From: Scott M S. <st...@us...> - 2004-05-26 21:12:32
|
User: starksm Date: 04/05/26 14:12:25 Modified: src/main/org/jboss/test/security/test LoginModulesUnitTestCase.java Log: Add tests for the BaseCertLoginModule and CertRolesLoginModule Revision Changes Path 1.11 +170 -1 jbosstest/src/main/org/jboss/test/security/test/LoginModulesUnitTestCase.java Index: LoginModulesUnitTestCase.java =================================================================== RCS file: /cvsroot/jboss/jbosstest/src/main/org/jboss/test/security/test/LoginModulesUnitTestCase.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- LoginModulesUnitTestCase.java 25 Apr 2004 16:47:35 -0000 1.10 +++ LoginModulesUnitTestCase.java 26 May 2004 21:12:24 -0000 1.11 @@ -8,8 +8,11 @@ import java.lang.reflect.Method; import java.io.Serializable; +import java.io.IOException; import java.security.MessageDigest; import java.security.Principal; +import java.security.KeyStore; +import java.security.cert.X509Certificate; import java.security.acl.Group; import java.sql.Connection; import java.sql.DriverManager; @@ -19,6 +22,7 @@ import java.util.HashMap; import java.util.Iterator; import java.util.Set; +import java.net.URL; import javax.naming.InitialContext; import javax.security.auth.Subject; import javax.security.auth.login.AppConfigurationEntry; @@ -39,14 +43,18 @@ import org.jboss.security.SimplePrincipal; import org.jboss.security.Util; import org.jboss.security.SecurityAssociation; +import org.jboss.security.SecurityDomain; import org.jboss.security.auth.callback.UsernamePasswordHandler; +import org.jboss.security.auth.callback.SecurityAssociationHandler; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; import org.jboss.test.JBossTestCase; +import com.sun.net.ssl.KeyManagerFactory; +import com.sun.net.ssl.TrustManagerFactory; /** Tests of the LoginModule classes. @author Sco...@jb... - @version $Revision: 1.10 $ + @version $Revision: 1.11 $ */ public class LoginModulesUnitTestCase extends JBossTestCase { @@ -210,6 +218,26 @@ AppConfigurationEntry[] entry = {ace}; return entry; } + AppConfigurationEntry[] testCertLogin() + { + String name = "org.jboss.security.auth.spi.BaseCertLoginModule"; + HashMap options = new HashMap(); + options.put("securityDomain", "testCertLogin"); + AppConfigurationEntry ace = new AppConfigurationEntry(name, + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); + AppConfigurationEntry[] entry = {ace}; + return entry; + } + AppConfigurationEntry[] testCertRoles() + { + String name = "org.jboss.security.auth.spi.CertRolesLoginModule"; + HashMap options = new HashMap(); + options.put("securityDomain", "testCertRoles"); + AppConfigurationEntry ace = new AppConfigurationEntry(name, + AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options); + AppConfigurationEntry[] entry = {ace}; + return entry; + } AppConfigurationEntry[] other() { AppConfigurationEntry ace = new AppConfigurationEntry(TestLoginModule.class.getName(), @@ -300,6 +328,83 @@ } } + static class TestSecurityDomain implements SecurityDomain, Serializable + { + private transient KeyStore store; + + public KeyStore getKeyStore() throws SecurityException + { + return store; + } + + public KeyManagerFactory getKeyManagerFactory() throws SecurityException + { + return null; + } + + public KeyStore getTrustStore() throws SecurityException + { + return store; + } + + public TrustManagerFactory getTrustManagerFactory() throws SecurityException + { + return null; + } + + public String getSecurityDomain() + { + return null; + } + + public Subject getActiveSubject() + { + return null; + } + + public boolean isValid(Principal principal, Object credential, + Subject activeSubject) + { + return false; + } + + public boolean isValid(Principal principal, Object credential) + { + return false; + } + + public Principal getPrincipal(Principal principal) + { + return null; + } + + public boolean doesUserHaveRole(Principal principal, Set roles) + { + return false; + } + + public Set getUserRoles(Principal principal) + { + return null; + } + + private void readObject(java.io.ObjectInputStream in) + throws IOException + { + try + { + store = KeyStore.getInstance("JKS"); + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + URL resURL = loader.getResource("security/tst.keystore"); + store.load(resURL.openStream(), "unit-tests".toCharArray()); + } + catch(Exception e) + { + throw new IOException(e.toString()); + } + } + } + public LoginModulesUnitTestCase(String testName) { super(testName); @@ -725,6 +830,70 @@ } } + public void testCertLogin() throws Exception + { + getLog().info("testCertLogin"); + InitialContext ctx = new InitialContext(); + ctx.rebind("testCertLogin", new TestSecurityDomain()); + + KeyStore store = KeyStore.getInstance("JKS"); + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + URL resURL = loader.getResource("security/tst.keystore"); + store.load(resURL.openStream(), "unit-tests".toCharArray()); + X509Certificate cert = (X509Certificate) store.getCertificate("unit-tests"); + SimplePrincipal x509 = new SimplePrincipal("unit-tests"); + SecurityAssociationHandler handler = new SecurityAssociationHandler(x509, cert); + LoginContext lc = new LoginContext("testCertLogin", handler); + lc.login(); + Subject subject = lc.getSubject(); + assertTrue("Principals contains unit-tests", subject.getPrincipals().contains(new SimplePrincipal("unit-tests"))); + assertTrue("Principals contains x509cert", + subject.getPublicCredentials().contains(cert)); + } + + public void testCertRoles() throws Exception + { + getLog().info("testCertRoles"); + InitialContext ctx = new InitialContext(); + ctx.rebind("testCertRoles", new TestSecurityDomain()); + + KeyStore store = KeyStore.getInstance("JKS"); + ClassLoader loader = Thread.currentThread().getContextClassLoader(); + URL resURL = loader.getResource("security/tst.keystore"); + store.load(resURL.openStream(), "unit-tests".toCharArray()); + X509Certificate cert = (X509Certificate) store.getCertificate("unit-tests"); + SimplePrincipal x509 = new SimplePrincipal("unit-tests"); + SecurityAssociationHandler handler = new SecurityAssociationHandler(x509, cert); + LoginContext lc = new LoginContext("testCertRoles", handler); + lc.login(); + Subject subject = lc.getSubject(); + Set groups = subject.getPrincipals(Group.class); + assertTrue("Principals contains unit-tests", subject.getPrincipals().contains(new SimplePrincipal("unit-tests"))); + assertTrue("Principals contains Roles", groups.contains(new SimplePrincipal("Roles"))); + assertTrue("Principals contains x509cert", + subject.getPublicCredentials().contains(cert)); + Group roles = (Group) groups.iterator().next(); + Iterator groupsIter = groups.iterator(); + while( groupsIter.hasNext() ) + { + roles = (Group) groupsIter.next(); + if( roles.getName().equals("Roles") ) + { + assertTrue("CertUser is a role", roles.isMember(new SimplePrincipal("CertUser"))); + assertTrue("Java is NOT a role", roles.isMember(new SimplePrincipal("Java")) == false); + assertTrue("Coder is NOT a role", roles.isMember(new SimplePrincipal("Coder")) == false); + } + else if( roles.getName().equals("CallerPrincipal") ) + { + getLog().info("CallerPrincipal is "+roles.members().nextElement()); + boolean isMember = roles.isMember(new SimplePrincipal("callerX509")); + assertTrue("CallerPrincipal is callerX509", isMember); + } + } + lc.logout(); + + } + private Connection setupLoginTables() throws Exception { Class.forName("org.hsqldb.jdbcDriver"); |