queryRegionSet.add(QUERY_REGIONS[index]);
+ }
+ }
+
+ @Override
+ protected Properties init() throws IllegalArgumentException {
+ final Properties sysProps = new Properties();
+ final String dirName = "/com/gemstone/gemfire/security/generator/lib/";
+
+ if (this.generator.classCode().isDummy()) {
+ final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + dummyXml);
+ sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ final String xmlFilename = TestUtil.getResourcePath(XmlAuthzCredentialGenerator.class, dirName + ldapXml);
+ sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, xmlFilename);
+
+ // } else if (this.generator.classCode().isPKCS()) {
+ // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + pkcsXml);
+ // }
+ // } else if (this.generator.classCode().isSSL()) {
+ // sysProps.setProperty(XmlAuthorization.DOC_URI_PROP_NAME, dirName + sslXml);
+ // }
+
+ } else {
+ throw new IllegalArgumentException("No XML defined for XmlAuthorization module to work with " + this.generator.getAuthenticator());
+ }
+ return sysProps;
+ }
+
+ @Override
+ public ClassCode classCode() {
+ return ClassCode.XML;
+ }
+
+ @Override
+ public String getAuthorizationCallback() {
+ return XmlAuthorization.class.getName() + ".create";
+ }
+
+ private Principal getDummyPrincipal(final byte roleType, final int index) {
+ final String[] admins = new String[] { "root", "admin", "administrator" };
+ final int numReaders = 3;
+ final int numWriters = 3;
+
+ switch (roleType) {
+ case READER_ROLE:
+ return new UsernamePrincipal("reader" + (index % numReaders));
+ case WRITER_ROLE:
+ return new UsernamePrincipal("writer" + (index % numWriters));
+ case QUERY_ROLE:
+ return new UsernamePrincipal("reader" + ((index % 2) + 3));
+ default:
+ return new UsernamePrincipal(admins[index % admins.length]);
+ }
+ }
+
+ @Override
+ protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ if (this.generator.classCode().isDummy()) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+ return getDummyPrincipal(roleType, index);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+ return getLdapPrincipal(roleType, index);
+ }
+
+ return null;
+ }
+
+ @Override
+ protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
+ final byte roleType = getRequiredRole(opCodes, regionNames);
+
+ byte disallowedRoleType = READER_ROLE;
+ switch (roleType) {
+ case READER_ROLE:
+ disallowedRoleType = WRITER_ROLE;
+ break;
+ case WRITER_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ case QUERY_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ case ADMIN_ROLE:
+ disallowedRoleType = READER_ROLE;
+ break;
+ }
+
+ if (this.generator.classCode().isDummy()) {
+ return getDummyPrincipal(disallowedRoleType, index);
+
+ } else if (this.generator.classCode().isLDAP()) {
+ return getLdapPrincipal(disallowedRoleType, index);
+ }
+
+ return null;
+ }
+
+ @Override
+ protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
+ return 5;
+ }
+
+ private Principal getLdapPrincipal(final byte roleType, final int index) {
+ final String userPrefix = "gemfire";
+ final int[] readerIndices = { 3, 4, 5 };
+ final int[] writerIndices = { 6, 7, 8 };
+ final int[] queryIndices = { 9, 10 };
+ final int[] adminIndices = { 1, 2 };
+
+ switch (roleType) {
+ case READER_ROLE:
+ int readerIndex = readerIndices[index % readerIndices.length];
+ return new UsernamePrincipal(userPrefix + readerIndex);
+ case WRITER_ROLE:
+ int writerIndex = writerIndices[index % writerIndices.length];
+ return new UsernamePrincipal(userPrefix + writerIndex);
+ case QUERY_ROLE:
+ int queryIndex = queryIndices[index % queryIndices.length];
+ return new UsernamePrincipal(userPrefix + queryIndex);
+ default:
+ int adminIndex = adminIndices[index % adminIndices.length];
+ return new UsernamePrincipal(userPrefix + adminIndex);
+ }
+ }
+
+ private byte getRequiredRole(final OperationCode[] opCodes, final String[] regionNames) {
+ byte roleType = ADMIN_ROLE;
+ boolean requiresReader = true;
+ boolean requiresWriter = true;
+ boolean requiresQuery = true;
+
+ for (int opNum = 0; opNum < opCodes.length; opNum++) {
+ final OperationCode opCode = opCodes[opNum];
+ if (requiresReader && !readerOpsSet.contains(opCode)) {
+ requiresReader = false;
+ }
+ if (requiresWriter && !writerOpsSet.contains(opCode)) {
+ requiresWriter = false;
+ }
+ if (requiresQuery && !queryOpsSet.contains(opCode)) {
+ requiresQuery = false;
+ }
+ }
+
+ if (requiresReader) {
+ roleType = READER_ROLE;
+
+ } else if (requiresWriter) {
+ roleType = WRITER_ROLE;
+
+ } else if (requiresQuery) {
+ if (regionNames != null && regionNames.length > 0) {
+ for (int index = 0; index < regionNames.length; index++) {
+ final String regionName = XmlAuthorization.normalizeRegionName(regionNames[index]);
+ if (requiresQuery && !queryRegionSet.contains(regionName)) {
+ requiresQuery = false;
+ break;
+ }
+ }
+ if (requiresQuery) {
+ roleType = QUERY_ROLE;
+ }
+ }
+ }
+
+ return roleType;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-dummy.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-dummy.xml
new file mode 100644
index 0000000..dbc297a
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-dummy.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "/Users/klund/dev/gemfire/open/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/templates/authz6_0.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>reader0</user>
+ <user>reader1</user>
+ <user>reader2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="writer">
+ <user>writer0</user>
+ <user>writer1</user>
+ <user>writer2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>reader3</user>
+ <user>reader4</user>
+ </role>
+
+ <role name="registerInterest">
+ <user>reader5</user>
+ <user>reader6</user>
+ </role>
+
+ <role name="unregisterInterest">
+ <user>reader5</user>
+ <user>reader7</user>
+ </role>
+
+ <role name="onRegionFunctionExecutor">
+ <user>reader8</user>
+ </role>
+
+ <role name="onServerFunctionExecutor">
+ <user>reader9</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ <operation>REGION_CREATE</operation>
+ <operation>REGION_DESTROY</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="onRegionFunctionExecutor" regions="secureRegion,Positions">
+ <operation>PUT</operation>
+ <operation functionIds="SecureFunction,OptimizationFunction" optimizeForWrite="false" keySet="KEY-0,KEY-1">EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="onServerFunctionExecutor" >
+ <operation>PUT</operation>
+ <operation functionIds="SecureFunction,OptimizationFunction">EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="registerInterest">
+ <operation>REGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+ <permission role="unregisterInterest">
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-ldap.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-ldap.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-ldap.xml
new file mode 100644
index 0000000..b291c02
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-ldap.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "/Users/klund/dev/gemfire/open/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/templates/authz5_5.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire3</user>
+ <user>gemfire4</user>
+ <user>gemfire5</user>
+ </role>
+
+ <role name="writer">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ <user>gemfire6</user>
+ <user>gemfire7</user>
+ <user>gemfire8</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>gemfire1</user>
+ <user>gemfire2</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>gemfire9</user>
+ <user>gemfire10</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ <operation>REGION_CREATE</operation>
+ <operation>REGION_DESTROY</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="Portfolios,/Positions//,/AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+</acl>
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-dummy.xml
----------------------------------------------------------------------
diff --git a/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-dummy.xml b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-dummy.xml
new file mode 100644
index 0000000..ff4a8bb
--- /dev/null
+++ b/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/authz-multiUser-dummy.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<!DOCTYPE acl PUBLIC "-//GemStone Systems, Inc.//GemFire XML Authorization 1.0//EN"
+ "/Users/klund/dev/gemfire/open/geode-core/src/test/resources/com/gemstone/gemfire/security/generator/lib/templates/authz6_0.dtd" >
+<acl>
+
+ <role name="reader">
+ <user>user1</user>
+ <user>user2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="writer">
+ <user>user3</user>
+ <user>user4</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="cacheOps">
+ <user>user1</user>
+ <user>user2</user>
+ <user>root</user>
+ <user>admin</user>
+ <user>administrator</user>
+ </role>
+
+ <role name="queryRegions">
+ <user>user5</user>
+ <user>user6</user>
+ </role>
+
+ <role name="registerInterest">
+ <user>user7</user>
+ <user>user8</user>
+ </role>
+
+ <role name="unregisterInterest">
+ <user>user5</user>
+ <user>user7</user>
+ </role>
+
+ <permission role="cacheOps">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="reader">
+ <operation>GET</operation>
+ <operation>REGISTER_INTEREST</operation>
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>KEY_SET</operation>
+ <operation>CONTAINS_KEY</operation>
+ <operation>EXECUTE_FUNCTION</operation>
+ </permission>
+
+ <permission role="writer">
+ <operation>PUT</operation>
+ <operation>PUTALL</operation>
+ <operation>DESTROY</operation>
+ <operation>INVALIDATE</operation>
+ <operation>REGION_CLEAR</operation>
+ </permission>
+
+ <permission role="queryRegions" regions="//Portfolios,/Positions/,AuthRegion">
+ <operation>QUERY</operation>
+ <operation>EXECUTE_CQ</operation>
+ <operation>STOP_CQ</operation>
+ <operation>CLOSE_CQ</operation>
+ </permission>
+
+ <permission role="registerInterest">
+ <operation>REGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+ <permission role="unregisterInterest">
+ <operation>UNREGISTER_INTEREST</operation>
+ <operation>GET</operation>
+ </permission>
+
+</acl>
[3/3] incubator-geode git commit: Repackage security test code and
resources
Posted by kl...@apache.org.
