You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2016/12/02 15:47:52 UTC
svn commit: r1772364 [3/4] - in /qpid/java/trunk:
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/security/
broker-core/src/main/java/org/apache/qpid/server/security/auth/database/
broker-core/sr...
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/Base64MD5PasswordFilePrincipalDatabaseTest.java Fri Dec 2 15:47:52 2016
@@ -20,25 +20,22 @@
*/
package org.apache.qpid.server.security.auth.database;
-import org.apache.qpid.server.security.auth.UsernamePrincipal;
-
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.login.AccountNotFoundException;
-import javax.xml.bind.DatatypeConverter;
-
import java.io.BufferedReader;
-import java.io.BufferedWriter;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
-import java.io.FileWriter;
import java.io.IOException;
import java.security.Principal;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.AccountNotFoundException;
+import javax.xml.bind.DatatypeConverter;
+
+import org.apache.qpid.server.security.auth.UsernamePrincipal;
+
public class Base64MD5PasswordFilePrincipalDatabaseTest extends AbstractPasswordFilePrincipalDatabaseTest
{
@@ -49,8 +46,7 @@ public class Base64MD5PasswordFilePrinci
private static final Principal PRINCIPAL = new UsernamePrincipal(PRINCIPAL_USERNAME, null);
private Base64MD5PasswordFilePrincipalDatabase _database;
private File _pwdFile;
- private List<File> _testPwdFiles = new ArrayList<File>();
-
+
static
{
byte[] decoded = DatatypeConverter.parseBase64Binary(PASSWORD_B64MD5HASHED);
@@ -70,7 +66,6 @@ public class Base64MD5PasswordFilePrinci
_pwdFile = File.createTempFile(this.getClass().getName(), "pwd");
_pwdFile.deleteOnExit();
_database.open(_pwdFile);
- _testPwdFiles.clear();
}
public void tearDown() throws Exception
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabaseTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabaseTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabaseTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/database/PlainPasswordFilePrincipalDatabaseTest.java Fri Dec 2 15:47:52 2016
@@ -24,6 +24,7 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.manager.AbstractScramAuthenticationManager;
import org.apache.qpid.test.utils.QpidTestCase;
@@ -52,7 +53,8 @@ public class PlainPasswordFilePrincipalD
public void setUp() throws Exception
{
super.setUp();
- final AuthenticationProvider mockAuthenticationProvider = mock(AuthenticationProvider.class);
+ final PasswordCredentialManagingAuthenticationProvider
+ mockAuthenticationProvider = mock(PasswordCredentialManagingAuthenticationProvider.class);
when(mockAuthenticationProvider.getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT)).thenReturn(4096);
_database = new PlainPasswordFilePrincipalDatabase(mockAuthenticationProvider);
_testPwdFiles.clear();
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java Fri Dec 2 15:47:52 2016
@@ -21,6 +21,7 @@
package org.apache.qpid.server.security.auth.manager;
import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped;
+import static org.mockito.Mockito.mock;
import java.util.Collections;
import java.util.HashMap;
@@ -33,6 +34,8 @@ import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.model.BrokerTestHelper;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.QpidTestCase;
public class AnonymousAuthenticationManagerTest extends QpidTestCase
@@ -64,27 +67,19 @@ public class AnonymousAuthenticationMana
assertEquals(Collections.singletonList("ANONYMOUS"), _manager.getMechanisms());
}
- public void testCreateSaslServer() throws Exception
+ public void testCreateSaslNegotiator() throws Exception
{
- SaslServer server = _manager.createSaslServer("ANONYMOUS", "example.example.com", null);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("ANONYMOUS", null);
+ assertNotNull("Could not create SASL negotiator for mechanism 'ANONYMOUS'", negotiator);
- assertEquals("Sasl Server mechanism name is not as expected", "ANONYMOUS", server.getMechanismName());
-
- try
- {
- server = _manager.createSaslServer("PLAIN", "example.example.com", null);
- fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
- }
- catch (SaslException e)
- {
- // pass
- }
+ negotiator = _manager.createSaslNegotiator("PLAIN", null);
+ assertNull("Should not be able to create SASL negotiator for mechanism 'PLAIN'", negotiator);
}
public void testAuthenticate() throws Exception
{
- SaslServer saslServer = _manager.createSaslServer("ANONYMOUS", "example.example.com", null);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("ANONYMOUS", null);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java Fri Dec 2 15:47:52 2016
@@ -19,6 +19,8 @@
package org.apache.qpid.server.security.auth.manager;
import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
import java.util.Collections;
import java.util.HashMap;
@@ -26,37 +28,41 @@ import java.util.Map;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.model.BrokerTestHelper;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.QpidTestCase;
public class ExternalAuthenticationManagerTest extends QpidTestCase
{
private ExternalAuthenticationManager _manager;
private ExternalAuthenticationManager _managerUsingFullDN;
+ private SaslSettings _saslSettings;
@Override
public void setUp() throws Exception
{
super.setUp();
- Map<String,Object> attrs = new HashMap<String, Object>();
+ Map<String,Object> attrs = new HashMap<>();
attrs.put(AuthenticationProvider.ID, UUID.randomUUID());
attrs.put(AuthenticationProvider.NAME, getTestName());
attrs.put("useFullDN",false);
_manager = new ExternalAuthenticationManagerImpl(attrs, BrokerTestHelper.createBrokerMock());
_manager.open();
- HashMap<String, Object> attrsFullDN = new HashMap<String, Object>();
+ HashMap<String, Object> attrsFullDN = new HashMap<>();
attrsFullDN.put(AuthenticationProvider.ID, UUID.randomUUID());
attrsFullDN.put(AuthenticationProvider.NAME, getTestName()+"FullDN");
attrsFullDN.put("useFullDN",true);
_managerUsingFullDN = new ExternalAuthenticationManagerImpl(attrsFullDN, BrokerTestHelper.createBrokerMock());
_managerUsingFullDN.open();
+
+ _saslSettings = mock(SaslSettings.class);
+ when(_saslSettings.getLocalFQDN()).thenReturn("example.example.com");
}
public void testGetMechanisms() throws Exception
@@ -64,156 +70,143 @@ public class ExternalAuthenticationManag
assertEquals(Collections.singletonList("EXTERNAL"), _manager.getMechanisms());
}
- public void testCreateSaslServer() throws Exception
+ public void testCreateSaslNegotiator() throws Exception
{
- createSaslServerTestImpl(_manager);
+ createSaslNegotiatorTestImpl(_manager);
}
public void testAuthenticatePrincipalNull_CausesAuthError() throws Exception
{
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
AuthenticationResult.AuthenticationStatus.ERROR,
result.getStatus());
- assertNull(saslServer.getAuthorizationID());
+ assertNull(result.getMainPrincipal());
}
public void testAuthenticatePrincipalNoCn_CausesAuthError() throws Exception
{
X500Principal principal = new X500Principal("DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
AuthenticationResult.AuthenticationStatus.ERROR,
result.getStatus());
- assertNull(saslServer.getAuthorizationID());
+ assertNull(result.getMainPrincipal());
}
public void testAuthenticatePrincipalEmptyCn_CausesAuthError() throws Exception
