You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2018/01/29 11:34:42 UTC
qpid-broker-j git commit: QPID-8083 [System Tests] [REST/HTTP] Move
SaslRestTest into http management system tests
Repository: qpid-broker-j
Updated Branches:
refs/heads/master 039f79b53 -> e4f5cc911
QPID-8083 [System Tests] [REST/HTTP] Move SaslRestTest into http management system tests
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/e4f5cc91
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/e4f5cc91
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/e4f5cc91
Branch: refs/heads/master
Commit: e4f5cc911251a1cd2f42bb980f0debb30985aa2c
Parents: 039f79b
Author: Alex Rudyy <or...@apache.org>
Authored: Mon Jan 29 11:34:00 2018 +0000
Committer: Alex Rudyy <or...@apache.org>
Committed: Mon Jan 29 11:34:14 2018 +0000
----------------------------------------------------------------------
systests/qpid-systests-http-management/pom.xml | 7 +
.../apache/qpid/tests/rest/RestTestHelper.java | 33 +-
.../apache/qpid/tests/rest/SaslRestTest.java | 407 +++++++++++++++++
.../apache/qpid/systest/rest/SaslRestTest.java | 440 -------------------
4 files changed, 437 insertions(+), 450 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/e4f5cc91/systests/qpid-systests-http-management/pom.xml
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/pom.xml b/systests/qpid-systests-http-management/pom.xml
index c0e29bb..8ea2625 100644
--- a/systests/qpid-systests-http-management/pom.xml
+++ b/systests/qpid-systests-http-management/pom.xml
@@ -108,6 +108,13 @@
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.qpid</groupId>
+ <artifactId>qpid-broker-core</artifactId>
+ <classifier>tests</classifier>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/e4f5cc91/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/rest/RestTestHelper.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/rest/RestTestHelper.java b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/rest/RestTestHelper.java
index e71da86..2a5e514 100644
--- a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/rest/RestTestHelper.java
+++ b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/rest/RestTestHelper.java
@@ -260,9 +260,16 @@ public class RestTestHelper
public Map<String, Object> getJsonAsMap(String path) throws IOException
{
HttpURLConnection connection = openManagementConnection(path, "GET");
- connection.connect();
- Map<String, Object> response = readJsonResponseAsMap(connection);
- return response;
+ try
+ {
+ connection.connect();
+ Map<String, Object> response = readJsonResponseAsMap(connection);
+ return response;
+ }
+ finally
+ {
+ connection.disconnect();
+ }
}
public <T> T getJson(String path, final Class<T> valueType) throws IOException
@@ -289,17 +296,23 @@ public class RestTestHelper
public int submitRequest(String url, String method, Object data, Map<String, List<String>> responseHeadersToCapture) throws IOException
{
HttpURLConnection connection = openManagementConnection(url, method);
- if (data != null)
+ try
{
- writeJsonRequest(connection, data);
+ if (data != null)
+ {
+ writeJsonRequest(connection, data);
+ }
+ int responseCode = connection.getResponseCode();
+ if (responseHeadersToCapture != null)
+ {
+ responseHeadersToCapture.putAll(connection.getHeaderFields());
+ }
+ return responseCode;
}
- int responseCode = connection.getResponseCode();
- if (responseHeadersToCapture!= null)
+ finally
{
- responseHeadersToCapture.putAll(connection.getHeaderFields());
+ connection.disconnect();
}
- connection.disconnect();
- return responseCode;
}
public int submitRequest(String url, String method) throws IOException
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/e4f5cc91/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/rest/SaslRestTest.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/rest/SaslRestTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/rest/SaslRestTest.java
new file mode 100644
index 0000000..6345d28
--- /dev/null
+++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/rest/SaslRestTest.java
@@ -0,0 +1,407 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.tests.rest;
+
+import static javax.servlet.http.HttpServletResponse.SC_EXPECTATION_FAILED;
+import static javax.servlet.http.HttpServletResponse.SC_OK;