Repackage security test code and resources
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/67dc693b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/67dc693b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/67dc693b
Branch: refs/heads/feature/GEODE-949-2
Commit: 67dc693bb44d89bc18f2ee8389c8e70d1b4bdba6
Parents: 80757d9
Author: Kirk Lund <kl...@apache.org>
Authored: Tue Mar 15 13:10:00 2016 -0700
Committer: Kirk Lund <kl...@apache.org>
Committed: Tue Mar 15 13:10:00 2016 -0700
----------------------------------------------------------------------
.../CacheServerSSLConnectionDUnitTest.java | 124 ++----
.../security/AuthzCredentialGenerator.java | 445 ------------------
.../security/ClientAuthenticationDUnitTest.java | 4 +-
.../security/ClientAuthorizationDUnitTest.java | 4 +
.../security/ClientAuthorizationTestBase.java | 6 +-
.../security/ClientMultiUserAuthzDUnitTest.java | 2 +
.../gemfire/security/CredentialGenerator.java | 325 --------------
.../DeltaClientAuthorizationDUnitTest.java | 2 +
.../DeltaClientPostAuthorizationDUnitTest.java | 2 +
.../security/DummyAuthzCredentialGenerator.java | 129 ------
.../security/DummyCredentialGenerator.java | 89 ----
.../security/LdapUserCredentialGenerator.java | 154 -------
.../security/P2PAuthenticationDUnitTest.java | 7 +-
.../security/PKCSCredentialGenerator.java | 115 -----
.../security/SSLCredentialGenerator.java | 120 -----
.../UserPasswordWithExtraPropsAuthInit.java | 66 ---
.../security/XmlAuthzCredentialGenerator.java | 257 -----------
.../generator/AuthzCredentialGenerator.java | 446 +++++++++++++++++++
.../security/generator/CredentialGenerator.java | 327 ++++++++++++++
.../DummyAuthzCredentialGenerator.java | 129 ++++++
.../generator/DummyCredentialGenerator.java | 89 ++++
.../generator/LdapUserCredentialGenerator.java | 154 +++++++
.../generator/PKCSCredentialGenerator.java | 115 +++++
.../generator/SSLCredentialGenerator.java | 121 +++++
.../UserPasswordWithExtraPropsAuthInit.java | 68 +++
.../generator/XmlAuthzCredentialGenerator.java | 257 +++++++++++
.../security/generator/lib/authz-dummy.xml | 124 ++++++
.../security/generator/lib/authz-ldap.xml | 83 ++++
.../generator/lib/authz-multiUser-dummy.xml | 104 +++++
.../generator/lib/authz-multiUser-ldap.xml | 81 ++++
.../generator/lib/keys/gemfire1.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire10.keystore | Bin 0 -> 1546 bytes
.../generator/lib/keys/gemfire11.keystore | Bin 0 -> 1546 bytes
.../generator/lib/keys/gemfire2.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire3.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire4.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire5.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire6.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire7.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire8.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/gemfire9.keystore | Bin 0 -> 1536 bytes
.../generator/lib/keys/ibm/gemfire1.keystore | Bin 0 -> 1426 bytes
.../generator/lib/keys/ibm/gemfire10.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire11.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire2.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire3.keystore | Bin 0 -> 1426 bytes
.../generator/lib/keys/ibm/gemfire4.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire5.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire6.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire7.keystore | Bin 0 -> 1426 bytes
.../generator/lib/keys/ibm/gemfire8.keystore | Bin 0 -> 1434 bytes
.../generator/lib/keys/ibm/gemfire9.keystore | Bin 0 -> 1426 bytes
.../generator/lib/keys/ibm/publickeyfile | Bin 0 -> 4535 bytes
.../security/generator/lib/keys/publickeyfile | Bin 0 -> 4535 bytes
.../gemfire/security/templates/authz5_5.dtd | 105 +++++
.../gemfire/security/templates/authz6_0.dtd | 110 +++++
.../src/test/resources/lib/authz-dummy.xml | 126 ------
.../src/test/resources/lib/authz-ldap.xml | 85 ----
.../resources/lib/authz-multiUser-dummy.xml | 106 -----
.../test/resources/lib/authz-multiUser-ldap.xml | 83 ----
.../test/resources/lib/keys/gemfire1.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire10.keystore | Bin 1546 -> 0 bytes
.../test/resources/lib/keys/gemfire11.keystore | Bin 1546 -> 0 bytes
.../test/resources/lib/keys/gemfire2.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire3.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire4.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire5.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire6.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire7.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire8.keystore | Bin 1536 -> 0 bytes
.../test/resources/lib/keys/gemfire9.keystore | Bin 1536 -> 0 bytes
.../resources/lib/keys/ibm/gemfire1.keystore | Bin 1426 -> 0 bytes
.../resources/lib/keys/ibm/gemfire10.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire11.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire2.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire3.keystore | Bin 1426 -> 0 bytes
.../resources/lib/keys/ibm/gemfire4.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire5.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire6.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire7.keystore | Bin 1426 -> 0 bytes
.../resources/lib/keys/ibm/gemfire8.keystore | Bin 1434 -> 0 bytes
.../resources/lib/keys/ibm/gemfire9.keystore | Bin 1426 -> 0 bytes
.../test/resources/lib/keys/ibm/publickeyfile | Bin 4535 -> 0 bytes
.../src/test/resources/lib/keys/publickeyfile | Bin 4535 -> 0 bytes
.../resources/templates/security/authz5_5.dtd | 105 -----
.../resources/templates/security/authz6_0.dtd | 110 -----
.../security/ClientAuthzObjectModDUnitTest.java | 3 +
.../ClientCQPostAuthorizationDUnitTest.java | 2 +
.../ClientPostAuthorizationDUnitTest.java | 2 +
.../gemfire/security/MultiuserAPIDUnitTest.java | 2 +
.../MultiuserDurableCQAuthzDUnitTest.java | 4 +-
91 files changed, 2391 insertions(+), 2401 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/cache/client/internal/CacheServerSSLConnectionDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
index 5fa4fc4..c59ed4f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/cache/client/internal/CacheServerSSLConnectionDUnitTest.java
@@ -41,27 +41,25 @@ import com.gemstone.gemfire.util.test.TestUtil;
/**
* Tests cacheserver ssl support added. See https://svn.gemstone.com/trac/gemfire/ticket/48995 for details
- * @author tushark
- *
*/
public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
private static final long serialVersionUID = 1L;
- private Cache cache;
- private CacheServer cacheServer;
- private ClientCache clientCache;
- private int cacheServerPort;
- private String hostName;
-
+
private static final String TRUSTED_STORE = "trusted.keystore";
private static final String CLIENT_KEY_STORE = "client.keystore";
private static final String CLIENT_TRUST_STORE = "client.truststore";
private static final String SERVER_KEY_STORE = "cacheserver.keystore";
private static final String SERVER_TRUST_STORE = "cacheserver.truststore";
-
+
private static CacheServerSSLConnectionDUnitTest instance = new CacheServerSSLConnectionDUnitTest("CacheServerSSLConnectionDUnit");
-
-
+
+ private Cache cache;
+ private CacheServer cacheServer;
+ private ClientCache clientCache;
+ private int cacheServerPort;
+ private String hostName;
+
public void setUp() throws Exception {
disconnectAllFromDS();
super.setUp();
@@ -224,7 +222,7 @@ public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
instance.doServerRegionTest();
}
- public static Object[] getCacheServerEndPointTask() {
+ public static Object[] getCacheServerEndPointTask() { // TODO: avoid Object[]
Object[] array = new Object[2];
array[0] = instance.getCacheServerHost();
array[1] = instance.getCacheServerPort();
@@ -252,23 +250,16 @@ public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
boolean cacheClientSslenabled = true;
boolean cacheClientSslRequireAuth = true;
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.setUpServerVMTask(cacheServerSslenabled));
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.createServerTask());
+ serverVM.invoke(() -> setUpServerVMTask(cacheServerSslenabled));
+ serverVM.invoke(() -> createServerTask());