{
X500Principal principal = new X500Principal("CN=, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be unsuccessful",
AuthenticationResult.AuthenticationStatus.ERROR,
result.getStatus());
- assertNull(saslServer.getAuthorizationID());
+ assertNull(result.getMainPrincipal());
}
public void testAuthenticatePrincipalCnOnly() throws Exception
{
X500Principal principal = new X500Principal("CN=person");
UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person", _manager);
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
- assertEquals("person", saslServer.getAuthorizationID());
+ assertEquals("person", result.getMainPrincipal().getName());
}
public void testAuthenticatePrincipalCnAndDc() throws Exception
{
X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person@example.com", _manager);
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
- assertEquals("person@example.com", saslServer.getAuthorizationID());
+ assertEquals("person@example.com", result.getMainPrincipal().getName());
}
public void testAuthenticatePrincipalCnDc_OtherComponentsIgnored() throws Exception
{
X500Principal principal = new X500Principal("CN=person, DC=example, DC=com, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person@example.com", _manager);
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
- assertEquals("person@example.com", saslServer.getAuthorizationID());
+ assertEquals("person@example.com", result.getMainPrincipal().getName());
}
public void testAuthenticatePrincipalCn_OtherComponentsIgnored() throws Exception
{
X500Principal principal = new X500Principal("CN=person, O=My Company Ltd, L=Newbury, ST=Berkshire, C=GB");
UsernamePrincipal expectedPrincipal = new UsernamePrincipal("person", _manager);
- SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _manager.createSaslNegotiator("EXTERNAL", _saslSettings);
- AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
- assertEquals("person", saslServer.getAuthorizationID());
+ assertEquals("person", result.getMainPrincipal().getName());
}
- public void testFullDNMode_CreateSaslServer() throws Exception
+ public void testFullDNMode_CreateSaslNegotiator() throws Exception
{
- createSaslServerTestImpl(_managerUsingFullDN);
+ createSaslNegotiatorTestImpl(_managerUsingFullDN);
}
public void testFullDNMode_Authenticate() throws Exception
{
X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
- SaslServer saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", principal);
+ when(_saslSettings.getExternalPrincipal()).thenReturn(principal);
+ SaslNegotiator negotiator = _managerUsingFullDN.createSaslNegotiator("EXTERNAL", _saslSettings);
+ AuthenticationResult result = negotiator.handleResponse(new byte[0]);
- AuthenticationResult result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
assertNotNull(result);
assertEquals("Expected authentication to be successful",
AuthenticationResult.AuthenticationStatus.SUCCESS,
result.getStatus());
assertOnlyContainsWrapped(principal, result.getPrincipals());
- assertEquals("CN=person,DC=example,DC=com", saslServer.getAuthorizationID());
+ assertEquals("CN=person,DC=example,DC=com", result.getMainPrincipal().getName());
}
- public void testFullDNMode_AuthenticatePrincipalNull_CausesAuthError() throws Exception
+ private void createSaslNegotiatorTestImpl(AuthenticationProvider<?> manager) throws Exception
{
- SaslServer saslServer = _managerUsingFullDN.createSaslServer("EXTERNAL", "example.example.com", null);
- AuthenticationResult result = _managerUsingFullDN.authenticate(saslServer, new byte[0]);
-
- assertNotNull(result);
- assertEquals("Expected authentication to be unsuccessful",
- AuthenticationResult.AuthenticationStatus.ERROR,
- result.getStatus());
- assertNull(saslServer.getAuthorizationID());
- }
-
- private void createSaslServerTestImpl(AuthenticationProvider<?> manager) throws Exception
- {
- SaslServer server = manager.createSaslServer("EXTERNAL", "example.example.com", null);
-
- assertEquals("Sasl Server mechanism name is not as expected", "EXTERNAL", server.getMechanismName());
+ SaslNegotiator negotiator = manager.createSaslNegotiator("EXTERNAL", _saslSettings);
+ assertNotNull("Could not create SASL negotiator for 'EXTERNAL' mechanism.", negotiator);
- try
- {
- server = manager.createSaslServer("PLAIN", "example.example.com", null);
- fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
- }
- catch (SaslException e)
- {
- // pass
- }
+ negotiator = manager.createSaslNegotiator("PLAIN", _saslSettings);
+ assertNull("Should not be able to create SASL negotiator with incorrect mechanism.", negotiator);
}
}
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationManagerTest.java Fri Dec 2 15:47:52 2016
@@ -20,27 +20,11 @@
*/
package org.apache.qpid.server.security.auth.manager;
-import javax.security.sasl.SaslServer;
-import java.util.HashMap;
import java.util.Map;
-import java.util.concurrent.ExecutionException;
-
-import org.apache.qpid.server.model.User;
-import org.apache.qpid.server.security.auth.AuthenticationResult;
-import org.apache.qpid.server.security.auth.sasl.SaslUtil;
public class MD5AuthenticationManagerTest extends ManagedAuthenticationManagerTestBase
{
- public static final String USER_NAME = "test";
- public static final String USER_PASSWORD = "password";
-
- @Override
- public void setUp() throws Exception
- {
- super.setUp();
- }
-
@Override
protected ConfigModelPasswordManagingAuthenticationProvider<?> createAuthManager(final Map<String, Object> attributesMap)
{
@@ -53,52 +37,4 @@ public class MD5AuthenticationManagerTes
return false;
}
- @Override
- public void tearDown() throws Exception
- {
- super.tearDown();
- }
-
- public void testMD5HexAuthenticationWithValidCredentials() throws Exception
- {
- createUser(USER_NAME, USER_PASSWORD);
- AuthenticationResult result = authenticate("CRAM-MD5-HEX", USER_NAME, USER_PASSWORD);
- assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
- }
-
- public void testMD5HexAuthenticationWithInvalidPassword() throws Exception
- {
- createUser(USER_NAME, USER_PASSWORD);
- AuthenticationResult result = authenticate("CRAM-MD5-HEX", USER_NAME, "invalid");
- assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.ERROR, result.getStatus());
- }
-
- public void testMD5HexAuthenticationWithInvalidUsername() throws Exception
- {
- createUser(USER_NAME, USER_PASSWORD);
- AuthenticationResult result = authenticate("CRAM-MD5-HEX", "invalid", USER_PASSWORD);
- assertEquals("Unexpected authentication result", AuthenticationResult.AuthenticationStatus.ERROR, result.getStatus());
- }
-
- private AuthenticationResult authenticate(String mechanism, String userName, String userPassword) throws Exception
- {
- SaslServer ss = getAuthManager().createSaslServer(mechanism, "test", null);
- byte[] challenge = ss.evaluateResponse(new byte[0]);
-
- byte[] response = SaslUtil.generateCramMD5HexClientResponse(userName, userPassword, challenge);;
-
- return getAuthManager().authenticate(ss, response);
- }
-
- private User createUser(String userName, String userPassword) throws ExecutionException, InterruptedException
- {
- final Map<String, Object> childAttrs = new HashMap<String, Object>();
-
- childAttrs.put(User.NAME, userName);
- childAttrs.put(User.PASSWORD, userPassword);
- User user = getAuthManager().addChildAsync(User.class, childAttrs).get();