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generateCramMD5ClientResponse;
+import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generatePlainClientResponse;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.xml.bind.DatatypeConverter;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import org.apache.qpid.server.security.auth.manager.ScramSHA1AuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.ScramSHA256AuthenticationManager;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Negotiator;
+import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
+import org.apache.qpid.tests.utils.BrokerAdminUsingTestBase;
+
+public class SaslRestTest extends BrokerAdminUsingTestBase
+{
+ private static final String SASL_SERVICE = "/service/sasl";
+ private static final String SET_COOKIE_HEADER = "Set-Cookie";
+ private RestTestHelper _helper;
+ private String _userName;
+ private String _userPassword;
+
+ @Before
+ public void setUp()
+ {
+ _helper = new RestTestHelper(getBrokerAdmin());
+ _userName = getBrokerAdmin().getValidUsername();
+ _userPassword = getBrokerAdmin().getValidPassword();
+ }
+
+ @Test
+ public void requestSASLMechanisms() throws Exception
+ {
+ Map<String, Object> saslData = _helper.getJsonAsMap(SASL_SERVICE);
+ assertNotNull("mechanisms attribute is not found", saslData.get("mechanisms"));
+
+ @SuppressWarnings("unchecked")
+ List<String> mechanisms = (List<String>) saslData.get("mechanisms");
+ String[] expectedMechanisms = {PlainNegotiator.MECHANISM,
+ CramMd5Negotiator.MECHANISM,
+ ScramSHA1AuthenticationManager.MECHANISM,
+ ScramSHA256AuthenticationManager.MECHANISM};
+ for (String mechanism : expectedMechanisms)
+ {
+ assertTrue(String.format("Mechanism '%s' is not found", mechanism), mechanisms.contains(mechanism));
+ }
+ assertNull(String.format("Unexpected user was returned: %s", saslData.get("user")), saslData.get("user"));
+ }
+
+ @Test
+ public void requestUnsupportedSASLMechanism() throws Exception
+ {
+ HttpURLConnection connection = requestSASLAuthentication("UNSUPPORTED");
+ try
+ {
+ assertEquals("Unexpected response", SC_EXPECTATION_FAILED, connection.getResponseCode());
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ @Test
+ public void plainSASLAuthenticationWithoutInitialResponse() throws Exception
+ {
+ HttpURLConnection connection = requestSASLAuthentication(PlainNegotiator.MECHANISM);
+ try
+ {
+ assertEquals("Unexpected response", SC_OK, connection.getResponseCode());
+ handleChallengeAndSendResponse(connection, _userName, _userPassword, PlainNegotiator.MECHANISM, SC_OK);
+
+ assertAuthenticatedUser(_userName, connection.getHeaderFields().get(SET_COOKIE_HEADER));
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ @Test
+ public void plainSASLAuthenticationWithMalformedInitialResponse() throws Exception
+ {
+ byte[] responseBytes = "null".getBytes();
+ String responseData = DatatypeConverter.printBase64Binary(responseBytes);
+ String parameters = String.format("mechanism=%s&response=%s", PlainNegotiator.MECHANISM, responseData);
+
+ HttpURLConnection connection = _helper.openManagementConnection(SASL_SERVICE, "POST");
+ try
+ {
+ try (OutputStream os = connection.getOutputStream())
+ {
+ os.write(parameters.getBytes());
+ os.flush();
+
+ assertEquals("Unexpected response code", SC_UNAUTHORIZED, connection.getResponseCode());
+
+ assertAuthenticatedUser(null, connection.getHeaderFields().get(SET_COOKIE_HEADER));
+ }
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ @Test
+ public void plainSASLAuthenticationWithValidCredentials() throws Exception
+ {
+ List<String> cookies = plainSASLAuthenticationWithInitialResponse(_userName, _userPassword, SC_OK);
+
+ assertAuthenticatedUser(_userName, cookies);
+ }
+
+ @Test
+ public void plainSASLAuthenticationWithIncorrectPassword() throws Exception
+ {
+ List<String> cookies = plainSASLAuthenticationWithInitialResponse(_userName, "incorrect", SC_UNAUTHORIZED);
+
+ assertAuthenticatedUser(null, cookies);
+ }
+
+ @Test
+ public void plainSASLAuthenticationWithUnknownUser() throws Exception
+ {
+ List<String> cookies = plainSASLAuthenticationWithInitialResponse("unknown", _userPassword, SC_UNAUTHORIZED);
+
+ assertAuthenticatedUser(null, cookies);
+ }
+
+ @Test
