diff options
Diffstat (limited to 'qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java')
-rw-r--r-- | qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java | 269 |
1 files changed, 138 insertions, 131 deletions
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java index 6dc7b19d3d..e8c24da68d 100644 --- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java +++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java @@ -20,125 +20,188 @@ */ package org.apache.qpid.server.security.auth.rmi; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.io.IOException; import java.util.Collections; import javax.management.remote.JMXPrincipal; import javax.security.auth.Subject; -import javax.security.sasl.SaslException; -import javax.security.sasl.SaslServer; -import junit.framework.TestCase; +import org.apache.qpid.server.security.auth.database.Base64MD5PasswordFilePrincipalDatabase; +import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase; -import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin; -import org.apache.qpid.server.security.auth.AuthenticationResult; -import org.apache.qpid.server.security.auth.AuthenticationResult.AuthenticationStatus; -import org.apache.qpid.server.security.auth.manager.AuthenticationManager; +import junit.framework.TestCase; -/** - * Tests the RMIPasswordAuthenticator and its collaboration with the AuthenticationManager. - * - */ public class RMIPasswordAuthenticatorTest extends TestCase { private final String USERNAME = "guest"; private final String PASSWORD = "guest"; + private final String B64_MD5HASHED_PASSWORD = "CE4DQ6BIb/BVMN9scFyLtA=="; private RMIPasswordAuthenticator _rmipa; - private String[] _credentials; + + private Base64MD5PasswordFilePrincipalDatabase _md5Pd; + private File _md5PwdFile; + + private PlainPasswordFilePrincipalDatabase _plainPd; + private File _plainPwdFile; + + private Subject testSubject; protected void setUp() throws Exception { _rmipa = new RMIPasswordAuthenticator(); - _credentials = new String[] {USERNAME, PASSWORD}; - } - - /** - * Tests a successful authentication. Ensures that a populated read-only subject it returned. - */ - public void testAuthenticationSuccess() - { - final Subject expectedSubject = new Subject(true, + _md5Pd = new Base64MD5PasswordFilePrincipalDatabase(); + _md5PwdFile = createTempPasswordFile(this.getClass().getName()+"md5pwd", USERNAME, B64_MD5HASHED_PASSWORD); + _md5Pd.setPasswordFile(_md5PwdFile.getAbsolutePath()); + + _plainPd = new PlainPasswordFilePrincipalDatabase(); + _plainPwdFile = createTempPasswordFile(this.getClass().getName()+"plainpwd", USERNAME, PASSWORD); + _plainPd.setPasswordFile(_plainPwdFile.getAbsolutePath()); + + testSubject = new Subject(true, Collections.singleton(new JMXPrincipal(USERNAME)), Collections.EMPTY_SET, Collections.EMPTY_SET); + } + + private File createTempPasswordFile(String filenamePrefix, String user, String password) + { + try + { + File testFile = File.createTempFile(filenamePrefix,"tmp"); + testFile.deleteOnExit(); + + BufferedWriter writer = new BufferedWriter(new FileWriter(testFile)); - _rmipa.setAuthenticationManager(createTestAuthenticationManager(true, null)); + writer.write(user + ":" + password); + writer.newLine(); + writer.flush(); + writer.close(); - Subject newSubject = _rmipa.authenticate(_credentials); - assertTrue("Subject must be readonly", newSubject.isReadOnly()); - assertTrue("Returned subject does not equal expected value", - newSubject.equals(expectedSubject)); + return testFile; + } + catch (IOException e) + { + fail("Unable to create temporary test password file." + e.getMessage()); + } + return null; } + + + //********** Test Methods *********// + - /** - * Tests a unsuccessful authentication. - */ - public void testUsernameOrPasswordInvalid() + public void testAuthenticate() { - _rmipa.setAuthenticationManager(createTestAuthenticationManager(false, null)); - + String[] credentials; + Subject newSubject; + + // Test when no PD has been set try { - _rmipa.authenticate(_credentials); - fail("Exception not thrown"); + credentials = new String[]{USERNAME, PASSWORD}; + newSubject = _rmipa.authenticate(credentials); + fail("SecurityException expected due to lack of principal database"); } catch (SecurityException se) { assertEquals("Unexpected exception message", - RMIPasswordAuthenticator.INVALID_CREDENTIALS, se.getMessage()); - + RMIPasswordAuthenticator.UNABLE_TO_LOOKUP, se.getMessage()); } - } - /** - * Tests case where authentication system itself fails. - */ - public void testAuthenticationFailure() - { - final Exception mockAuthException = new Exception("Mock Auth system failure"); - _rmipa.setAuthenticationManager(createTestAuthenticationManager(false, mockAuthException)); + //The PrincipalDatabase's are tested primarily by their own tests, but + //minimal tests are done here to exercise their usage in this area. + + // Test correct passwords are verified with an MD5 PD + try + { + _rmipa.setPrincipalDatabase(_md5Pd); + credentials = new String[]{USERNAME, PASSWORD}; + newSubject = _rmipa.authenticate(credentials); + assertTrue("Returned subject does not equal expected value", + newSubject.equals(testSubject)); + } + catch (Exception e) + { + fail("Unexpected Exception:" + e.getMessage()); + } + // Test incorrect passwords are not verified with an MD5 PD try { - _rmipa.authenticate(_credentials); - fail("Exception not thrown"); + credentials = new String[]{USERNAME, PASSWORD+"incorrect"}; + newSubject = _rmipa.authenticate(credentials); + fail("SecurityException expected due to incorrect password"); } catch (SecurityException se) { - assertEquals("Initial cause not found", mockAuthException, se.getCause()); + assertEquals("Unexpected exception