- Object array[] = (Object[])serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.getCacheServerEndPointTask());
+ Object array[] = (Object[])serverVM.invoke(() -> getCacheServerEndPointTask());
String hostName = (String)array[0];
int port = (Integer) array[1];
- Object params[] = new Object[6];
- params[0] = hostName;
- params[1] = port;
- params[2] = cacheClientSslenabled;
- params[3] = cacheClientSslRequireAuth;
- params[4] = CLIENT_KEY_STORE;
- params[5] = CLIENT_TRUST_STORE;
- //getLogWriter().info("Starting client with server endpoint " + hostName + ":" + port);
- clientVM.invoke(CacheServerSSLConnectionDUnitTest.class, "setUpClientVMTask", params);
- clientVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doClientRegionTestTask());
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doServerRegionTestTask());
+
+ clientVM.invoke(() -> setUpClientVMTask(hostName, port, cacheClientSslenabled, cacheClientSslRequireAuth, CLIENT_KEY_STORE, CLIENT_TRUST_STORE));
+ clientVM.invoke(() -> doClientRegionTestTask());
+ serverVM.invoke(() -> doServerRegionTestTask());
}
@@ -282,27 +273,21 @@ public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
boolean cacheClientSslenabled = false;
boolean cacheClientSslRequireAuth = true;
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.setUpServerVMTask(cacheServerSslenabled));
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.createServerTask());
+ serverVM.invoke(() -> setUpServerVMTask(cacheServerSslenabled));
+ serverVM.invoke(() -> createServerTask());
- Object array[] = (Object[])serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.getCacheServerEndPointTask());
+ Object array[] = (Object[])serverVM.invoke(() -> getCacheServerEndPointTask());
String hostName = (String)array[0];
int port = (Integer) array[1];
- Object params[] = new Object[6];
- params[0] = hostName;
- params[1] = port;
- params[2] = cacheClientSslenabled;
- params[3] = cacheClientSslRequireAuth;
- params[4] = TRUSTED_STORE;
- params[5] = TRUSTED_STORE;
+
IgnoredException expect = IgnoredException.addIgnoredException("javax.net.ssl.SSLException", serverVM);
IgnoredException expect2 = IgnoredException.addIgnoredException("IOException", serverVM);
try{
- //getLogWriter().info("Starting client with server endpoint " + hostName + ":" + port);
- clientVM.invoke(CacheServerSSLConnectionDUnitTest.class, "setUpClientVMTaskNoSubscription", params);
- clientVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doClientRegionTestTask());
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doServerRegionTestTask());
+ clientVM.invoke(() -> setUpClientVMTaskNoSubscription(hostName, port, cacheClientSslenabled, cacheClientSslRequireAuth, TRUSTED_STORE, TRUSTED_STORE));
+ clientVM.invoke(() -> doClientRegionTestTask());
+ serverVM.invoke(() -> doServerRegionTestTask());
fail("Test should fail as non-ssl client is trying to connect to ssl configured server");
+
} catch (Exception rmiException) {
Throwable e = rmiException.getCause();
//getLogWriter().info("ExceptionCause at clientVM " + e);
@@ -330,24 +315,18 @@ public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
boolean cacheClientSslenabled = true;
boolean cacheClientSslRequireAuth = false;
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.setUpServerVMTask(cacheServerSslenabled));
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.createServerTask());
+ serverVM.invoke(() -> setUpServerVMTask(cacheServerSslenabled));
+ serverVM.invoke(() -> createServerTask());
- Object array[] = (Object[])serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.getCacheServerEndPointTask());
+ Object array[] = (Object[])serverVM.invoke(() -> getCacheServerEndPointTask());
String hostName = (String)array[0];
int port = (Integer) array[1];
- Object params[] = new Object[6];
- params[0] = hostName;
- params[1] = port;
- params[2] = cacheClientSslenabled;
- params[3] = cacheClientSslRequireAuth;
- params[4] = CLIENT_KEY_STORE;
- params[5] = CLIENT_TRUST_STORE;
- //getLogWriter().info("Starting client with server endpoint " + hostName + ":" + port);
+
try {
- clientVM.invoke(CacheServerSSLConnectionDUnitTest.class, "setUpClientVMTask", params);
+ clientVM.invoke(() -> setUpClientVMTask(hostName, port, cacheClientSslenabled, cacheClientSslRequireAuth, CLIENT_KEY_STORE, CLIENT_TRUST_STORE));
clientVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doClientRegionTestTask());
serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doServerRegionTestTask());
+
} catch (Exception rmiException) {
Throwable e = rmiException.getCause();
//getLogWriter().info("ExceptionCause at clientVM " + e);
@@ -372,41 +351,22 @@ public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
boolean cacheClientSslenabled = true;
boolean cacheClientSslRequireAuth = true;
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.setUpServerVMTask(cacheServerSslenabled));
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.createServerTask());
+ serverVM.invoke(() -> setUpServerVMTask(cacheServerSslenabled));
+ serverVM.invoke(() -> createServerTask());
- Object array[] = (Object[])serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.getCacheServerEndPointTask());
+ Object array[] = (Object[])serverVM.invoke(() -> getCacheServerEndPointTask());
String hostName = (String)array[0];
int port = (Integer) array[1];
- Object params[] = new Object[6];
- params[0] = hostName;
- params[1] = port;
- params[2] = cacheClientSslenabled;
- params[3] = cacheClientSslRequireAuth;
- params[4] = TRUSTED_STORE;
- params[5] = TRUSTED_STORE;
+
IgnoredException expect = IgnoredException.addIgnoredException("javax.net.ssl.SSLHandshakeException", serverVM);
try{
- //getLogWriter().info("Starting client with server endpoint " + hostName + ":" + port);
- clientVM.invoke(CacheServerSSLConnectionDUnitTest.class, "setUpClientVMTask", params);
- clientVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doClientRegionTestTask());
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.doServerRegionTestTask());
+ clientVM.invoke(() -> setUpClientVMTask(hostName, port, cacheClientSslenabled, cacheClientSslRequireAuth, TRUSTED_STORE, TRUSTED_STORE));
+ clientVM.invoke(() -> doClientRegionTestTask());
+ serverVM.invoke(() -> doServerRegionTestTask());
fail("Test should fail as ssl client with ssl enabled is trying to connect to server with ssl disabled");
- }catch (Exception rmiException) {
-
+
+ } catch (Exception rmiException) {
//ignore
-
- /*Throwable e = rmiException.getCause();
- getLogWriter().info("ExceptionCause at clientVM " + e);
- if (e instanceof com.gemstone.gemfire.cache.client.ServerOperationException) {
- Throwable t = e.getCause();
- getLogWriter().info("Cause is " + t);
- assertTrue(t instanceof com.gemstone.gemfire.security.AuthenticationRequiredException);
- } else {
- getLogWriter().error("Unexpected exception ", e);
- fail("Unexpected Exception...expected "
- + AuthenticationRequiredException.class);
- }*/
} finally {
expect.remove();
}
@@ -417,8 +377,8 @@ public class CacheServerSSLConnectionDUnitTest extends DistributedTestCase {
final Host host = Host.getHost(0);
VM serverVM = host.getVM(1);
VM clientVM = host.getVM(2);
- clientVM.invoke(() -> CacheServerSSLConnectionDUnitTest.closeClientCacheTask());
- serverVM.invoke(() -> CacheServerSSLConnectionDUnitTest.closeCacheTask());
+ clientVM.invoke(() -> closeClientCacheTask());
+ serverVM.invoke(() -> closeCacheTask());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/AuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/AuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/AuthzCredentialGenerator.java
deleted file mode 100755
index 821f8fa..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/AuthzCredentialGenerator.java
+++ /dev/null
@@ -1,445 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.internal.logging.LogService;
-import com.gemstone.gemfire.security.templates.DummyAuthorization;
-import com.gemstone.gemfire.security.templates.XmlAuthorization;
-import org.apache.logging.log4j.Logger;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-/**
- * Encapsulates obtaining authorized and unauthorized credentials for a given
- * operation in a region. Implementations will be for different kinds of
- * authorization scheme and authentication scheme combos.