- assertNotNull("User should be created but addChild returned null", user);
- assertEquals(userName, user.getName());
- return user;
- }
}
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ManagedAuthenticationManagerTestBase.java Fri Dec 2 15:47:52 2016
@@ -20,6 +20,7 @@
*/
package org.apache.qpid.server.security.auth.manager;
+import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import java.util.Collections;
@@ -29,8 +30,6 @@ import java.util.UUID;
import java.util.concurrent.ExecutionException;
import javax.security.auth.login.AccountNotFoundException;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
@@ -40,10 +39,14 @@ import org.apache.qpid.server.model.User
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.model.BrokerTestHelper;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.QpidTestCase;
abstract class ManagedAuthenticationManagerTestBase extends QpidTestCase
{
+ private static final String TEST_USER_NAME = "admin";
+ private static final String TEST_USER_PASSWORD = "admin";
private ConfigModelPasswordManagingAuthenticationProvider<?> _authManager;
@@ -93,27 +96,6 @@ abstract class ManagedAuthenticationMana
assertFalse("PLAIN authentication should not be available on an insecure connection", insecureCreator.getMechanisms().contains("PLAIN"));
SubjectCreator secureCreator = _authManager.getSubjectCreator(true);
assertTrue("PLAIN authentication should be available on a secure connection", secureCreator.getMechanisms().contains("PLAIN"));
-
- try
- {
- SaslServer saslServer = secureCreator.createSaslServer("PLAIN", "127.0.0.1", null);
- assertNotNull(saslServer);
- }
- catch (SaslException e)
- {
- fail("Unable to create a SaslServer for PLAIN authentication on a secure connection" + e.getMessage());
- }
-
- try
- {
- SaslServer saslServer = insecureCreator.createSaslServer("PLAIN", "127.0.0.1", null);
- fail("Erroneously created a SaslServer for PLAIN authentication on an insecure connection");
- }
- catch (SaslException e)
- {
- // Pass
- }
-
}
public void testAddChildAndThenDelete() throws ExecutionException, InterruptedException
@@ -245,5 +227,44 @@ abstract class ManagedAuthenticationMana
}
+ public void testGetMechanisms() throws Exception
+ {
+ assertFalse("Should support at least one mechanism", _authManager.getMechanisms().isEmpty());
+ }
+
+ public void testAuthenticateValidCredentials() throws Exception
+ {
+ _authManager.createUser(TEST_USER_NAME, TEST_USER_PASSWORD, Collections.<String, String>emptyMap());
+ AuthenticationResult result = _authManager.authenticate(TEST_USER_NAME, TEST_USER_PASSWORD);
+ assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.SUCCESS, result.getStatus());
+ assertEquals("Unexpected result principal", TEST_USER_NAME, result.getMainPrincipal().getName());
+ }
+
+ public void testAuthenticateInvalidCredentials() throws Exception
+ {
+ _authManager.createUser(TEST_USER_NAME, TEST_USER_PASSWORD, Collections.<String, String>emptyMap());
+ AuthenticationResult result = _authManager.authenticate(TEST_USER_NAME, TEST_USER_PASSWORD + "1");
+ assertEquals("Unexpected result status", AuthenticationResult.AuthenticationStatus.ERROR, result.getStatus());
+ assertNull("Unexpected result principal", result.getMainPrincipal());
+ }
+
+ public void testAllSaslMechanisms() throws Exception
+ {
+ final SaslSettings saslSettings = mock(SaslSettings.class);
+ when(saslSettings.getLocalFQDN()).thenReturn("testhost.example.com");
+ for (String mechanism : _authManager.getMechanisms())
+ {
+ final SaslNegotiator negotiator = _authManager.createSaslNegotiator(mechanism, saslSettings);
+ assertNotNull(String.format("Could not create SASL negotiator for mechanism '%s'", mechanism), negotiator);
+ }
+ }
+
+ public void testUnsupportedSaslMechanisms() throws Exception
+ {
+ final SaslSettings saslSettings = mock(SaslSettings.class);
+ when(saslSettings.getLocalFQDN()).thenReturn("testhost.example.com");
+ final SaslNegotiator negotiator = _authManager.createSaslNegotiator("UNSUPPORTED MECHANISM", saslSettings);
+ assertNull("Should not be able to create SASL negotiator for unsupported mechanism", negotiator);
+ }
}
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java Fri Dec 2 15:47:52 2016
@@ -21,6 +21,8 @@
package org.apache.qpid.server.security.auth.manager;
import static org.apache.qpid.server.security.auth.AuthenticatedPrincipalTestHelper.assertOnlyContainsWrapped;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -34,20 +36,18 @@ import java.util.List;
import java.util.Map;
import java.util.UUID;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
-import javax.security.sasl.SaslServerFactory;
-
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.model.BrokerTestHelper;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.test.utils.QpidTestCase;
/**
@@ -56,12 +56,12 @@ import org.apache.qpid.test.utils.QpidTe
*/
public class PrincipalDatabaseAuthenticationManagerTest extends QpidTestCase
{
- private static final String LOCALHOST = "localhost";
private static final String MOCK_MECH_NAME = "MOCK-MECH-NAME";
private PrincipalDatabaseAuthenticationManager _manager = null; // Class under test
private PrincipalDatabase _principalDatabase;
private String _passwordFileLocation;
+ private SaslNegotiator _saslNegotiator = mock(SaslNegotiator.class);
@Override
public void setUp() throws Exception
@@ -97,12 +97,13 @@ public class PrincipalDatabaseAuthentica
_manager.initialise();
}
- private void setUpPrincipalDatabase() throws SaslException
+ private void setUpPrincipalDatabase()
{
_principalDatabase = mock(PrincipalDatabase.class);
when(_principalDatabase.getMechanisms()).thenReturn(Collections.singletonList(MOCK_MECH_NAME));
- when(_principalDatabase.createSaslServer(MOCK_MECH_NAME, LOCALHOST, null)).thenReturn(new MySaslServer(false, true));
+ when(_principalDatabase.createSaslNegotiator(eq(MOCK_MECH_NAME), any(SaslSettings.class))).thenReturn(
+ _saslNegotiator);
}
private void setupManager(final boolean recovering)
@@ -124,7 +125,7 @@ public class PrincipalDatabaseAuthentica
public void testInitialiseWhenPasswordFileNotFound() throws Exception
{
- AuthenticationProvider mockAuthProvider = mock(AuthenticationProvider.class);
+ PasswordCredentialManagingAuthenticationProvider mockAuthProvider = mock(PasswordCredentialManagingAuthenticationProvider.class);
when(mockAuthProvider.getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT)).thenReturn(4096);
_principalDatabase = new PlainPasswordFilePrincipalDatabase(mockAuthProvider);
setupManager(true);
@@ -142,7 +143,7 @@ public class PrincipalDatabaseAuthentica
public void testInitialiseWhenPasswordFileExists() throws Exception
{
- AuthenticationProvider mockAuthProvider = mock(AuthenticationProvider.class);
+ PasswordCredentialManagingAuthenticationProvider mockAuthProvider = mock(PasswordCredentialManagingAuthenticationProvider.class);
when(mockAuthProvider.getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT)).thenReturn(4096);
_principalDatabase = new PlainPasswordFilePrincipalDatabase(mockAuthProvider);
setupManager(true);
@@ -169,18 +170,13 @@ public class PrincipalDatabaseAuthentica
assertEquals("Unexpected principal name", "admin", p.getName());
}
- /**
- * Tests that the SASL factory method createSaslServer correctly
- * returns a non-null implementation.