+ public void cramMD5SASLAuthenticationForValidCredentials() throws Exception
+ {
+ List<String> cookies =
+ challengeResponseAuthentication(_userName, _userPassword, CramMd5Negotiator.MECHANISM, SC_OK);
+ assertAuthenticatedUser(_userName, cookies);
+ }
+
+ @Test
+ public void cramMD5SASLAuthenticationForIncorrectPassword() throws Exception
+ {
+ List<String> cookies =
+ challengeResponseAuthentication(_userName, "incorrect", CramMd5Negotiator.MECHANISM, SC_UNAUTHORIZED);
+ assertAuthenticatedUser(null, cookies);
+ }
+
+ @Test
+ public void cramMD5SASLAuthenticationForNonExistingUser() throws Exception
+ {
+ List<String> cookies =
+ challengeResponseAuthentication("unknown", _userPassword, CramMd5Negotiator.MECHANISM, SC_UNAUTHORIZED);
+ assertAuthenticatedUser(null, cookies);
+ }
+
+ @Test
+ public void cramMD5SASLAuthenticationResponseNotProvided() throws Exception
+ {
+ HttpURLConnection connection = requestSASLAuthentication(CramMd5Negotiator.MECHANISM);
+ try
+ {
+ Map<String, Object> response = _helper.readJsonResponseAsMap(connection);
+ String challenge = (String) response.get("challenge");
+ assertNotNull("Challenge is not found", challenge);
+
+ List<String> cookies = connection.getHeaderFields().get(SET_COOKIE_HEADER);
+
+ String requestParameters = (String.format("id=%s", response.get("id")));
+ postResponse(cookies, requestParameters, SC_UNAUTHORIZED);
+
+ assertAuthenticatedUser(null, cookies);
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ @Test
+ public void cramMD5SASLAuthenticationWithMalformedResponse() throws Exception
+ {
+ HttpURLConnection connection = requestSASLAuthentication(CramMd5Negotiator.MECHANISM);
+ try
+ {
+ Map<String, Object> response = _helper.readJsonResponseAsMap(connection);
+ String challenge = (String) response.get("challenge");
+ assertNotNull("Challenge is not found", challenge);
+
+ List<String> cookies = connection.getHeaderFields().get(SET_COOKIE_HEADER);
+
+ String responseData = DatatypeConverter.printBase64Binary("null".getBytes());
+ String requestParameters = String.format("id=%s&response=%s", response.get("id"), responseData);
+
+ postResponse(cookies, requestParameters, SC_UNAUTHORIZED);
+
+ assertAuthenticatedUser(null, cookies);
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ @Test
+ public void cramMD5SASLAuthenticationWithInvalidId() throws Exception
+ {
+ HttpURLConnection connection = requestSASLAuthentication(CramMd5Negotiator.MECHANISM);
+ try
+ {
+ Map<String, Object> response = _helper.readJsonResponseAsMap(connection);
+ String challenge = (String) response.get("challenge");
+ assertNotNull("Challenge is not found", challenge);
+
+ List<String> cookies = connection.getHeaderFields().get(SET_COOKIE_HEADER);
+
+ byte[] challengeBytes = DatatypeConverter.parseBase64Binary(challenge);
+ byte[] responseBytes =
+ generateClientResponse(CramMd5Negotiator.MECHANISM, _userName, _userPassword, challengeBytes);
+ String responseData = DatatypeConverter.printBase64Binary(responseBytes);
+ String requestParameters = (String.format("id=%s&response=%s", UUID.randomUUID().toString(), responseData));
+
+ postResponse(cookies, requestParameters, SC_EXPECTATION_FAILED);
+
+ assertAuthenticatedUser(null, cookies);
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ private List<String> plainSASLAuthenticationWithInitialResponse(final String userName,
+ final String userPassword,
+ final int expectedResponseCode) throws Exception
+ {
+ byte[] responseBytes = generatePlainClientResponse(userName, userPassword);
+ String responseData = DatatypeConverter.printBase64Binary(responseBytes);
+ String parameters = String.format("mechanism=%s&response=%s", PlainNegotiator.MECHANISM, responseData);
+
+ HttpURLConnection connection = _helper.openManagementConnection(SASL_SERVICE, "POST");
+ try
+ {
+ try (OutputStream os = connection.getOutputStream())
+ {
+ os.write(parameters.getBytes());
+ os.flush();
+
+ assertEquals("Unexpected response code", expectedResponseCode, connection.getResponseCode());
+ }
+ return connection.getHeaderFields().get(SET_COOKIE_HEADER);
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+ private List<String> challengeResponseAuthentication(final String userName,
+ final String userPassword,
+ final String mechanism,