- *
- * @since 5.5
- */
-public abstract class AuthzCredentialGenerator {
-
- private static final Logger logger = LogService.getLogger();
-
- /**
- * The {@link CredentialGenerator} being used.
- */
- protected CredentialGenerator generator;
-
- /**
- * A set of system properties that should be added to the gemfire system
- * properties before using the authorization module.
- */
- private Properties systemProperties;
-
- /**
- * A factory method to create a new instance of an
- * {@link AuthzCredentialGenerator} for the given {@link ClassCode}. Caller
- * is supposed to invoke {@link AuthzCredentialGenerator#init} immediately
- * after obtaining the instance.
- *
- * @param classCode
- * the {@code ClassCode} of the {@code AuthzCredentialGenerator}
- * implementation
- *
- * @return an instance of {@code AuthzCredentialGenerator} for the given
- * class code
- */
- public static AuthzCredentialGenerator create(final ClassCode classCode) {
- switch (classCode.classType) {
- case ClassCode.ID_DUMMY:
- return new DummyAuthzCredentialGenerator();
- case ClassCode.ID_XML:
- return new XmlAuthzCredentialGenerator();
- default:
- return null;
- }
- }
-
- /**
- * Initialize the authorized credential generator.
- *
- * @param generator
- * an instance of {@link CredentialGenerator} of the credential
- * implementation for which to obtain authorized/unauthorized
- * credentials.
- *
- * @return false when the given {@link CredentialGenerator} is incompatible
- * with this authorization module.
- */
- public boolean init(final CredentialGenerator generator) {
- this.generator = generator;
- try {
- this.systemProperties = init();
- } catch (IllegalArgumentException ex) {
- return false;
- }
- return true;
- }
-
- /**
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getSystemProperties() {
- return this.systemProperties;
- }
-
- /**
- * Get the {@link CredentialGenerator} being used by this instance.
- */
- public CredentialGenerator getCredentialGenerator() {
- return this.generator;
- }
-
- /**
- * Initialize the authorized credential generator.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- *
- * @throws IllegalArgumentException when the {@link CredentialGenerator} is
- * incompatible with this authorization module.
- */
- protected abstract Properties init() throws IllegalArgumentException;
-
- /**
- * The {@link ClassCode} of the particular implementation.
- *
- * @return the {@code ClassCode}
- */
- public abstract ClassCode classCode();
-
- /**
- * The name of the {@link AccessControl} factory function that should be used
- * as the authorization module on the server side.
- *
- * @return name of the {@code AccessControl} factory function
- */
- public abstract String getAuthorizationCallback();
-
- /**
- * Get a set of credentials generated using the given index allowed to perform
- * the given {@link OperationCode}s for the given regions.
- *
- * @param opCodes
- * the list of {@link OperationCode}s of the operations requiring
- * authorization; should not be null
- * @param regionNames
- * list of the region names requiring authorization; a value of
- * null indicates all regions
- * @param index
- * used to generate multiple such credentials by passing different
- * values for this
- *
- * @return the set of credentials authorized to perform the given operation in
- * the given regions
- */
- public Properties getAllowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- int numTries = getNumPrincipalTries(opCodes, regionNames);
- if (numTries <= 0) {
- numTries = 1;
- }
-
- for (int tries = 0; tries < numTries; tries++) {
- final Principal principal = getAllowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
- try {
- return this.generator.getValidCredentials(principal);
- } catch (IllegalArgumentException ex) {
- }
- }
- return null;
- }
-
- /**
- * Get a set of credentials generated using the given index not allowed to
- * perform the given {@link OperationCode}s for the given regions. The
- * credentials are required to be valid for authentication.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization failure; should not be null
- * @param regionNames
- * list of the region names requiring authorization failure; a value
- * of null indicates all regions
- * @param index
- * used to generate multiple such credentials by passing different
- * values for this
- *
- * @return the set of credentials that are not authorized to perform the given
- * operation in the given region
- */
- public Properties getDisallowedCredentials(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- // This may not be very correct since we use the value of
- // getNumPrincipalTries() but is used to avoid adding another method.
- // Also something like getNumDisallowedPrincipals() will be normally always
- // infinite, and the number here is just to perform some number of tries
- // before giving up.
-
- int numTries = getNumPrincipalTries(opCodes, regionNames);
- if (numTries <= 0) {
- numTries = 1;
- }
-
- for (int tries = 0; tries < numTries; tries++) {
- final Principal principal = getDisallowedPrincipal(opCodes, regionNames, (index + tries) % numTries);
- try {
- return this.generator.getValidCredentials(principal);
- } catch (IllegalArgumentException ex) {
- }
- }
- return null;
- }
-
- /**
- * Get the number of tries to be done for obtaining valid credentials for the
- * given operations in the given region. It is required that
- * {@link #getAllowedPrincipal} method returns valid principals for values of
- * {@code index} from 0 through (n-1) where {@code n} is the
- * value returned by this method. It is recommended that the principals so
- * returned be unique for efficiency.
- *
- * This will be used by {@link #getAllowedCredentials} to step through
- * different principals and obtain a set of valid credentials.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization
- * @param regionNames
- * list of the region names requiring authorization; a value of null
- * indicates all regions
- *
- * @return the number of principals allowed to perform the given operation in
- * the given region
- */
- protected abstract int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames);
-
- /**
- * Get a {@link Principal} generated using the given index allowed to perform
- * the given {@link OperationCode}s for the given region.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization
- * @param regionNames
- * list of the region names requiring authorization; a value of null
- * indicates all regions
- * @param index
- * used to generate multiple such principals by passing different
- * values for this
- *
- * @return the {@link Principal} authorized to perform the given operation in
- * the given region
- */
- protected abstract Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
-
- /**
- * Get a {@link Principal} generated using the given index not allowed to
- * perform the given {@link OperationCode}s for the given region.
- *
- * Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @param opCodes
- * the {@link OperationCode}s of the operations requiring
- * authorization failure
- * @param regionNames
- * list of the region names requiring authorization failure; a value
- * of null indicates all regions
- * @param index
- * used to generate multiple such principals by passing different
- * values for this
- *
- * @return a {@link Principal} not authorized to perform the given operation
- * in the given region
- */
- protected abstract Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index);
-
- /**
- * Enumeration for various {@link AuthzCredentialGenerator} implementations.