- */
public void testSaslMechanismCreation() throws Exception
{
setupMocks();
- SaslServer server = _manager.createSaslServer(MOCK_MECH_NAME, LOCALHOST, null);
- assertNotNull(server);
- // Merely tests the creation of the mechanism. Mechanisms themselves are tested
- // by their own tests.
+ SaslSettings saslSettings = mock(SaslSettings.class);
+ SaslNegotiator saslNegotiator = _manager.createSaslNegotiator(MOCK_MECH_NAME, saslSettings);
+ assertNotNull(saslNegotiator);
}
/**
@@ -191,12 +187,11 @@ public class PrincipalDatabaseAuthentica
public void testSaslAuthenticationSuccess() throws Exception
{
setupMocks();
+ UsernamePrincipal expectedPrincipal = new UsernamePrincipal("guest", _manager);
- SaslServer testServer = createTestSaslServer(true, false);
-
- AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
+ when(_saslNegotiator.handleResponse(any(byte[].class))).thenReturn(new AuthenticationResult(expectedPrincipal));
- UsernamePrincipal expectedPrincipal = new UsernamePrincipal("guest", _manager);
+ AuthenticationResult result = _saslNegotiator.handleResponse("12345".getBytes());
assertOnlyContainsWrapped(expectedPrincipal, result.getPrincipals());
assertEquals(AuthenticationStatus.SUCCESS, result.getStatus());
@@ -212,9 +207,9 @@ public class PrincipalDatabaseAuthentica
{
setupMocks();
- SaslServer testServer = createTestSaslServer(false, false);
+ when(_saslNegotiator.handleResponse(any(byte[].class))).thenReturn(new AuthenticationResult(AuthenticationStatus.CONTINUE));
- AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
+ AuthenticationResult result = _saslNegotiator.handleResponse("12345".getBytes());
assertEquals("Principals was not expected size", 0, result.getPrincipals().size());
assertEquals(AuthenticationStatus.CONTINUE, result.getStatus());
@@ -230,9 +225,9 @@ public class PrincipalDatabaseAuthentica
{
setupMocks();
- SaslServer testServer = createTestSaslServer(false, true);
+ when(_saslNegotiator.handleResponse(any(byte[].class))).thenReturn(new AuthenticationResult(AuthenticationStatus.ERROR));
- AuthenticationResult result = _manager.authenticate(testServer, "12345".getBytes());
+ AuthenticationResult result = _saslNegotiator.handleResponse("12345".getBytes());
assertEquals("Principals was not expected size", 0, result.getPrincipals().size());
assertEquals(AuthenticationStatus.ERROR, result.getStatus());
}
@@ -250,7 +245,7 @@ public class PrincipalDatabaseAuthentica
assertEquals(AuthenticationStatus.SUCCESS, result.getStatus());
}
- public void testNonSaslAuthenticationNotCompleted() throws Exception
+ public void testNonSaslAuthenticationErrored() throws Exception
{
setupMocks();
@@ -258,7 +253,7 @@ public class PrincipalDatabaseAuthentica
AuthenticationResult result = _manager.authenticate("guest", "wrongpassword");
assertEquals("Principals was not expected size", 0, result.getPrincipals().size());
- assertEquals(AuthenticationStatus.CONTINUE, result.getStatus());
+ assertEquals(AuthenticationStatus.ERROR, result.getStatus());
}
public void testOnCreate() throws Exception
@@ -321,96 +316,4 @@ public class PrincipalDatabaseAuthentica
passwordFile.delete();
}
}
-
- /**
- * Test SASL implementation used to test the authenticate() method.
- */
- private SaslServer createTestSaslServer(final boolean complete, final boolean throwSaslException)
- {
- return new MySaslServer(throwSaslException, complete);
- }
-
- public static final class MySaslServer implements SaslServer
- {
- private final boolean _throwSaslException;
- private final boolean _complete;
-
- public MySaslServer()
- {
- this(false, true);
- }
-
- private MySaslServer(boolean throwSaslException, boolean complete)
- {
- _throwSaslException = throwSaslException;
- _complete = complete;
- }
-
- public String getMechanismName()
- {
- return null;
- }
-
- public byte[] evaluateResponse(byte[] response) throws SaslException
- {
- if (_throwSaslException)
- {
- throw new SaslException("Mocked exception");
- }
- return null;
- }
-
- public boolean isComplete()
- {
- return _complete;
- }
-
- public String getAuthorizationID()
- {
- return _complete ? "guest" : null;
- }
-
- public byte[] unwrap(byte[] incoming, int offset, int len) throws SaslException
- {
- return null;
- }
-
- public byte[] wrap(byte[] outgoing, int offset, int len) throws SaslException
- {
- return null;
- }
-
- public Object getNegotiatedProperty(String propName)
- {
- return null;
- }
-
- public void dispose() throws SaslException
- {
- }
- }
-
- public static class MySaslServerFactory implements SaslServerFactory
- {
- @Override
- public SaslServer createSaslServer(String mechanism, String protocol,
- String serverName, Map<String, ?> props, CallbackHandler cbh)
- throws SaslException
- {
- if (MOCK_MECH_NAME.equals(mechanism))
- {
- return new MySaslServer();
- }
- else
- {
- return null;
- }
- }
-
- @Override
- public String[] getMechanismNames(Map<String, ?> props)
- {
- return new String[]{MOCK_MECH_NAME};
- }
- }
}
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManagerTest.java Fri Dec 2 15:47:52 2016
@@ -20,6 +20,9 @@
*/
package org.apache.qpid.server.security.auth.manager;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
@@ -28,13 +31,13 @@ import java.util.Set;
import java.util.UUID;
import javax.security.sasl.SaslException;
-import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.security.auth.sasl.SaslUtil;
-import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
import org.apache.qpid.server.model.BrokerTestHelper;
import org.apache.qpid.test.utils.QpidTestCase;
@@ -67,21 +70,14 @@ public class SimpleAuthenticationManager
assertTrue("SCRAM-SHA-256 was not present: " + mechanisms, mechanisms.contains("SCRAM-SHA-256"));
}
- public void testCreateSaslServerForUnsupportedMechanisms() throws Exception
+ public void testCreateSaslNegotiatorForUnsupportedMechanisms() throws Exception
{
String[] unsupported = new String[] { "EXTERNAL", "CRAM-MD5-HEX", "CRAM-MD5-HASHED", "ANONYMOUS", "GSSAPI"};
for (int i = 0; i < unsupported.length; i++)
{
String mechanism = unsupported[i];
- try
- {
- _authenticationManager.createSaslServer(mechanism, "test", null);
- fail("Mechanism " + mechanism + " should not be supported by SimpleAuthenticationManager");
- }
- catch (SaslException e)
- {
- // pass
- }
+ SaslNegotiator negotiator = _authenticationManager.createSaslNegotiator(mechanism, null);
+ assertNull("Mechanism " + mechanism + " should not be supported by SimpleAuthenticationManager", negotiator);
}
}
@@ -158,21 +154,25 @@ public class SimpleAuthenticationManager
assertEquals("Unexpected principals size", 0, principals.size());
}
- private AuthenticationResult authenticatePlain(String userName, String userPassword) throws SaslException, Exception
+ private AuthenticationResult authenticatePlain(String userName, String userPassword) throws Exception
{
- PlainSaslServer ss = (PlainSaslServer) _authenticationManager.createSaslServer("PLAIN", "test", null);
+ SaslSettings saslSettings = mock(SaslSettings.class);
+ SaslNegotiator saslNegotiator = _authenticationManager.createSaslNegotiator("PLAIN", saslSettings);