+ final int expectedResponseCode)
+ throws Exception
+ {
+ HttpURLConnection connection = requestSASLAuthentication(mechanism);
+ try
+ {
+ handleChallengeAndSendResponse(connection, userName, userPassword, mechanism, expectedResponseCode);
+ return connection.getHeaderFields().get(SET_COOKIE_HEADER);
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+
+
+ private void handleChallengeAndSendResponse(HttpURLConnection requestChallengeConnection,
+ String userName,
+ String userPassword,
+ String mechanism,
+ final int expectedResponseCode)
+ throws Exception
+ {
+ Map<String, Object> response = _helper.readJsonResponseAsMap(requestChallengeConnection);
+ String challenge = (String) response.get("challenge");
+ assertNotNull("Challenge is not found", challenge);
+
+ byte[] challengeBytes = DatatypeConverter.parseBase64Binary(challenge);
+ byte[] responseBytes = generateClientResponse(mechanism, userName, userPassword, challengeBytes);
+ String responseData = DatatypeConverter.printBase64Binary(responseBytes);
+ String requestParameters = (String.format("id=%s&response=%s", response.get("id"), responseData));
+
+ postResponse(requestChallengeConnection.getHeaderFields().get(SET_COOKIE_HEADER),
+ requestParameters,
+ expectedResponseCode);
+ }
+
+ private void postResponse(final List<String> cookies,
+ final String requestParameters,
+ final int expectedResponseCode) throws IOException
+ {
+ HttpURLConnection authenticateConnection = _helper.openManagementConnection(SASL_SERVICE, "POST");
+ try
+ {
+ applyCookiesToConnection(cookies, authenticateConnection);
+ try (OutputStream os = authenticateConnection.getOutputStream())
+ {
+ os.write(requestParameters.getBytes());
+ os.flush();
+ assertEquals("Unexpected response code",
+ expectedResponseCode,
+ authenticateConnection.getResponseCode());
+ }
+ }
+ finally
+ {
+ authenticateConnection.disconnect();
+ }
+ }
+
+ private byte[] generateClientResponse(String mechanism, String userName, String userPassword, byte[] challengeBytes)
+ throws Exception
+ {
+ byte[] responseBytes;
+ if (PlainNegotiator.MECHANISM.equals(mechanism))
+ {
+ responseBytes = generatePlainClientResponse(_userName, _userPassword);
+ }
+ else if (CramMd5Negotiator.MECHANISM.equalsIgnoreCase(mechanism))
+ {
+ responseBytes = generateCramMD5ClientResponse(userName, userPassword, challengeBytes);
+ }
+ else
+ {
+ throw new RuntimeException("Not implemented test mechanism " + mechanism);
+ }
+ return responseBytes;
+ }
+
+
+ private void applyCookiesToConnection(List<String> cookies, HttpURLConnection connection)
+ {
+ for (String cookie : cookies)
+ {
+ connection.addRequestProperty("Cookie", cookie.split(";", 2)[0]);
+ }
+ }
+
+ private HttpURLConnection requestSASLAuthentication(String mechanism) throws IOException
+ {
+ HttpURLConnection connection = _helper.openManagementConnection(SASL_SERVICE, "POST");
+ OutputStream os = connection.getOutputStream();
+ os.write(String.format("mechanism=%s", mechanism).getBytes());
+ os.flush();
+ return connection;
+ }
+
+ private void assertAuthenticatedUser(final String userName, final List<String> cookies) throws IOException
+ {
+ HttpURLConnection connection = _helper.openManagementConnection(SASL_SERVICE, "GET");
+ try
+ {
+ applyCookiesToConnection(cookies, connection);
+ Map<String, Object> response = _helper.readJsonResponseAsMap(connection);
+ assertEquals("Unexpected user", userName, response.get("user"));
+ }
+ finally
+ {
+ connection.disconnect();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/e4f5cc91/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java
deleted file mode 100644
index ac837b7..0000000
--- a/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java
+++ /dev/null
@@ -1,440 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.systest.rest;
-
-import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generateCramMD5ClientResponse;
-import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generateCramMD5HashedClientResponse;
-import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generateCramMD5HexClientResponse;
-import static org.apache.qpid.server.security.auth.sasl.SaslUtil.generatePlainClientResponse;
-
-import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.net.HttpURLConnection;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.DatatypeConverter;