- *
- * <p>The following schemes are supported as of now:
- * <ul>
- * <li>{@code DummyAuthorization} with {@code DummyAuthenticator}</li>
- * <li>{@code XMLAuthorization} with {@code DummyAuthenticator}</li>
- * <li>{@code XMLAuthorization} with {@code LDAPAuthenticator}</li>
- * <li>{@code XMLAuthorization} with {@code PKCSAuthenticator}</li>
- * <li>{@code XMLAuthorization} when using SSL sockets</li>
- * </ul>
- *
- * <p>To add a new authorization scheme the following needs to be done:
- * <ul>
- * <li>Add implementation for {@link AccessControl}.</li>
- * <li>Choose the authentication schemes that it shall work with from
- * {@link CredentialGenerator.ClassCode}</li>
- * <li>Add a new enumeration value for the scheme in this class. Notice the
- * size of {@code VALUES} array and increase that if it is getting
- * overflowed. Note the methods and fields for existing schemes and add for
- * the new one in a similar manner.</li>
- * <li>Add an implementation for {@link AuthzCredentialGenerator}. Note the
- * {@link AuthzCredentialGenerator#init} method where different authentication
- * schemes can be passed and initialize differently for the authentication
- * schemes that shall be handled.</li>
- * <li>Modify the {@link AuthzCredentialGenerator#create} method to add
- * creation of an instance of the new implementation for the
- * {@code ClassCode} enumeration value.</li>
- * </ul>
- *
- * <p>All dunit tests will automagically start testing the new implementation
- * after this.
- *
- * @since 5.5
- */
- public static final class ClassCode {
-
- private static byte nextOrdinal = 0;
-
- private static final byte ID_DUMMY = 1;
- private static final byte ID_XML = 2;
-
- private static final ClassCode[] VALUES = new ClassCode[10];
- private static final Map CODE_NAME_MAP = new HashMap();
-
- public static final ClassCode DUMMY = new ClassCode(DummyAuthorization.class.getName() + ".create", ID_DUMMY);
- public static final ClassCode XML = new ClassCode(XmlAuthorization.class.getName() + ".create", ID_XML);
-
- /** The name of this class. */
- private final String name;
-
- /** byte used as ordinal to represent this class */
- private final byte ordinal;
-
- /**
- * One of the following: ID_DUMMY, ID_LDAP, ID_PKI
- */
- private final byte classType;
-
- /** Creates a new instance of class code. */
- private ClassCode(final String name, final byte classType) {
- this.name = name;
- this.classType = classType;
- this.ordinal = nextOrdinal++;
- VALUES[this.ordinal] = this;
- CODE_NAME_MAP.put(name, this);
- }
-
- public boolean isDummy() {
- return this.classType == ID_DUMMY;
- }
-
- public boolean isXml() {
- return this.classType == ID_XML;
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified ordinal.
- */
- public static ClassCode fromOrdinal(final byte ordinal) {
- return VALUES[ordinal];
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified string.
- */
- public static ClassCode parse(final String operationName) {
- return (ClassCode) CODE_NAME_MAP.get(operationName);
- }
-
- /**
- * Returns all the possible values.
- */
- public static List getAll() {
- final List codes = new ArrayList();
- for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
- codes.add(iter.next());
- }
- return codes;
- }
-
- /**
- * Returns the ordinal for this class code.
- *
- * @return the ordinal of this class code.
- */
- public byte toOrdinal() {
- return this.ordinal;
- }
-
- /**
- * Returns a string representation for this class code.
- *
- * @return the name of this class code.
- */
- @Override
- public final String toString() {
- return this.name;
- }
-
- /**
- * Indicates whether other object is same as this one.
- *
- * @return true if other object is same as this one.
- */
- @Override
- public final boolean equals(final Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof ClassCode)) {
- return false;
- }
- final ClassCode other = (ClassCode)obj;
- return other.ordinal == this.ordinal;
- }
-
- /**
- * Indicates whether other {@code ClassCode} is same as this one.
- *
- * @return true if other {@code ClassCode} is same as this one.
- */
- public final boolean equals(final ClassCode opCode) {
- return opCode != null && opCode.ordinal == this.ordinal;
- }
-
- /**
- * Returns a hash code value for this {@code ClassCode} which is the
- * same as its ordinal.
- *
- * @return the ordinal of this {@code ClassCode}.
- */
- @Override
- public final int hashCode() {
- return this.ordinal;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
index cdc0ecf..739dd42 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java
@@ -24,11 +24,13 @@ import java.util.Properties;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
-import com.gemstone.gemfire.security.CredentialGenerator.ClassCode;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator.ClassCode;
import com.gemstone.gemfire.cache.Region;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
import com.gemstone.gemfire.test.dunit.DistributedTestCase;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
index 1c32e80..e3d8ccf 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationDUnitTest.java
@@ -28,6 +28,10 @@ import java.util.Properties;
import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
import com.gemstone.gemfire.test.dunit.LogWriterUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
index e904bcf..d49c423 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthorizationTestBase.java
@@ -31,7 +31,8 @@ import java.util.Properties;
import java.util.Random;
import java.util.Set;
-import com.gemstone.gemfire.security.AuthzCredentialGenerator.ClassCode;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator.ClassCode;
import com.gemstone.gemfire.cache.DynamicRegionFactory;
import com.gemstone.gemfire.cache.InterestResultPolicy;
@@ -57,6 +58,9 @@ import com.gemstone.gemfire.internal.AvailablePort.Keeper;
import com.gemstone.gemfire.internal.cache.AbstractRegionEntry;
import com.gemstone.gemfire.internal.cache.LocalRegion;
import com.gemstone.gemfire.internal.util.Callable;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.security.generator.XmlAuthzCredentialGenerator;
import com.gemstone.gemfire.test.dunit.Assert;
import com.gemstone.gemfire.test.dunit.DistributedTestCase;
import com.gemstone.gemfire.test.dunit.LogWriterUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
index 0a71c0b..325f0bb 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientMultiUserAuthzDUnitTest.java
@@ -24,6 +24,8 @@ package com.gemstone.gemfire.security;
import java.util.Iterator;
import java.util.Properties;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
import com.gemstone.gemfire.test.dunit.VM;
import com.gemstone.gemfire.cache.Region;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/CredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/CredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/CredentialGenerator.java
deleted file mode 100755
index 7bee0ef..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/CredentialGenerator.java
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import com.gemstone.gemfire.security.templates.DummyAuthenticator;
-import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
-import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
-
-/**
- * Encapsulates obtaining valid and invalid credentials. Implementations will be
- * for different kinds of authentication schemes.
- *
- * @since 5.5
- */
-public abstract class CredentialGenerator {
-
- /**
- * A set of properties that should be added to the Gemfire system properties
- * before using the authentication module.
- */
- private Properties systemProperties = null;
-
- /**
- * A set of properties that should be added to the java system properties
- * before using the authentication module.
- */
- protected Properties javaProperties = null;
-
- /**
- * A factory method to create a new instance of an {@link CredentialGenerator}
- * for the given {@link ClassCode}. Caller is supposed to invoke
- * {@link CredentialGenerator#init} immediately after obtaining the instance.
- *
- * @param classCode
- * the {@code ClassCode} of the {@code CredentialGenerator}
- * implementation
- *
- * @return an instance of {@code CredentialGenerator} for the given class
- * code
- */
- public static CredentialGenerator create(final ClassCode classCode) {
- switch (classCode.classType) {
- // Removing dummy one to reduce test run times
- // case ClassCode.ID_DUMMY:
- // return new DummyCredentialGenerator();
- case ClassCode.ID_LDAP:
- return new LdapUserCredentialGenerator();
- // case ClassCode.ID_SSL:ΓΈ
- // return new SSLCredentialGenerator();
- case ClassCode.ID_PKCS:
- return new PKCSCredentialGenerator();
- default:
- return null;
- }
- }
-
- /**
- * Initialize the credential generator.
- *
- * @throws IllegalArgumentException when there is a problem during
- * initialization
- */
- public void init() throws IllegalArgumentException {
- this.systemProperties = initialize();
- }
-
- /**
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getSystemProperties() {
- return this.systemProperties;
- }
-
- /**
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- */
- public Properties getJavaProperties() {
- return this.javaProperties;
- }
-
- /**
- * The {@link ClassCode} of this particular implementation.
- *
- * @return the {@code ClassCode}
- */
- public abstract ClassCode classCode();
-
- /**
- * The name of the {@link AuthInitialize} factory function that should be used
- * in conjunction with the credentials generated by this generator.
- *
- * @return name of the {@code AuthInitialize} factory function
- */
- public abstract String getAuthInit();
-
- /**
- * The name of the {@link Authenticator} factory function that should be used
- * in conjunction with the credentials generated by this generator.