byte[] response = SaslUtil.generatePlainClientResponse(userName, userPassword);
-
- return _authenticationManager.authenticate(ss, response);
+ return saslNegotiator.handleResponse(response);
}
- private AuthenticationResult authenticateCramMd5(String userName, String userPassword) throws SaslException, Exception
+ private AuthenticationResult authenticateCramMd5(String userName, String userPassword) throws Exception
{
- SaslServer ss = _authenticationManager.createSaslServer("CRAM-MD5", "test", null);
- byte[] challenge = ss.evaluateResponse(new byte[0]);
+ SaslSettings saslSettings = mock(SaslSettings.class);
+ when(saslSettings.getLocalFQDN()).thenReturn("testHost");
+ SaslNegotiator saslNegotiator = _authenticationManager.createSaslNegotiator("CRAM-MD5", saslSettings);
+ AuthenticationResult result = saslNegotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected SASL status", AuthenticationStatus.CONTINUE, result.getStatus());
+
+ byte[] challenge = result.getChallenge();
byte[] response = SaslUtil.generateCramMD5ClientResponse(userName, userPassword, challenge);
- AuthenticationResult result = _authenticationManager.authenticate(ss, response);
- return result;
+ return saslNegotiator.handleResponse(response);
}
}
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImplTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImplTest.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImplTest.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2AuthenticationProviderImplTest.java Fri Dec 2 15:47:52 2016
@@ -33,7 +33,6 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
-import javax.security.sasl.SaslServer;
import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
import org.apache.qpid.server.configuration.updater.TaskExecutor;
@@ -44,6 +43,8 @@ import org.apache.qpid.server.model.Stat
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.manager.CachingAuthenticationProvider;
import org.apache.qpid.server.security.auth.manager.oauth2.cloudfoundry.CloudFoundryOAuth2IdentityResolverService;
+import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
+import org.apache.qpid.server.security.auth.sasl.oauth2.OAuth2Negotiator;
import org.apache.qpid.test.utils.QpidTestCase;
public class OAuth2AuthenticationProviderImplTest extends QpidTestCase
@@ -150,17 +151,16 @@ public class OAuth2AuthenticationProvide
public void testGetSecureOnlyMechanisms() throws Exception
{
assertEquals("OAuth2 should be a secure only mechanism",
- Collections.singletonList(OAuth2SaslServer.MECHANISM), _authProvider.getSecureOnlyMechanisms());
+ Collections.singletonList(OAuth2Negotiator.MECHANISM), _authProvider.getSecureOnlyMechanisms());
}
public void testAuthenticateViaSasl() throws Exception
{
_server.setEndpoints(Collections.singletonMap(TEST_IDENTITY_RESOLVER_ENDPOINT_PATH,
createMockIdentityResolverEndpoint()));
- SaslServer saslServer = _authProvider.createSaslServer(OAuth2SaslServer.MECHANISM, TEST_ENDPOINT_HOST, null);
- AuthenticationResult authenticationResult = _authProvider.authenticate(saslServer, ("auth=Bearer "
- + TEST_VALID_ACCESS_TOKEN
- + "\1\1").getBytes(UTF8));
+ final SaslNegotiator negotiator = _authProvider.createSaslNegotiator(OAuth2Negotiator.MECHANISM, null);
+ AuthenticationResult authenticationResult = negotiator.handleResponse(("auth=Bearer " + TEST_VALID_ACCESS_TOKEN + "\1\1").getBytes(UTF8));
+
assertSuccess(authenticationResult);
}
@@ -172,10 +172,8 @@ public class OAuth2AuthenticationProvide
_server.setEndpoints(Collections.singletonMap(TEST_IDENTITY_RESOLVER_ENDPOINT_PATH,
mockIdentityResolverEndpoint));
- SaslServer saslServer = _authProvider.createSaslServer(OAuth2SaslServer.MECHANISM, TEST_ENDPOINT_HOST, null);
- AuthenticationResult authenticationResult = _authProvider.authenticate(saslServer, ("auth=Bearer "
- + TEST_INVALID_ACCESS_TOKEN
- + "\1\1").getBytes(UTF8));
+ final SaslNegotiator negotiator = _authProvider.createSaslNegotiator(OAuth2Negotiator.MECHANISM, null);
+ AuthenticationResult authenticationResult = negotiator.handleResponse(("auth=Bearer " + TEST_INVALID_ACCESS_TOKEN + "\1\1").getBytes(UTF8));
assertFailure(authenticationResult, "invalid_token");
}
Modified: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslUtil.java?rev=1772364&r1=1772363&r2=1772364&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslUtil.java (original)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/SaslUtil.java Fri Dec 2 15:47:52 2016
@@ -20,11 +20,17 @@
*/
package org.apache.qpid.server.security.auth.sasl;
+import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5HashedNegotiator;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5HexNegotiator;
+import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Negotiator;
+
public class SaslUtil
{
@@ -57,6 +63,28 @@ public class SaslUtil
return responseAsString.getBytes();
}
+ public static byte[] generateCramMD5HashedClientResponse(String userName, String userPassword, byte[] challengeBytes)
+ throws Exception
+ {
+ char[] hash = toMD5Hashed(userPassword);
+
+ return generateCramMD5ClientResponse(userName, new String(hash), challengeBytes);
+ }
+
+ public static char[] toMD5Hashed(final String userPassword)
+ throws NoSuchAlgorithmException, UnsupportedEncodingException
+ {
+ byte[] digestedPasswordBytes = MessageDigest.getInstance("MD5").digest(userPassword.getBytes("UTF-8"));
+
+ char[] hash = new char[digestedPasswordBytes.length];
+ int index = 0;
+ for (byte b : digestedPasswordBytes)
+ {
+ hash[index++] = (char) b;
+ }
+ return hash;
+ }
+
public static byte[] generateCramMD5ClientResponse(String userName, String userPassword, byte[] challengeBytes)
throws Exception
{
@@ -68,6 +96,24 @@ public class SaslUtil
return responseAsString.getBytes();
}
+ public static byte[] generateCramMD5ClientResponse(String mechanism, String userName, String userPassword, byte[] challengeBytes)
+ throws Exception
+ {
+ if (CramMd5Negotiator.MECHANISM.equals(mechanism))
+ {
+ return generateCramMD5ClientResponse(userName, userPassword, challengeBytes);
+ }
+ else if (CramMd5HexNegotiator.MECHANISM.equals(mechanism))
+ {
+ return generateCramMD5HexClientResponse(userName, userPassword, challengeBytes);
+ }
+ else if (CramMd5HashedNegotiator.MECHANISM.equals(mechanism))
+ {
+ return generateCramMD5HashedClientResponse(userName, userPassword, challengeBytes);
+ }
+ throw new IllegalArgumentException(String.format("Unsupported mechanism '%s'", mechanism));
+ }
+
public static String toHex(byte[] data)
{
StringBuffer hash = new StringBuffer();
Added: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousNegotiatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousNegotiatorTest.java?rev=1772364&view=auto
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousNegotiatorTest.java (added)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/anonymous/AnonymousNegotiatorTest.java Fri Dec 2 15:47:52 2016
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.anonymous;
+
+import static org.mockito.Mockito.mock;
+