-
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.security.auth.manager.Base64MD5PasswordDatabaseAuthenticationManager;
-import org.apache.qpid.test.utils.TestBrokerConfiguration;
-
-public class SaslRestTest extends QpidRestTestCase
-{
- @Override
- public void startDefaultBroker()
- {
- // prevent broker from starting in setUp
- }
-
- public void startBrokerNow() throws Exception
- {
- super.startDefaultBroker();
- getRestTestHelper().setUsernameAndPassword(null,null);
- }
-
- public void testGetMechanismsWithBrokerPlainPasswordPrincipalDatabase() throws Exception
- {
- startBrokerNow();
-
- Map<String, Object> saslData = getRestTestHelper().getJsonAsMap("/service/sasl");
- assertNotNull("mechanisms attribute is not found", saslData.get("mechanisms"));
-
- @SuppressWarnings("unchecked")
- List<String> mechanisms = (List<String>) saslData.get("mechanisms");
- String[] expectedMechanisms = { "CRAM-MD5" };
- for (String mechanism : expectedMechanisms)
- {
- assertTrue("Mechanism " + mechanism + " is not found", mechanisms.contains(mechanism));
- }
- assertNull("Unexpected user was returned: " + saslData.get("user"), saslData.get("user"));
- }
-
- public void testGetMechanismsWithBrokerBase64MD5FilePrincipalDatabase() throws Exception
- {
- configureBase64MD5FilePrincipalDatabase();
- startBrokerNow();
-
- Map<String, Object> saslData = getRestTestHelper().getJsonAsMap("/service/sasl");
- assertNotNull("mechanisms attribute is not found", saslData.get("mechanisms"));
-
- @SuppressWarnings("unchecked")
- List<String> mechanisms = (List<String>) saslData.get("mechanisms");
- String[] expectedMechanisms = { "CRAM-MD5-HEX", "CRAM-MD5-HASHED" };
- for (String mechanism : expectedMechanisms)
- {
- assertTrue("Mechanism " + mechanism + " is not found", mechanisms.contains(mechanism));
- }
-
- assertNull("Unexpected user was returned: " + saslData.get("user"), saslData.get("user"));
- }
-
- public void testPlainSaslAuthenticationForValidCredentials() throws Exception
- {
- startBrokerNow();
-
- byte[] responseBytes = generatePlainClientResponse("admin", "admin");
- String responseData = DatatypeConverter.printBase64Binary(responseBytes);
- String parameters= "mechanism=PLAIN&response=" + responseData;
-
- HttpURLConnection connection = getRestTestHelper().openManagementConnection("/service/sasl", "POST");
- OutputStream os = connection.getOutputStream();
- os.write(parameters.getBytes());
- os.flush();
-
- int code = getRestTestHelper().submitRequest("/service/sasl", "POST", parameters.getBytes());
- assertEquals("Unexpected response code", 200, code);
-
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertEquals("Unexpected user", "admin", response2.get("user"));
- }
-
- public void testPlainSaslAuthenticationForIncorrectPassword() throws Exception
- {
- startBrokerNow();
-
- byte[] responseBytes = generatePlainClientResponse("admin", "incorrect");
- String responseData = DatatypeConverter.printBase64Binary(responseBytes);
- String parameters= "mechanism=PLAIN&response=" + responseData;
-
- HttpURLConnection connection = getRestTestHelper().openManagementConnection("/service/sasl", "POST");
- OutputStream os = connection.getOutputStream();
- os.write(parameters.getBytes());
- os.flush();
-
- int code = connection.getResponseCode();
- assertEquals("Unexpected response code", 401, code);
-
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- public void testPlainSaslAuthenticationForNonExistingUser() throws Exception
- {
- startBrokerNow();
-
- byte[] responseBytes = generatePlainClientResponse("nonexisting", "admin");
- String responseData = DatatypeConverter.printBase64Binary(responseBytes);
- String parameters= "mechanism=PLAIN&response=" + responseData;
-
- HttpURLConnection connection = getRestTestHelper().openManagementConnection("/service/sasl", "POST");
- OutputStream os = connection.getOutputStream();
- os.write(parameters.getBytes());
- os.flush();
-
- int code = connection.getResponseCode();
- assertEquals("Unexpected response code", 401, code);
-
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- public void testCramMD5SaslAuthenticationForValidCredentials() throws Exception
- {
- startBrokerNow();
-
