You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by sr...@apache.org on 2011/09/10 04:57:11 UTC
svn commit: r1167444 [3/3] - in
/hadoop/common/branches/branch-0.20-security: ./
src/core/org/apache/hadoop/security/
src/core/org/apache/hadoop/security/authentication/
src/core/org/apache/hadoop/security/authentication/client/
src/core/org/apache/had...
Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java?rev=1167444&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java (added)
+++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java Sat Sep 10 02:57:10 2011
@@ -0,0 +1,113 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License. See accompanying LICENSE file.
+ */
+package org.apache.hadoop.security.authentication.server;
+
+import org.apache.hadoop.security.authentication.client.AuthenticationException;
+import junit.framework.TestCase;
+import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
+import org.mockito.Mockito;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.Properties;
+
+public class TestPseudoAuthenticationHandler extends TestCase {
+
+ public void testInit() throws Exception {
+ PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
+ try {
+ Properties props = new Properties();
+ props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
+ handler.init(props);
+ assertEquals(false, handler.getAcceptAnonymous());
+ } finally {
+ handler.destroy();
+ }
+ }
+
+ public void testType() throws Exception {
+ PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
+ assertEquals(PseudoAuthenticationHandler.TYPE, handler.getType());
+ }
+
+ public void testAnonymousOn() throws Exception {
+ PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
+ try {
+ Properties props = new Properties();
+ props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true");
+ handler.init(props);
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ AuthenticationToken token = handler.authenticate(request, response);
+
+ assertEquals(AuthenticationToken.ANONYMOUS, token);
+ } finally {
+ handler.destroy();
+ }
+ }
+
+ public void testAnonymousOff() throws Exception {
+ PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
+ try {
+ Properties props = new Properties();
+ props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false");
+ handler.init(props);
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+
+ handler.authenticate(request, response);
+ fail();
+ } catch (AuthenticationException ex) {
+ // Expected
+ } catch (Exception ex) {
+ fail();
+ } finally {
+ handler.destroy();
+ }
+ }
+
+ private void _testUserName(boolean anonymous) throws Exception {
+ PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler();
+ try {
+ Properties props = new Properties();
+ props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous));
+ handler.init(props);
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
+ Mockito.when(request.getParameter(PseudoAuthenticator.USER_NAME)).thenReturn("user");
+
+ AuthenticationToken token = handler.authenticate(request, response);
+
+ assertNotNull(token);
+ assertEquals("user", token.getUserName());
+ assertEquals("user", token.getName());
+ assertEquals(PseudoAuthenticationHandler.TYPE, token.getType());
+ } finally {
+ handler.destroy();
+ }
+ }
+
+ public void testUserNameAnonymousOff() throws Exception {
+ _testUserName(false);
+ }
+
+ public void testUserNameAnonymousOn() throws Exception {
+ _testUserName(true);
+ }
+
+}
Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java?rev=1167444&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java (added)
+++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java Sat Sep 10 02:57:10 2011
@@ -0,0 +1,88 @@
+package org.apache.hadoop.security.authentication.util;
+
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import java.io.IOException;
+
+import org.apache.hadoop.security.authentication.KerberosTestUtils;
+import org.junit.Before;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+public class TestKerberosName {
+
+ @Before
+ public void setUp() throws Exception {
+ String rules =
+ "RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" +
+ "RULE:[2:$1](johndoe)s/^.*$/guest/\n" +
+ "RULE:[2:$1;$2](^.*;admin$)s/;admin$//\n" +
+ "RULE:[2:$2](root)\n" +
+ "DEFAULT";
+ KerberosName.setRules(rules);
+ KerberosName.printRules();
+ }
+
+ private void checkTranslation(String from, String to) throws Exception {
+ System.out.println("Translate " + from);
+ KerberosName nm = new KerberosName(from);
+ String simple = nm.getShortName();
+ System.out.println("to " + simple);
+ assertEquals("short name incorrect", to, simple);
+ }
+
+ @Test
+ public void testRules() throws Exception {
+ checkTranslation("omalley@" + KerberosTestUtils.getRealm(), "omalley");
+ checkTranslation("hdfs/10.0.0.1@" + KerberosTestUtils.getRealm(), "hdfs");
+ checkTranslation("oom@YAHOO.COM", "oom");
+ checkTranslation("johndoe/zoo@FOO.COM", "guest");
+ checkTranslation("joe/admin@FOO.COM", "joe");
+ checkTranslation("joe/root@FOO.COM", "root");
+ }
+
+ private void checkBadName(String name) {
+ System.out.println("Checking " + name + " to ensure it is bad.");
+ try {
+ new KerberosName(name);
+ fail("didn't get exception for " + name);
+ } catch (IllegalArgumentException iae) {
+ // PASS
+ }
+ }
+
+ private void checkBadTranslation(String from) {
+ System.out.println("Checking bad translation for " + from);
+ KerberosName nm = new KerberosName(from);
+ try {
+ nm.getShortName();
+ fail("didn't get exception for " + from);
+ } catch (IOException ie) {
+ // PASS
+ }
+ }
+
+ @Test
+ public void testAntiPatterns() throws Exception {
+ checkBadName("owen/owen/owen@FOO.COM");
+ checkBadName("owen@foo/bar.com");
+ checkBadTranslation("foo@ACME.COM");
+ checkBadTranslation("root/joe@FOO.COM");
+ }
+}
Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java?rev=1167444&view=auto
==============================================================================
--- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java (added)
+++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java Sat Sep 10 02:57:10 2011
@@ -0,0 +1,93 @@
+/**
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License. See accompanying LICENSE file.
+ */
+package org.apache.hadoop.security.authentication.util;
+
+import junit.framework.TestCase;
+
+public class TestSigner extends TestCase {
+
+ public void testNoSecret() throws Exception {
+ try {
+ new Signer(null);
+ fail();
+ }
+ catch (IllegalArgumentException ex) {
+ }
+ }
+
+ public void testNullAndEmptyString() throws Exception {
+ Signer signer = new Signer("secret".getBytes());
+ try {
+ signer.sign(null);
+ fail();
+ } catch (IllegalArgumentException ex) {
+ // Expected
+ } catch (Throwable ex) {
+ fail();
+ }
+ try {
+ signer.sign("");
+ fail();
+ } catch (IllegalArgumentException ex) {
+ // Expected
+ } catch (Throwable ex) {
+ fail();
+ }
+ }
+
+ public void testSignature() throws Exception {
+ Signer signer = new Signer("secret".getBytes());
+ String s1 = signer.sign("ok");
+ String s2 = signer.sign("ok");
+ String s3 = signer.sign("wrong");
+ assertEquals(s1, s2);
+ assertNotSame(s1, s3);
+ }
+
+ public void testVerify() throws Exception {
+ Signer signer = new Signer("secret".getBytes());
+ String t = "test";
+ String s = signer.sign(t);
+ String e = signer.verifyAndExtract(s);
+ assertEquals(t, e);
+ }
+
+ public void testInvalidSignedText() throws Exception {
+ Signer signer = new Signer("secret".getBytes());
+ try {
+ signer.verifyAndExtract("test");
+ fail();
+ } catch (SignerException ex) {
+ // Expected
+ } catch (Throwable ex) {
+ fail();
+ }
+ }
+
+ public void testTampering() throws Exception {
+ Signer signer = new Signer("secret".getBytes());
+ String t = "test";
+ String s = signer.sign(t);
+ s += "x";
+ try {
+ signer.verifyAndExtract(s);
+ fail();
+ } catch (SignerException ex) {
+ // Expected
+ } catch (Throwable ex) {
+ fail();
+ }
+ }
+
+}