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class AnonymousNegotiatorTest extends QpidTestCase
+{
+ public void testHandleResponse() throws Exception
+ {
+ final AuthenticationResult result = mock(AuthenticationResult.class);
+ AnonymousNegotiator negotiator = new AnonymousNegotiator(result);
+ assertEquals("Unexpected result", result, negotiator.handleResponse(new byte[0]));
+
+ AuthenticationResult secondResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Only first call to handleResponse should be successful",
+ AuthenticationResult.AuthenticationStatus.ERROR, secondResult.getStatus());
+ }
+}
\ No newline at end of file
Added: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5NegotiatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5NegotiatorTest.java?rev=1772364&view=auto
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5NegotiatorTest.java (added)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/crammd5/CramMd5NegotiatorTest.java Fri Dec 2 15:47:52 2016
@@ -0,0 +1,274 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.crammd5;
+
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import javax.xml.bind.DatatypeConverter;
+
+import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.database.HashedUser;
+import org.apache.qpid.server.security.auth.sasl.PasswordSource;
+import org.apache.qpid.server.security.auth.sasl.SaslUtil;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class CramMd5NegotiatorTest extends QpidTestCase
+{
+ private static final String TEST_FQDN = "example.com";
+ private static final String VALID_USERNAME = "testUser";
+ private static final char[] VALID_USERPASSWORD = "testPassword".toCharArray();
+ private static final String INVALID_USERPASSWORD = "invalidPassword";
+ private static final String INVALID_USERNAME = "invalidUser" ;
+
+ private AbstractCramMd5Negotiator _negotiator;
+ private PasswordSource _passwordSource;
+ private PasswordCredentialManagingAuthenticationProvider<?> _authenticationProvider;
+
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ _passwordSource = mock(PasswordSource.class);
+ when(_passwordSource.getPassword(eq(VALID_USERNAME))).thenReturn(VALID_USERPASSWORD);
+ _authenticationProvider = mock(PasswordCredentialManagingAuthenticationProvider.class);
+ }
+
+ @Override
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+ if (_negotiator != null)
+ {
+ _negotiator.dispose();
+ }
+ }
+
+ public void testHandleResponseCramMD5ValidCredentials() throws Exception
+ {
+ _negotiator = new CramMd5Negotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+ doHandleResponseWithValidCredentials(CramMd5Negotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5InvalidPassword() throws Exception
+ {
+ _negotiator = new CramMd5Negotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+ doHandleResponseWithInvalidPassword(CramMd5Negotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5InvalidUsername() throws Exception
+ {
+ _negotiator = new CramMd5Negotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+ doHandleResponseWithInvalidUsername(CramMd5Negotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5HashedValidCredentials() throws Exception
+ {
+ hashPassword();
+
+ _negotiator = new CramMd5HashedNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithValidCredentials(CramMd5HashedNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5HashedInvalidPassword() throws Exception
+ {
+ hashPassword();
+
+ _negotiator = new CramMd5HashedNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidPassword(CramMd5HashedNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5HashedInvalidUsername() throws Exception
+ {
+ hashPassword();
+
+ _negotiator = new CramMd5HashedNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidUsername(CramMd5HashedNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5HexValidCredentials() throws Exception
+ {
+ hashPassword();
+
+ _negotiator = new CramMd5HexNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithValidCredentials(CramMd5HexNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5HexInvalidPassword() throws Exception
+ {
+ hashPassword();
+
+ _negotiator = new CramMd5HexNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidPassword(CramMd5HexNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5HexInvalidUsername() throws Exception
+ {
+ hashPassword();
+
+ _negotiator = new CramMd5HexNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidUsername(CramMd5HexNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5Base64HexValidCredentials() throws Exception
+ {
+ base64Password();
+
+ _negotiator = new CramMd5Base64HexNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithValidCredentials(CramMd5Base64HexNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5Base64HexInvalidPassword() throws Exception
+ {
+ base64Password();
+
+ _negotiator = new CramMd5Base64HexNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidPassword(CramMd5Base64HexNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5Base64HexInvalidUsername() throws Exception
+ {
+ base64Password();
+
+ _negotiator = new CramMd5Base64HexNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidUsername(CramMd5Base64HexNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5Base64HashedValidCredentials() throws Exception
+ {
+ base64Password();
+
+ _negotiator = new CramMd5Base64HashedNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithValidCredentials(CramMd5Base64HashedNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5Base64HashedInvalidPassword() throws Exception
+ {
+ base64Password();
+
+ _negotiator = new CramMd5Base64HashedNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidPassword(CramMd5Base64HashedNegotiator.MECHANISM);
+ }
+
+ public void testHandleResponseCramMD5Base64HashedInvalidUsername() throws Exception
+ {
+ base64Password();
+
+ _negotiator = new CramMd5Base64HashedNegotiator(_authenticationProvider, TEST_FQDN, _passwordSource);
+
+ doHandleResponseWithInvalidUsername(CramMd5Base64HashedNegotiator.MECHANISM);
+ }
+
+ private void doHandleResponseWithValidCredentials(final String mechanism) throws Exception
+ {
+ AuthenticationResult firstResult = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, firstResult.getStatus());
+ assertNotNull("Unexpected first result challenge", firstResult.getChallenge());
+
+ byte[] responseBytes = SaslUtil.generateCramMD5ClientResponse(mechanism, VALID_USERNAME, new String(VALID_USERPASSWORD), firstResult.getChallenge());
+
+ AuthenticationResult secondResult = _negotiator.handleResponse(responseBytes);
+
+ assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.SUCCESS, secondResult.getStatus());
+ assertNull("Unexpected second result challenge", secondResult.getChallenge());
+ assertEquals("Unexpected second result main principal", VALID_USERNAME, secondResult.getMainPrincipal().getName());
+
+ verify(_passwordSource).getPassword(eq(VALID_USERNAME));
+
+ AuthenticationResult thirdResult = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, thirdResult.getStatus());
+ }
+
