diff options
Diffstat (limited to 'java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java')
-rw-r--r-- | java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java b/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java new file mode 100644 index 0000000000..c7a43a292b --- /dev/null +++ b/java/systests/src/main/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java @@ -0,0 +1,184 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + * + */ +package org.apache.qpid.server.security.auth.manager; + +import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE; +import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD; +import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE; +import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +import javax.jms.Connection; +import javax.jms.JMSException; + +import org.apache.commons.configuration.ConfigurationException; +import org.apache.qpid.client.AMQConnectionURL; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.Port; +import org.apache.qpid.server.model.Transport; +import org.apache.qpid.server.plugin.AuthenticationManagerFactory; +import org.apache.qpid.test.utils.QpidBrokerTestCase; +import org.apache.qpid.test.utils.TestBrokerConfiguration; + +public class ExternalAuthenticationTest extends QpidBrokerTestCase +{ + @Override + protected void setUp() throws Exception + { + // not calling super.setUp() to avoid broker start-up + } + + /** + * Tests that when EXTERNAL authentication is used on the SSL port, clients presenting certificates are able to connect. + * Also, checks that default authentication manager PrincipalDatabaseAuthenticationManager is used on non SSL port. + */ + public void testExternalAuthenticationManagerOnSSLPort() throws Exception + { + setCommonBrokerSSLProperties(true); + getBrokerConfiguration().setObjectAttribute(TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_MANAGER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); + super.setUp(); + + setClientKeystoreProperties(); + setClientTrustoreProperties(); + + try + { + getExternalSSLConnection(false); + } + catch (JMSException e) + { + fail("Should be able to create a connection to the SSL port: " + e.getMessage()); + } + + try + { + getConnection(); + } + catch (JMSException e) + { + fail("Should be able to create a connection with credentials to the standard port: " + e.getMessage()); + } + + } + + /** + * Tests that when EXTERNAL authentication manager is set as the default, clients presenting certificates are able to connect. + * Also, checks a client with valid username and password but not using ssl is unable to connect to the non SSL port. + */ + public void testExternalAuthenticationManagerAsDefault() throws Exception + { + setCommonBrokerSSLProperties(true); + getBrokerConfiguration().setBrokerAttribute(Broker.DEFAULT_AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); + super.setUp(); + + setClientKeystoreProperties(); + setClientTrustoreProperties(); + + try + { + getConnection(); + fail("Connection should not succeed"); + } + catch (JMSException e) + { + // pass + } + + try + { + getExternalSSLConnection(false); + } + catch (JMSException e) + { + fail("Should be able to create a connection to the SSL port. " + e.getMessage()); + } + } + + /** + * Tests that when EXTERNAL authentication manager is set as the default, clients without certificates are unable to connect to the SSL port + * even with valid username and password. + */ + public void testExternalAuthenticationManagerWithoutClientKeyStore() throws Exception + { + setCommonBrokerSSLProperties(false); + getBrokerConfiguration().setBrokerAttribute(Broker.DEFAULT_AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); + super.setUp(); + + setClientTrustoreProperties(); + + try + { + getExternalSSLConnection(true); + fail("Connection should not succeed"); + } + catch (JMSException e) + { + // pass + } + } + + private Connection getExternalSSLConnection(boolean includeUserNameAndPassword) throws Exception + { + String url = "amqp://%s@test/?brokerlist='tcp://localhost:%s?ssl='true'&sasl_mechs='EXTERNAL''"; + if (includeUserNameAndPassword) + { + url = String.format(url, "guest:guest", String.valueOf(QpidBrokerTestCase.DEFAULT_SSL_PORT)); + } + else + { + url = String.format(url, ":", String.valueOf(QpidBrokerTestCase.DEFAULT_SSL_PORT)); + } + return getConnection(new AMQConnectionURL(url)); + } + + private void setCommonBrokerSSLProperties(boolean needClientAuth) throws ConfigurationException + { + TestBrokerConfiguration config = getBrokerConfiguration(); + Map<String, Object> sslPortAttributes = new HashMap<String, Object>(); + sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); + sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); + sslPortAttributes.put(Port.NEED_CLIENT_AUTH, String.valueOf(needClientAuth)); + sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); + config.addPortConfiguration(sslPortAttributes); + + Map<String, Object> externalAuthProviderAttributes = new HashMap<String, Object>(); + externalAuthProviderAttributes.put(AuthenticationManagerFactory.ATTRIBUTE_TYPE, ExternalAuthenticationManagerFactory.PROVIDER_TYPE); + externalAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER); + config.addAuthenticationProviderConfiguration(externalAuthProviderAttributes); + } + + private void setClientKeystoreProperties() + { + setSystemProperty("javax.net.ssl.keyStore", KEYSTORE); + setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD); + } + + private void setClientTrustoreProperties() + { + setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE); + setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD); + setSystemProperty("javax.net.debug", "ssl"); + } +} |