- *
- * @return name of the {@code Authenticator} factory function
- */
- public abstract String getAuthenticator();
-
- /**
- * Get a set of valid credentials generated using the given index.
- */
- public abstract Properties getValidCredentials(final int index);
-
- /**
- * Get a set of valid credentials for the given {@link Principal}.
- *
- * @return credentials for the given {@code Principal} or null if none
- * possible.
- */
- public abstract Properties getValidCredentials(final Principal principal);
-
- /**
- * Get a set of invalid credentials generated using the given index.
- */
- public abstract Properties getInvalidCredentials(final int index);
-
- /**
- * Initialize the credential generator. This is provided separately from the
- * {@link #init()} method for convenience of implementations so that they do not
- * need to store in {@link #systemProperties}. The latter is convenient for the users
- * who do not need to store these properties rather can obtain it later by
- * invoking {@link #getSystemProperties()}
- *
- * <p>Required to be implemented by concrete classes that implement this abstract
- * class.
- *
- * @return A set of extra properties that should be added to Gemfire system
- * properties when not null.
- *
- * @throws IllegalArgumentException when there is a problem during
- * initialization
- */
- protected abstract Properties initialize() throws IllegalArgumentException;
-
- /**
- * Enumeration for various {@link CredentialGenerator} implementations.
- *
- * <p>The following schemes are supported as of now:
- * {@code DummyAuthenticator}, {@code LdapUserAuthenticator},
- * {@code PKCSAuthenticator}. In addition SSL socket mode with mutual
- * authentication is also supported.
- *
- * <p>To add a new authentication scheme the following needs to be done:
- * <ul>
- * <li>Add implementations for {@link AuthInitialize} and
- * {@link Authenticator} classes for clients/peers.</li>
- * <li>Add a new enumeration value for the scheme in this class. Notice the
- * size of {@code VALUES} array and increase that if it is getting
- * overflowed. Note the methods and fields for existing schemes and add for
- * the new one in a similar manner.</li>
- * <li>Add an implementation for {@link CredentialGenerator}.</li>
- * <li>Modify the CredentialGenerator.Factory#create [no such Factory exists] method to add
- * creation of an instance of the new implementation for the
- * {@code ClassCode} enumeration value.</li>
- * </ul>
- *
- * <p>All security dunit tests will automagically start testing the new
- * implementation after this.
- *
- * @since 5.5
- */
- public static final class ClassCode {
-
- private static byte nextOrdinal = 0;
-
- private static final byte ID_DUMMY = 1;
- private static final byte ID_LDAP = 2;
- private static final byte ID_PKCS = 3;
- private static final byte ID_SSL = 4;
-
- private static final ClassCode[] VALUES = new ClassCode[10];
- private static final Map CODE_NAME_MAP = new HashMap();
-
- public static final ClassCode DUMMY = new ClassCode(DummyAuthenticator.class.getName() + ".create", ID_DUMMY);
- public static final ClassCode LDAP = new ClassCode(LdapUserAuthenticator.class.getName() + ".create", ID_LDAP);
- public static final ClassCode PKCS = new ClassCode(PKCSAuthenticator.class.getName() + ".create", ID_PKCS);
- public static final ClassCode SSL = new ClassCode("SSL", ID_SSL);
-
- /** The name of this class. */
- private final String name;
-
- /** byte used as ordinal to represent this class */
- private final byte ordinal;
-
- /**
- * One of the following: ID_DUMMY, ID_LDAP, ID_PKCS
- */
- private final byte classType;
-
- /** Creates a new instance of class code. */
- private ClassCode(final String name, final byte classType) {
- this.name = name;
- this.classType = classType;
- this.ordinal = nextOrdinal++;
- VALUES[this.ordinal] = this;
- CODE_NAME_MAP.put(name, this);
- }
-
- public boolean isDummy() {
- return this.classType == ID_DUMMY;
- }
-
- public boolean isLDAP() {
- return this.classType == ID_LDAP;
- }
-
- public boolean isPKCS() {
- return this.classType == ID_PKCS;
- }
-
- public boolean isSSL() {
- return this.classType == ID_SSL;
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified ordinal.
- */
- public static ClassCode fromOrdinal(final byte ordinal) {
- return VALUES[ordinal];
- }
-
- /**
- * Returns the {@code ClassCode} represented by specified string.
- */
- public static ClassCode parse(final String operationName) {
- return (ClassCode) CODE_NAME_MAP.get(operationName);
- }
-
- /**
- * Returns all the possible values.
- */
- public static List getAll() {
- final List codes = new ArrayList();
- for (Iterator iter = CODE_NAME_MAP.values().iterator(); iter.hasNext();) {
- codes.add(iter.next());
- }
- return codes;
- }
-
- /**
- * Returns the ordinal for this operation code.
- *
- * @return the ordinal of this operation.
- */
- public byte toOrdinal() {
- return this.ordinal;
- }
-
- /**
- * Returns a string representation for this operation.
- *
- * @return the name of this operation.
- */
- @Override
- public final String toString() {
- return this.name;
- }
-
- /**
- * Indicates whether other object is same as this one.
- *
- * @return true if other object is same as this one.
- */
- @Override
- public final boolean equals(final Object obj) {
- if (obj == this) {
- return true;
- }
- if (!(obj instanceof ClassCode)) {
- return false;
- }
- final ClassCode other = (ClassCode)obj;
- return other.ordinal == this.ordinal;
- }
-
- /**
- * Indicates whether other {@code ClassCode} is same as this one.
- *
- * @return true if other {@code ClassCode} is same as this one.
- */
- public final boolean equals(final ClassCode opCode) {
- return opCode != null && opCode.ordinal == this.ordinal;
- }
-
- /**
- * Returns a hash code value for this {@code ClassCode} which is the
- * same as its ordinal.
- *
- * @return the ordinal of this operation.
- */
- @Override
- public final int hashCode() {
- return this.ordinal;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
index d63df52..a7d6131 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientAuthorizationDUnitTest.java
@@ -29,6 +29,8 @@ import com.gemstone.gemfire.cache.client.NoAvailableServersException;
import com.gemstone.gemfire.cache.client.ServerConnectivityException;
import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
import com.gemstone.gemfire.internal.cache.PartitionedRegionLocalMaxMemoryDUnitTest.TestObject1;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
import com.gemstone.gemfire.test.dunit.Assert;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.LogWriterUtils;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
index 4a73b9b..090b96a 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/DeltaClientPostAuthorizationDUnitTest.java
@@ -37,6 +37,8 @@ import com.gemstone.gemfire.cache.query.CqException;
import com.gemstone.gemfire.cache.query.QueryInvocationTargetException;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.util.Callable;
+import com.gemstone.gemfire.security.generator.AuthzCredentialGenerator;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
import com.gemstone.gemfire.test.dunit.Assert;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/DummyAuthzCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DummyAuthzCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DummyAuthzCredentialGenerator.java
deleted file mode 100755
index 7118752..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DummyAuthzCredentialGenerator.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Properties;
-import java.util.Set;
-
-import com.gemstone.gemfire.cache.operations.OperationContext.OperationCode;
-import com.gemstone.gemfire.security.templates.DummyAuthorization;
-import com.gemstone.gemfire.security.templates.UsernamePrincipal;
-
-public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator {
-
- public static final byte READER_ROLE = 1;
- public static final byte WRITER_ROLE = 2;
- public static final byte ADMIN_ROLE = 3;
-
- private static Set readerOpsSet;
- private static Set writerOpsSet;
-
- static {
- readerOpsSet = new HashSet();
- for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) {
- readerOpsSet.add(DummyAuthorization.READER_OPS[index]);
- }
-
- writerOpsSet = new HashSet();
- for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) {
- writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]);
- }
- }
-
- public static byte getRequiredRole(final OperationCode[] opCodes) {
- byte roleType = ADMIN_ROLE;
- boolean requiresReader = true;
- boolean requiresWriter = true;
-
- for (int opNum = 0; opNum < opCodes.length; opNum++) {
- if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) {
- requiresReader = false;
- }
- if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) {
- requiresWriter = false;
- }
- }
- if (requiresReader) {
- roleType = READER_ROLE;
- }
- else if (requiresWriter) {
- roleType = WRITER_ROLE;
- }
- return roleType;
- }
-
- @Override
- protected Properties init() throws IllegalArgumentException {
- if (!this.generator.classCode().isDummy()) {
- throw new IllegalArgumentException("DummyAuthorization module only works with DummyAuthenticator");
- }
- return null;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.DUMMY;
- }
-
- @Override
- public String getAuthorizationCallback() {
- return DummyAuthorization.class.getName() + ".create";
- }
-
- @Override
- protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- final byte roleType = getRequiredRole(opCodes);
- return getPrincipal(roleType, index);
- }
-
- @Override
- protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, final int index) {
- byte roleType = getRequiredRole(opCodes);
- byte disallowedRoleType;
- switch (roleType) {
- case READER_ROLE:
- disallowedRoleType = WRITER_ROLE;
- break;
- case WRITER_ROLE:
- disallowedRoleType = READER_ROLE;
- break;
- default:
- disallowedRoleType = READER_ROLE;
- break;
- }
- return getPrincipal(disallowedRoleType, index);
- }
-
- @Override
- protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) {
- return 5;
- }
-
- private Principal getPrincipal(final byte roleType, final int index) {
- String[] admins = new String[] { "root", "admin", "administrator" };
- switch (roleType) {
- case READER_ROLE:
- return new UsernamePrincipal("reader" + index);
- case WRITER_ROLE:
- return new UsernamePrincipal("writer" + index);
- default:
- return new UsernamePrincipal(admins[index % admins.length]);
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/DummyCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/DummyCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/DummyCredentialGenerator.java
deleted file mode 100755
index d6a0ad9..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/DummyCredentialGenerator.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.security.templates.DummyAuthenticator;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-
-import java.security.Principal;
-import java.util.Properties;
-
-public class DummyCredentialGenerator extends CredentialGenerator {
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- return null;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.DUMMY;
- }
-
- @Override
- public String getAuthInit() {
- return UserPasswordAuthInit.class.getName() + ".create";
- }
-
- @Override
- public String getAuthenticator() {
- return DummyAuthenticator.class.getName() + ".create";
- }
-
- @Override
- public Properties getValidCredentials(final int index) {
- final String[] validGroups = new String[] { "admin", "user", "reader", "writer" };
- final String[] admins = new String[] { "root", "admin", "administrator" };
-
- final Properties props = new Properties();
- final int groupNum = index % validGroups.length;
-
- String userName;
- if (groupNum == 0) {
- userName = admins[index % admins.length];
- } else {
- userName = validGroups[groupNum] + (index / validGroups.length);
- }
-
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- return props;
- }
-
- @Override
- public Properties getValidCredentials(final Principal principal) {
- final String userName = principal.getName();
-
- if (DummyAuthenticator.checkValidName(userName)) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- return props;
-
- } else {
- throw new IllegalArgumentException("Dummy: [" + userName + "] is not a valid user");
- }
- }
-
- @Override
- public Properties getInvalidCredentials(int index) {
- Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
- props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/LdapUserCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/LdapUserCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/LdapUserCredentialGenerator.java
deleted file mode 100755
index 0cea5c9..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/LdapUserCredentialGenerator.java
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-import com.gemstone.gemfire.internal.cache.tier.sockets.HandShake;
-import com.gemstone.gemfire.util.test.TestUtil;
-import com.gemstone.gemfire.security.templates.LdapUserAuthenticator;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-
-import java.security.Principal;
-import java.util.Properties;
-import java.util.Random;
-
-public class LdapUserCredentialGenerator extends CredentialGenerator {
-
- private static final String USER_PREFIX = "gemfire";
- private static final Random RANDOM = new Random();
- private static final String[] CIPHERS = new String[] { "", "DESede", "AES:128", "Blowfish:128" };
-
- private static boolean enableServerAuthentication = false;
-
- private boolean serverAuthEnabled = false;
-
- public LdapUserCredentialGenerator() {
- // Toggle server authentication enabled for each test
- // This is done instead of running all the tests with both
- // server auth enabled/disabled to reduce test run time.
- enableServerAuthentication = !enableServerAuthentication;
- this.serverAuthEnabled = enableServerAuthentication;
- }
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- final String ldapServer = System.getProperty("gf.ldap.server", "ldap");
- final String ldapBaseDN = System.getProperty("gf.ldap.basedn", "ou=ldapTesting,dc=pune,dc=gemstone,dc=com");
- final String ldapUseSSL = System.getProperty("gf.ldap.usessl");
-
- final Properties extraProps = new Properties();
- extraProps.setProperty(LdapUserAuthenticator.LDAP_SERVER_NAME, ldapServer);
- extraProps.setProperty(LdapUserAuthenticator.LDAP_BASEDN_NAME, ldapBaseDN);
-
- if (ldapUseSSL != null && ldapUseSSL.length() > 0) {
- extraProps.setProperty(LdapUserAuthenticator.LDAP_SSL_NAME, ldapUseSSL);
- }
-
- if (serverAuthEnabled) {
- String keyStoreFile = TestUtil.getResourcePath(LdapUserCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/gemfire1.keystore");
- extraProps.setProperty(HandShake.PRIVATE_KEY_FILE_PROP, keyStoreFile);
- extraProps.setProperty(HandShake.PRIVATE_KEY_ALIAS_PROP, "gemfire1");
- extraProps.setProperty(HandShake.PRIVATE_KEY_PASSWD_PROP, "gemfire");
- }
-
- return extraProps;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.LDAP;
- }
-
- @Override
- public String getAuthInit() {
- return UserPasswordAuthInit.class.getName() + ".create";
- }
-
- @Override
- public String getAuthenticator() {
- return LdapUserAuthenticator.class.getName() + ".create";
- }
-
- @Override
- public Properties getValidCredentials(final int index) {
- final Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, USER_PREFIX + ((index % 10) + 1));
- props.setProperty(UserPasswordAuthInit.PASSWORD, USER_PREFIX + ((index % 10) + 1));
- props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
-
- if (serverAuthEnabled) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
- props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
- props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
- }
-
- return props;
- }
-
- @Override
- public Properties getValidCredentials(final Principal principal) {
- Properties props = null;
- final String userName = principal.getName();
-
- if (userName != null && userName.startsWith(USER_PREFIX)) {
- boolean isValid;
-
- try {
- final int suffix = Integer.parseInt(userName.substring(USER_PREFIX.length()));
- isValid = (suffix >= 1 && suffix <= 10);
- } catch (Exception ex) {
- isValid = false;
- }
-
- if (isValid) {
- props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, userName);
- props.setProperty(UserPasswordAuthInit.PASSWORD, userName);
- }
- }
-
- if (props == null) {
- throw new IllegalArgumentException("LDAP: [" + userName + "] not a valid user");
- }
-
- props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
-
- if (serverAuthEnabled) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
- props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
- props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
- }
-
- return props;
- }
-
- @Override
- public Properties getInvalidCredentials(final int index) {
- final Properties props = new Properties();
- props.setProperty(UserPasswordAuthInit.USER_NAME, "invalid" + index);
- props.setProperty(UserPasswordAuthInit.PASSWORD, "none");
- props.setProperty(DistributionConfig.SECURITY_CLIENT_DHALGO_NAME, CIPHERS[RANDOM.nextInt(CIPHERS.length)]);
-
- if (serverAuthEnabled) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, PKCSCredentialGenerator.keyStoreDir + "/publickeyfile");
- props.setProperty(HandShake.PUBLIC_KEY_FILE_PROP, keyStoreFile);
- props.setProperty(HandShake.PUBLIC_KEY_PASSWD_PROP, "gemfire");
- }
-
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
index 1e44d4c..3af4e14 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/security/P2PAuthenticationDUnitTest.java
@@ -34,6 +34,10 @@ import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.distributed.internal.membership.MembershipManager;
import com.gemstone.gemfire.distributed.internal.membership.gms.MembershipManagerHelper;
import com.gemstone.gemfire.internal.AvailablePort;
+import com.gemstone.gemfire.security.generator.CredentialGenerator;
+import com.gemstone.gemfire.security.generator.DummyCredentialGenerator;
+import com.gemstone.gemfire.security.generator.LdapUserCredentialGenerator;
+import com.gemstone.gemfire.security.generator.UserPasswordWithExtraPropsAuthInit;
import com.gemstone.gemfire.test.dunit.DistributedTestCase;
import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
@@ -42,6 +46,7 @@ import com.gemstone.gemfire.test.dunit.NetworkUtils;
import com.gemstone.gemfire.test.dunit.VM;
import com.gemstone.gemfire.test.dunit.Wait;
+
/**
* Tests peer to peer authentication in Gemfire
*
@@ -493,7 +498,7 @@ public class P2PAuthenticationDUnitTest extends DistributedTestCase {
gen.init();
Properties extraProps = gen.getSystemProperties();
String authenticator = gen.getAuthenticator();
- String authInit = "security.UserPasswordWithExtraPropsAuthInit.create";
+ String authInit = UserPasswordWithExtraPropsAuthInit.class.getName() + ".create";
if (extraProps == null) {
extraProps = new Properties();
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/PKCSCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/PKCSCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/PKCSCredentialGenerator.java
deleted file mode 100755
index fe4ddd2..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/PKCSCredentialGenerator.java
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.util.test.TestUtil;
-import com.gemstone.gemfire.security.templates.PKCSAuthInit;
-import com.gemstone.gemfire.security.templates.PKCSAuthenticator;
-
-import java.security.Principal;
-import java.security.Provider;
-import java.security.Security;
-import java.util.Properties;
-
-public class PKCSCredentialGenerator extends CredentialGenerator {
-
- public static String keyStoreDir = getKeyStoreDir();
- public static boolean usesIBMJSSE;
-
- // Checks if the current JVM uses only IBM JSSE providers.