+ private void doHandleResponseWithInvalidPassword(final String mechanism) throws Exception
+ {
+ AuthenticationResult firstResult = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, firstResult.getStatus());
+ assertNotNull("Unexpected first result challenge", firstResult.getChallenge());
+
+ byte[] responseBytes = SaslUtil.generateCramMD5ClientResponse(mechanism, VALID_USERNAME, INVALID_USERPASSWORD, firstResult.getChallenge());
+
+ AuthenticationResult secondResult = _negotiator.handleResponse(responseBytes);
+
+ assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.ERROR, secondResult.getStatus());
+ assertNull("Unexpected second result challenge", secondResult.getChallenge());
+ assertNull("Unexpected second result main principal", secondResult.getMainPrincipal());
+
+ verify(_passwordSource).getPassword(eq(VALID_USERNAME));
+
+ AuthenticationResult thirdResult = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, thirdResult.getStatus());
+ }
+
+ private void doHandleResponseWithInvalidUsername(final String mechanism) throws Exception
+ {
+ AuthenticationResult firstResult = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, firstResult.getStatus());
+ assertNotNull("Unexpected first result challenge", firstResult.getChallenge());
+
+ byte[] responseBytes = SaslUtil.generateCramMD5ClientResponse(mechanism, INVALID_USERNAME, new String(VALID_USERPASSWORD), firstResult.getChallenge());
+
+ AuthenticationResult secondResult = _negotiator.handleResponse(responseBytes);
+
+ assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.ERROR, secondResult.getStatus());
+ assertNull("Unexpected second result challenge", secondResult.getChallenge());
+ assertNull("Unexpected second result main principal", secondResult.getMainPrincipal());
+
+ verify(_passwordSource).getPassword(eq(INVALID_USERNAME));
+
+ AuthenticationResult thirdResult = _negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected third result status", AuthenticationResult.AuthenticationStatus.ERROR, thirdResult.getStatus());
+ }
+
+ private void hashPassword()
+ {
+ HashedUser hashedUser = new HashedUser(VALID_USERNAME, VALID_USERPASSWORD, _authenticationProvider);
+ char[] password = hashedUser.getPassword();
+ when(_passwordSource.getPassword(eq(VALID_USERNAME))).thenReturn(password);
+ }
+
+ private void base64Password() throws NoSuchAlgorithmException
+ {
+ byte[] data = new String(VALID_USERPASSWORD).getBytes(StandardCharsets.UTF_8);
+ MessageDigest md = MessageDigest.getInstance("MD5");
+ md.update(data);
+ char[] password = DatatypeConverter.printBase64Binary(md.digest()).toCharArray();
+ when(_passwordSource.getPassword(eq(VALID_USERNAME))).thenReturn(password);
+ }
+
+}
\ No newline at end of file
Added: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiatorTest.java?rev=1772364&view=auto
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiatorTest.java (added)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiatorTest.java Fri Dec 2 15:47:52 2016
@@ -0,0 +1,150 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.external;
+
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+
+import java.security.Principal;
+
+import javax.security.auth.x500.X500Principal;
+
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class ExternalNegotiatorTest extends QpidTestCase
+{
+ private static final String VALID_USER_DN = "cn=test,dc=example,dc=com";
+ private static final String VALID_USER_NAME = "test@example.com";
+ private static final String USERNAME_NO_CN_DC = "ou=test,o=example,o=com";
+
+ public void testHandleResponseUseFullDNValidExternalPrincipal() throws Exception
+ {
+ ExternalAuthenticationManager<?> externalAuthenticationManager = mock(ExternalAuthenticationManager.class);
+ when(externalAuthenticationManager.getUseFullDN()).thenReturn(true);
+ X500Principal externalPrincipal = new X500Principal(VALID_USER_DN);
+ ExternalNegotiator negotiator = new ExternalNegotiator(externalAuthenticationManager, externalPrincipal);
+
+ AuthenticationResult firstResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status",
+ AuthenticationResult.AuthenticationStatus.SUCCESS,
+ firstResult.getStatus());
+ String principalName = firstResult.getMainPrincipal().getName();
+ assertTrue(String.format("Unexpected first result principal '%s'", principalName),
+ VALID_USER_DN.equalsIgnoreCase(principalName));
+
+ AuthenticationResult secondResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected second result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ secondResult.getStatus());
+ }
+
+ public void testHandleResponseNotUseFullDNValidExternalPrincipal() throws Exception
+ {
+ ExternalAuthenticationManager<?> externalAuthenticationManager = mock(ExternalAuthenticationManager.class);
+ when(externalAuthenticationManager.getUseFullDN()).thenReturn(false);
+ X500Principal externalPrincipal = new X500Principal(VALID_USER_DN);
+ ExternalNegotiator negotiator = new ExternalNegotiator(externalAuthenticationManager, externalPrincipal);
+
+ AuthenticationResult firstResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status",
+ AuthenticationResult.AuthenticationStatus.SUCCESS,
+ firstResult.getStatus());
+ String principalName = firstResult.getMainPrincipal().getName();
+ assertEquals("Unexpected first result principal", VALID_USER_NAME, principalName);
+
+ AuthenticationResult secondResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected second result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ secondResult.getStatus());
+ }
+
+ public void testHandleResponseNotUseFullDN_No_CN_DC_In_ExternalPrincipal() throws Exception
+ {
+ ExternalAuthenticationManager<?> externalAuthenticationManager = mock(ExternalAuthenticationManager.class);
+ when(externalAuthenticationManager.getUseFullDN()).thenReturn(false);
+ X500Principal externalPrincipal = new X500Principal(USERNAME_NO_CN_DC);
+ ExternalNegotiator negotiator = new ExternalNegotiator(externalAuthenticationManager, externalPrincipal);
+
+ AuthenticationResult firstResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ firstResult.getStatus());
+ assertNull("Unexpected first result principal", firstResult.getMainPrincipal());
+ }
+
+ public void testHandleResponseUseFullDN_No_CN_DC_In_ExternalPrincipal() throws Exception
+ {
+ ExternalAuthenticationManager<?> externalAuthenticationManager = mock(ExternalAuthenticationManager.class);
+ when(externalAuthenticationManager.getUseFullDN()).thenReturn(true);
+ X500Principal externalPrincipal = new X500Principal(USERNAME_NO_CN_DC);
+ ExternalNegotiator negotiator = new ExternalNegotiator(externalAuthenticationManager, externalPrincipal);
+
+ AuthenticationResult firstResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status",
+ AuthenticationResult.AuthenticationStatus.SUCCESS,
+ firstResult.getStatus());
+ String principalName = firstResult.getMainPrincipal().getName();
+ assertTrue(String.format("Unexpected first result principal '%s'", principalName),
+ USERNAME_NO_CN_DC.equalsIgnoreCase(principalName));
+