message", + RMIPasswordAuthenticator.INVALID_CREDENTIALS, se.getMessage()); + } + + // Test non-existent accounts are not verified with an MD5 PD + try + { + credentials = new String[]{USERNAME+"invalid", PASSWORD}; + newSubject = _rmipa.authenticate(credentials); + fail("SecurityException expected due to non-existant account"); + } + catch (SecurityException se) + { + assertEquals("Unexpected exception message", + RMIPasswordAuthenticator.INVALID_CREDENTIALS, se.getMessage()); } - } + // Test correct passwords are verified with a Plain PD + try + { + _rmipa.setPrincipalDatabase(_plainPd); + credentials = new String[]{USERNAME, PASSWORD}; + newSubject = _rmipa.authenticate(credentials); + assertTrue("Returned subject does not equal expected value", + newSubject.equals(testSubject)); + } + catch (Exception e) + { + fail("Unexpected Exception"); + } - /** - * Tests case where authentication manager is not set. - */ - public void testNullAuthenticationManager() - { + // Test incorrect passwords are not verified with a Plain PD try { - _rmipa.authenticate(_credentials); - fail("SecurityException expected due to lack of authentication manager"); + credentials = new String[]{USERNAME, PASSWORD+"incorrect"}; + newSubject = _rmipa.authenticate(credentials); + fail("SecurityException expected due to incorrect password"); } catch (SecurityException se) { assertEquals("Unexpected exception message", - RMIPasswordAuthenticator.UNABLE_TO_LOOKUP, se.getMessage()); + RMIPasswordAuthenticator.INVALID_CREDENTIALS, se.getMessage()); + } + + // Test non-existent accounts are not verified with an Plain PD + try + { + credentials = new String[]{USERNAME+"invalid", PASSWORD}; + newSubject = _rmipa.authenticate(credentials); + fail("SecurityException expected due to non existant account"); + } + catch (SecurityException se) + { + assertEquals("Unexpected exception message", + RMIPasswordAuthenticator.INVALID_CREDENTIALS, se.getMessage()); } - } - /** - * Tests case where arguments are non-Strings.. - */ - public void testWithNonStringArrayArgument() - { // Test handling of non-string credential's - final Object[] objCredentials = new Object[]{USERNAME, PASSWORD}; try { - _rmipa.authenticate(objCredentials); + Object[] objCredentials = new Object[]{USERNAME, PASSWORD}; + newSubject = _rmipa.authenticate(objCredentials); fail("SecurityException expected due to non string[] credentials"); } catch (SecurityException se) @@ -146,18 +209,12 @@ public class RMIPasswordAuthenticatorTest extends TestCase assertEquals("Unexpected exception message", RMIPasswordAuthenticator.SHOULD_BE_STRING_ARRAY, se.getMessage()); } - } - - /** - * Tests case where there are too many, too few or null arguments. - */ - public void testWithIllegalNumberOfArguments() - { - // Test handling of incorrect number of credentials + + // Test handling of incorrect number of credential's try { - _credentials = new String[]{USERNAME, PASSWORD, PASSWORD}; - _rmipa.authenticate(_credentials); + credentials = new String[]{USERNAME, PASSWORD, PASSWORD}; + newSubject = _rmipa.authenticate(credentials); fail("SecurityException expected due to supplying wrong number of credentials"); } catch (SecurityException se) @@ -166,12 +223,12 @@ public class RMIPasswordAuthenticatorTest extends TestCase RMIPasswordAuthenticator.SHOULD_HAVE_2_ELEMENTS, se.getMessage()); } - // Test handling of null credentials + // Test handling of null credential's try { //send a null array - _credentials = null; - _rmipa.authenticate(_credentials); + credentials = null; + newSubject = _rmipa.authenticate(credentials); fail("SecurityException expected due to not supplying an array of credentials"); } catch (SecurityException se) @@ -183,8 +240,8 @@ public class RMIPasswordAuthenticatorTest extends TestCase try { //send a null password - _credentials = new String[]{USERNAME, null}; - _rmipa.authenticate(_credentials); + credentials = new String[]{USERNAME, null}; + newSubject = _rmipa.authenticate(credentials); fail("SecurityException expected due to sending a null password"); } catch (SecurityException se) @@ -196,8 +253,8 @@ public class RMIPasswordAuthenticatorTest extends TestCase try { //send a null username - _credentials = new String[]{null, PASSWORD}; - _rmipa.authenticate(_credentials); + credentials = new String[]{null, PASSWORD}; + newSubject = _rmipa.authenticate(credentials); fail("SecurityException expected due to sending a null username"); } catch (SecurityException se) @@ -207,54 +264,4 @@ public class RMIPasswordAuthenticatorTest extends TestCase } } - private AuthenticationManager createTestAuthenticationManager(final boolean successfulAuth, final Exception exception) - { - return new AuthenticationManager() - { - public void configure(ConfigurationPlugin config) - { - throw new UnsupportedOperationException(); - } - - public void initialise() - { - throw new UnsupportedOperationException(); - } - - public void close() - { - throw new UnsupportedOperationException(); - } - - public String getMechanisms() - { - throw new UnsupportedOperationException(); - } - - public SaslServer createSaslServer(String mechanism, String localFQDN) throws SaslException - { - throw new UnsupportedOperationException(); - } - - public AuthenticationResult authenticate(SaslServer server, byte[] response) - { - throw new UnsupportedOperationException(); - } - - public AuthenticationResult authenticate(String username, String password) - { - if (exception != null) { - return new AuthenticationResult(AuthenticationStatus.ERROR, exception); - } - else if (successfulAuth) - { - return new AuthenticationResult(new Subject()); - } - else - { - return new AuthenticationResult(AuthenticationStatus.CONTINUE); - } - } - }; - } } |