- // request the challenge for CRAM-MD5
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // authenticate user with correct credentials
- int code = authenticateUser(connection, "admin", "admin", "CRAM-MD5");
- assertEquals("Unexpected response code", 200, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertEquals("Unexpected user", "admin", response2.get("user"));
- }
-
- public void testCramMD5SaslAuthenticationForIncorrectPassword() throws Exception
- {
- startBrokerNow();
-
- // request the challenge for CRAM-MD5
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // authenticate user with correct credentials
- int code = authenticateUser(connection, "admin", "incorrect", "CRAM-MD5");
- assertEquals("Unexpected response code", 401, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- public void testCramMD5SaslAuthenticationForNonExistingUser() throws Exception
- {
- startBrokerNow();
-
- // request the challenge for CRAM-MD5
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // authenticate user with correct credentials
- int code = authenticateUser(connection, "nonexisting", "admin", "CRAM-MD5");
- assertEquals("Unexpected response code", 401, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- public void testCramMD5HexSaslAuthenticationForValidCredentials() throws Exception
- {
- configureBase64MD5FilePrincipalDatabase();
- startBrokerNow();
-
- // request the challenge for CRAM-MD5-HEX
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5-HEX");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // authenticate user with correct credentials
- int code = authenticateUser(connection, "admin", "admin", "CRAM-MD5-HEX");
- assertEquals("Unexpected response code", 200, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertEquals("Unexpected user", "admin", response2.get("user"));
- }
-
- public void testCramMD5HexSaslAuthenticationForIncorrectPassword() throws Exception
- {
- configureBase64MD5FilePrincipalDatabase();
- startBrokerNow();
-
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5-HEX");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // try to authenticate user with incorrect passowrd
- int code = authenticateUser(connection, "admin", "incorrect", "CRAM-MD5-HEX");
- assertEquals("Unexpected response code", 401, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- public void testCramMD5HexSaslAuthenticationForNonExistingUser() throws Exception
- {
- configureBase64MD5FilePrincipalDatabase();
- startBrokerNow();
-
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5-HEX");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // try to authenticate non-existing user
- int code = authenticateUser(connection, "nonexisting", "admin", "CRAM-MD5-HEX");
- assertEquals("Unexpected response code", 401, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- public void testRequestingAuthenticationForUnsupportedSaslMechanism() throws Exception
- {
- startBrokerNow();
- HttpURLConnection connection = requestSasServerChallenge("UNSUPPORTED");
- int responseCode = connection.getResponseCode();
- connection.disconnect();
- assertEquals("Unexpected response", HttpServletResponse.SC_EXPECTATION_FAILED, responseCode);
- }
-
- public void testCramMD5HashedSaslAuthenticationForValidCredentials() throws Exception
- {
- configureBase64MD5FilePrincipalDatabase();
- startBrokerNow();
-
- // request the challenge for CRAM-MD5-HASHED
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5-HASHED");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // authenticate user with correct credentials
- int code = authenticateUser(connection, "admin", "admin", "CRAM-MD5-HASHED");
- assertEquals("Unexpected response code", 200, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertEquals("Unexpected user", "admin", response2.get("user"));
- }
-
- public void testCramMD5HashedSaslAuthenticationForInvalidPassword() throws Exception
- {
- configureBase64MD5FilePrincipalDatabase();
- startBrokerNow();
-
- HttpURLConnection connection = requestSasServerChallenge("CRAM-MD5-HASHED");
- List<String> cookies = connection.getHeaderFields().get("Set-Cookie");
-
- // try to authenticate user with incorrect passowrd
- int code = authenticateUser(connection, "admin", "incorrect", "CRAM-MD5-HASHED");