+ AuthenticationResult secondResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected second result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ secondResult.getStatus());
+ }
+
+ public void testHandleResponseFailsWithoutExternalPrincipal() throws Exception
+ {
+ ExternalAuthenticationManager<?> externalAuthenticationManager = mock(ExternalAuthenticationManager.class);
+ when(externalAuthenticationManager.getUseFullDN()).thenReturn(true);
+ ExternalNegotiator negotiator = new ExternalNegotiator(externalAuthenticationManager, null);
+
+ AuthenticationResult firstResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ firstResult.getStatus());
+ assertNull("Unexpected first result principal", firstResult.getMainPrincipal());
+ }
+
+
+ public void testHandleResponseSucceedsForNonX500Principal() throws Exception
+ {
+ ExternalAuthenticationManager<?> externalAuthenticationManager = mock(ExternalAuthenticationManager.class);
+ when(externalAuthenticationManager.getUseFullDN()).thenReturn(true);
+ Principal principal = mock(Principal.class);
+ ExternalNegotiator negotiator = new ExternalNegotiator(externalAuthenticationManager, principal);
+
+ AuthenticationResult firstResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected first result status",
+ AuthenticationResult.AuthenticationStatus.SUCCESS,
+ firstResult.getStatus());
+ assertEquals("Unexpected first result principal", principal, firstResult.getMainPrincipal());
+
+ AuthenticationResult secondResult = negotiator.handleResponse(new byte[0]);
+ assertEquals("Unexpected second result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ secondResult.getStatus());
+ }
+}
\ No newline at end of file
Added: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java?rev=1772364&view=auto
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java (added)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/oauth2/OAuth2NegotiatorTest.java Fri Dec 2 15:47:52 2016
@@ -0,0 +1,96 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.oauth2;
+
+
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.manager.oauth2.OAuth2AuthenticationProvider;
+
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class OAuth2NegotiatorTest extends QpidTestCase
+{
+ private static final String VALID_TOKEN = "token";
+ private static final byte[] VALID_RESPONSE = ("auth=Bearer " + VALID_TOKEN + "\1\1").getBytes();
+ private static final byte[] VALID_TOKEN_WITH_CRUD =
+ ("user=xxx\1auth=Bearer " + VALID_TOKEN + "\1host=localhost\1\1").getBytes();
+ private static final byte[] RESPONSE_WITH_NO_TOKEN = "host=localhost\1\1".getBytes();
+ private static final byte[] RESPONSE_WITH_MALFORMED_AUTH = "auth=wibble\1\1".getBytes();
+ private OAuth2Negotiator _negotiator;
+ private OAuth2AuthenticationProvider<?> _authenticationProvider;
+
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ _authenticationProvider = mock(OAuth2AuthenticationProvider.class);
+ _negotiator = new OAuth2Negotiator(_authenticationProvider);
+ }
+
+ public void testHandleResponse_ResponseHasAuthOnly() throws Exception
+ {
+ doHandleResponseWithValidResponse(VALID_RESPONSE);
+ }
+
+ public void testHandleResponse_ResponseAuthAndOthers() throws Exception
+ {
+ doHandleResponseWithValidResponse(VALID_TOKEN_WITH_CRUD);
+ }
+
+ public void testHandleResponse_ResponseAuthAbsent() throws Exception
+ {
+ AuthenticationResult actualResult = _negotiator.handleResponse(RESPONSE_WITH_NO_TOKEN);
+ assertEquals("Unexpected result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ actualResult.getStatus());
+ assertNull("Unexpected result principal", actualResult.getMainPrincipal());
+ }
+
+ public void testHandleResponse_ResponseAuthMalformed() throws Exception
+ {
+ AuthenticationResult actualResult = _negotiator.handleResponse(RESPONSE_WITH_MALFORMED_AUTH);
+ assertEquals("Unexpected result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ actualResult.getStatus());
+ assertNull("Unexpected result principal", actualResult.getMainPrincipal());
+ }
+
+ private void doHandleResponseWithValidResponse(final byte[] validResponse)
+ {
+ final AuthenticationResult expectedResult = mock(AuthenticationResult.class);
+ when(_authenticationProvider.authenticateViaAccessToken(eq(VALID_TOKEN))).thenReturn(expectedResult);
+ AuthenticationResult actualResult = _negotiator.handleResponse(validResponse);
+ assertEquals("Unexpected result", expectedResult, actualResult);
+
+ verify(_authenticationProvider).authenticateViaAccessToken(eq(VALID_TOKEN));
+
+ AuthenticationResult secondResult = _negotiator.handleResponse(validResponse);
+ assertEquals("Unexpected second result status",
+ AuthenticationResult.AuthenticationStatus.ERROR,
+ secondResult.getStatus());
+ }
+
+}
\ No newline at end of file
Added: qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java?rev=1772364&view=auto
==============================================================================
--- qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java (added)
+++ qpid/java/trunk/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/plain/PlainNegotiatorTest.java Fri Dec 2 15:47:52 2016
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.qpid.server.security.auth.sasl.plain;
+
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class PlainNegotiatorTest extends QpidTestCase
+{
+ private static final String VALID_PASSWORD = "testPassword";
+ private static final String VALID_USERNAME = "testUsername";
+ private static final String VALID_RESPONSE = String.format("\0%s\0%s", VALID_USERNAME, VALID_PASSWORD);
+ private UsernamePasswordAuthenticationProvider _authenticationProvider;
+ private PlainNegotiator _negotiator;
+ private AuthenticationResult _expectedResult;
+
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ _expectedResult = mock(AuthenticationResult.class);
+ _authenticationProvider = mock(UsernamePasswordAuthenticationProvider.class);
+ when(_authenticationProvider.authenticate(eq(VALID_USERNAME), eq(VALID_PASSWORD))).thenReturn(_expectedResult);
+ _negotiator = new PlainNegotiator(_authenticationProvider);
+ }
+
+ @Override
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+ if (_negotiator != null)
+ {
+ _negotiator.dispose();
+ }
+ }
+
+ public void testHandleResponse() throws Exception
+ {
+ final AuthenticationResult result = _negotiator.handleResponse(VALID_RESPONSE.getBytes());
+ verify(_authenticationProvider).authenticate(eq(VALID_USERNAME), eq(VALID_PASSWORD));
+ assertEquals("Unexpected authentication result", _expectedResult, result);
+ }
+
+ public void testMultipleAuthenticationAttempts() throws Exception
+ {
+ final AuthenticationResult firstResult = _negotiator.handleResponse(VALID_RESPONSE.getBytes());
+ assertEquals("Unexpected first authentication result", _expectedResult, firstResult);
+ final AuthenticationResult secondResult = _negotiator.handleResponse(VALID_RESPONSE.getBytes());
+ assertEquals("Unexpected second authentication result", AuthenticationResult.AuthenticationStatus.ERROR, secondResult.getStatus());
+ }
+}
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org