- private static boolean usesIBMProviders() {
- final Provider[] providers = Security.getProviders();
- for (int index = 0; index < providers.length; ++index) {
- if (!providers[index].getName().toLowerCase().startsWith("ibm")) {
- return false;
- }
- }
- return true;
- }
-
- private static String getKeyStoreDir() {
- usesIBMJSSE = usesIBMProviders();
- if (usesIBMJSSE) {
- return "/lib/keys/ibm";
- } else {
- return "/lib/keys";
- }
- }
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/publickeyfile");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthenticator.PUBLIC_KEY_FILE, keyStoreFile);
- props.setProperty(PKCSAuthenticator.PUBLIC_KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.PKCS;
- }
-
- @Override
- public String getAuthInit() {
- return PKCSAuthInit.class.getName() + ".create";
- }
-
- @Override
- public String getAuthenticator() {
- return PKCSAuthenticator.class.getName() + ".create";
- }
-
- @Override
- public Properties getInvalidCredentials(int index) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire11.keystore");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
- props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire11");
- props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-
- @Override
- public Properties getValidCredentials(int index) {
- final int aliasnum = (index % 10) + 1;
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + "/gemfire" + aliasnum + ".keystore");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
- props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, "gemfire" + aliasnum);
- props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-
- @Override
- public Properties getValidCredentials(Principal principal) {
- final String keyStoreFile = TestUtil.getResourcePath(PKCSCredentialGenerator.class, keyStoreDir + principal.getName() + ".keystore");
-
- final Properties props = new Properties();
- props.setProperty(PKCSAuthInit.KEYSTORE_FILE_PATH, keyStoreFile);
- props.setProperty(PKCSAuthInit.KEYSTORE_ALIAS, principal.getName());
- props.setProperty(PKCSAuthInit.KEYSTORE_PASSWORD, "gemfire");
-
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/SSLCredentialGenerator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/SSLCredentialGenerator.java b/geode-core/src/test/java/com/gemstone/gemfire/security/SSLCredentialGenerator.java
deleted file mode 100755
index bed8280..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/SSLCredentialGenerator.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.internal.logging.LogService;
-import org.apache.logging.log4j.Logger;
-
-import java.io.File;
-import java.io.IOException;
-import java.security.Principal;
-import java.util.Properties;
-
-public class SSLCredentialGenerator extends CredentialGenerator {
-
- private static final Logger logger = LogService.getLogger();
-
- @Override
- protected Properties initialize() throws IllegalArgumentException {
- this.javaProperties = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- @Override
- public ClassCode classCode() {
- return ClassCode.SSL;
- }
-
- @Override
- public String getAuthInit() {
- return null;
- }
-
- @Override
- public String getAuthenticator() {
- return null;
- }
-
- @Override
- public Properties getValidCredentials(int index) {
- this.javaProperties = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- @Override
- public Properties getValidCredentials(final Principal principal) {
- this.javaProperties = getValidJavaSSLProperties();
- return getSSLProperties();
- }
-
- @Override
- public Properties getInvalidCredentials(final int index) {
- this.javaProperties = getInvalidJavaSSLProperties();
- return getSSLProperties();
- }
-
- private File findTrustedJKS() {
- final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
- return new File(ssldir, "trusted.keystore");
- }
-
- private File findUntrustedJKS() {
- final File ssldir = new File(System.getProperty("JTESTS") + "/ssl");
- return new File(ssldir, "untrusted.keystore");
- }
-
- private Properties getValidJavaSSLProperties() {
- final File jks = findTrustedJKS();
-
- try {
- final Properties props = new Properties();
- props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.trustStorePassword", "password");
- props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.keyStorePassword", "password");
- return props;
-
- } catch (IOException ex) {
- throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
- }
- }
-
- private Properties getInvalidJavaSSLProperties() {
- final File jks = findUntrustedJKS();
-
- try {
- final Properties props = new Properties();
- props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.trustStorePassword", "password");
- props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
- props.setProperty("javax.net.ssl.keyStorePassword", "password");
- return props;
-
- } catch (IOException ex) {
- throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
- }
- }
-
- private Properties getSSLProperties() {
- Properties props = new Properties();
- props.setProperty("ssl-enabled", "true");
- props.setProperty("ssl-require-authentication", "true");
- props.setProperty("ssl-ciphers", "SSL_RSA_WITH_RC4_128_MD5");
- props.setProperty("ssl-protocols", "TLSv1");
- return props;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/67dc693b/geode-core/src/test/java/com/gemstone/gemfire/security/UserPasswordWithExtraPropsAuthInit.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/UserPasswordWithExtraPropsAuthInit.java b/geode-core/src/test/java/com/gemstone/gemfire/security/UserPasswordWithExtraPropsAuthInit.java
deleted file mode 100755
index c5e4caf..0000000
--- a/geode-core/src/test/java/com/gemstone/gemfire/security/UserPasswordWithExtraPropsAuthInit.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.gemstone.gemfire.security;
-
-import com.gemstone.gemfire.distributed.DistributedMember;
-import com.gemstone.gemfire.security.templates.UserPasswordAuthInit;
-
-import java.util.Iterator;
-import java.util.Properties;
-
-/**
- * An {@link AuthInitialize} implementation that obtains the user name and
- * password as the credentials from the given set of properties. If
- * keep-extra-props property exits, it will copy rest of the
- * properties provided in getCredential props argument will also be
- * copied as new credentials.
- *
- * @since 5.5
- */
-public class UserPasswordWithExtraPropsAuthInit extends UserPasswordAuthInit {
-
- public static final String SECURITY_PREFIX = "security-";
- public static final String EXTRA_PROPS = "security-keep-extra-props";
-
- public static AuthInitialize create() {
- return new UserPasswordWithExtraPropsAuthInit();
- }
-
- public UserPasswordWithExtraPropsAuthInit() {
- super();
- }
-
- public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
- final Properties securityPropertiesCopy = super.getCredentials(securityProperties, server, isPeer);
- final String extraProps = securityProperties.getProperty(EXTRA_PROPS);
-
- if (extraProps != null) {
- for (Iterator it = securityProperties.keySet().iterator(); it.hasNext();) {
- final String key = (String) it.next();
- if (key.startsWith(SECURITY_PREFIX) &&
- key.equalsIgnoreCase(USER_NAME) == false &&
- key.equalsIgnoreCase(PASSWORD) == false &&
- key.equalsIgnoreCase(EXTRA_PROPS) == false) {
- securityPropertiesCopy.setProperty(key, securityProperties.getProperty(key));
- }
- }
- this.securityLogWriter.fine("got everything and now have: " + securityPropertiesCopy.keySet().toString());
- }
-
- return securityPropertiesCopy;
- }
-}