- assertEquals("Unexpected response code", 401, code);
-
- // request authenticated user details
- connection = getRestTestHelper().openManagementConnection("/service/sasl", "GET");
- applyCookiesToConnection(cookies, connection);
- Map<String, Object> response2 = getRestTestHelper().readJsonResponseAsMap(connection);
- assertNull("Unexpected user", response2.get("user"));
- }
-
- private HttpURLConnection requestSasServerChallenge(String mechanism) throws IOException
- {
- HttpURLConnection connection = getRestTestHelper().openManagementConnection("/service/sasl", "POST");
- OutputStream os = connection.getOutputStream();
- os.write(("mechanism=" + mechanism).getBytes());
- os.flush();
- return connection;
- }
-
- public int authenticateUser(HttpURLConnection requestChallengeConnection, String userName, String userPassword, String mechanism)
- throws Exception
- {
- // get the response
- Map<String, Object> response = getRestTestHelper().readJsonResponseAsMap(requestChallengeConnection);
- String challenge = (String) response.get("challenge");
- assertNotNull("Challenge is not found", challenge);
-
- // preserve cookies to have the same server session
- List<String> cookies = requestChallengeConnection.getHeaderFields().get("Set-Cookie");
-
- // generate the authentication response for the challenge received
- byte[] challengeBytes = DatatypeConverter.parseBase64Binary(challenge);
- byte[] responseBytes = generateClientResponse(mechanism, userName, userPassword, challengeBytes);
- String responseData = DatatypeConverter.printBase64Binary(responseBytes);
- String requestParameters = ("id=" + response.get("id") + "&response=" + responseData);
-
- // re-open connection
- HttpURLConnection authenticateConnection = getRestTestHelper().openManagementConnection("/service/sasl", "POST");
-
- // set cookies to use the same server session
- applyCookiesToConnection(cookies, authenticateConnection);
- OutputStream os = authenticateConnection.getOutputStream();
- os.write(requestParameters.getBytes());
- os.flush();
- return authenticateConnection.getResponseCode();
- }
-
- private byte[] generateClientResponse(String mechanism, String userName, String userPassword, byte[] challengeBytes) throws Exception
- {
- byte[] responseBytes = null;
- if ("CRAM-MD5-HEX".equalsIgnoreCase(mechanism))
- {
- responseBytes = generateCramMD5HexClientResponse(userName, userPassword, challengeBytes);
- }
- else if ("CRAM-MD5".equalsIgnoreCase(mechanism))
- {
- responseBytes = generateCramMD5ClientResponse(userName, userPassword, challengeBytes);
- }
- else if ("CRAM-MD5-HASHED".equalsIgnoreCase(mechanism))
- {
- responseBytes = generateCramMD5HashedClientResponse(userName, userPassword, challengeBytes);
- }
- else
- {
- throw new RuntimeException("Not implemented test mechanism " + mechanism);
- }
- return responseBytes;
- }
-
- private void applyCookiesToConnection(List<String> cookies, HttpURLConnection connection)
- {
- for (String cookie : cookies)
- {
- connection.addRequestProperty("Cookie", cookie.split(";", 2)[0]);
- }
- }
-
- private void configureBase64MD5FilePrincipalDatabase() throws IOException
- {
- // generate user password entry
- String passwordFileEntry;
- try
- {
-
- MessageDigest md = MessageDigest.getInstance("MD5");
-
- md.update("admin".getBytes("utf-8"));
-
- passwordFileEntry = "admin" + ":" + DatatypeConverter.printBase64Binary(md.digest());
- }
- catch (NoSuchAlgorithmException e)
- {
- throw new RuntimeException(e);
- }
-
- // store the entry in the file
- File passwordFile = File.createTempFile("passwd", "pwd");
- passwordFile.deleteOnExit();
-
- FileWriter writer = null;
- try
- {
- writer = new FileWriter(passwordFile);
- writer.write(passwordFileEntry);
- }
- finally
- {
- writer.close();
- }
-
- // configure broker to use Base64MD5PasswordFilePrincipalDatabase
- Map<String, Object> newAttributes = new HashMap<String, Object>();
- newAttributes.put("path", passwordFile.getAbsolutePath());
- newAttributes.put(AuthenticationProvider.TYPE, Base64MD5PasswordDatabaseAuthenticationManager.PROVIDER_TYPE);
- getDefaultBrokerConfiguration().setObjectAttributes(AuthenticationProvider.class, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, newAttributes);
- }
-}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org