-
Notifications
You must be signed in to change notification settings - Fork 279
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY 2173] Add test for the CLIENT_CERT mechanism
- Loading branch information
Dimitris Kafetzis
committed
Mar 27, 2024
1 parent
eee9b1e
commit 2e9d6e3
Showing
5 changed files
with
293 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
124 changes: 124 additions & 0 deletions
124
...est/java/org.wildfly.security.http.cert/ClientCertAuthenticationMechanismFactoryTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,124 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2024 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.cert; | ||
|
|
||
| import org.wildfly.security.http.HttpAuthenticationException; | ||
| import org.wildfly.security.http.HttpServerAuthenticationMechanism; | ||
| import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; | ||
|
|
||
| import javax.security.auth.callback.Callback; | ||
| import javax.security.auth.callback.CallbackHandler; | ||
| import javax.security.auth.callback.UnsupportedCallbackException; | ||
| import java.io.IOException; | ||
| import java.util.HashMap; | ||
| import java.util.Map; | ||
| import org.junit.Assert; | ||
| import org.junit.Test; | ||
|
|
||
| public class ClientCertAuthenticationMechanismFactoryTest { | ||
| private HttpServerAuthenticationMechanismFactory clientCertMechanismFactory = new ClientCertMechanismFactory(); | ||
|
|
||
| CallbackHandler dummyCallbackHandler = new CallbackHandler() { | ||
| @Override | ||
| public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { | ||
| } | ||
| }; | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#getMechanismNames(Map)} correctly | ||
| * handles null or empty properties parameter as possible value. | ||
| */ | ||
| @Test | ||
| public void testGetMechanismNamesPropertiesNull() { | ||
| clientCertMechanismFactory.getMechanismNames(null); | ||
| clientCertMechanismFactory.getMechanismNames(new HashMap<String, String>()); | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#getMechanismNames(Map)} does not return null. | ||
| */ | ||
| @Test | ||
| public void testGetMechanismNamesReturnNotNull() { | ||
| String[] mechanismNames = clientCertMechanismFactory.getMechanismNames(null); | ||
| Assert.assertNotNull("Array of mechanism names is not null.", mechanismNames); | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle null mechanism name parameter correctly - does not allow. | ||
| * @throws HttpAuthenticationException | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismMechanismNameNull() throws HttpAuthenticationException { | ||
| try { | ||
| clientCertMechanismFactory.createAuthenticationMechanism(null, new HashMap<String,String>(), dummyCallbackHandler); | ||
| Assert.fail("Mechanism name could not be null"); | ||
| } catch (IllegalArgumentException e) { | ||
| // OK - expected exception state | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle null properties parameter correctly - does not allow. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismPropertiesNull() throws HttpAuthenticationException { | ||
| try { | ||
| clientCertMechanismFactory.createAuthenticationMechanism("CLIENT_CERT", null, dummyCallbackHandler); | ||
| Assert.fail("Properties could not be null"); | ||
| } catch (IllegalArgumentException e) { | ||
| // OK - expected exception state | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle wrong mechanism ("BASIC") - returns null. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismBasicMechanismName() throws HttpAuthenticationException{ | ||
| HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = clientCertMechanismFactory.createAuthenticationMechanism("BASIC",new HashMap<String,String>(),dummyCallbackHandler); | ||
| Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle null properties parameter correctly - does not allow. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismCallbackHandlerNull() throws HttpAuthenticationException { | ||
| try { | ||
| clientCertMechanismFactory.createAuthenticationMechanism("CLIENT_CERT", new HashMap<String,String>(), null); | ||
| Assert.fail("CallbackHandler could not be null"); | ||
| } catch (IllegalArgumentException e) { | ||
| // OK - expected exception state | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle wrong mechanism name correctly - returns null. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismWrongMechanismName() throws HttpAuthenticationException { | ||
| HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = clientCertMechanismFactory.createAuthenticationMechanism("MECHANISM_NAME_DOES_NOT_EXISTS", new HashMap<String,String>(), dummyCallbackHandler); | ||
| Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85 changes: 85 additions & 0 deletions
85
...e/src/test/java/org/wildfly/security/http/cert/ClientCertAuthenticationMechanismTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| /* | ||
| * JBoss, Home of Professional Open Source. | ||
| * Copyright 2024 Red Hat, Inc., and individual contributors | ||
| * as indicated by the @author tags. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package org.wildfly.security.http.cert; | ||
|
|
||
| import mockit.Tested; | ||
| import org.junit.AfterClass; | ||
| import org.junit.Assert; | ||
| import org.junit.BeforeClass; | ||
| import org.junit.Test; | ||
| import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm; | ||
| import org.wildfly.security.auth.server.SecurityDomain; | ||
| import org.wildfly.security.cache.IdentityCache; | ||
| import org.wildfly.security.http.HttpAuthenticationException; | ||
| import org.wildfly.security.http.HttpServerAuthenticationMechanism; | ||
| import org.wildfly.security.http.impl.AbstractBaseHttpTest; | ||
|
|
||
| import javax.security.auth.x500.X500Principal; | ||
| import java.security.Provider; | ||
| import java.security.Security; | ||
| import java.util.HashMap; | ||
| import java.util.Map; | ||
| import static org.wildfly.security.http.HttpConstants.*; | ||
|
|
||
| public class ClientCertAuthenticationMechanismTest extends AbstractBaseHttpTest { | ||
| private static final Provider provider = WildFlyElytronHttpClientCertProvider.getInstance(); | ||
|
|
||
| @Tested | ||
| private IdentityCache identityCache; | ||
|
|
||
| @BeforeClass | ||
| public static void registerCertProvider() { | ||
| Security.insertProviderAt(provider, 1); | ||
| SecurityDomain securityDomain = SecurityDomain.builder().addRealm("Simple", new SimpleMapBackedSecurityRealm()).build().setDefaultRealmName("Simple").build(); | ||
| } | ||
|
|
||
| @AfterClass | ||
| public static void removeCertProvider() { | ||
| Security.removeProvider(provider.getName()); | ||
| } | ||
|
|
||
| private HttpServerAuthenticationMechanism createMechanism() throws HttpAuthenticationException { | ||
| Map<String, Object> props = new HashMap<>(); | ||
| return certFactory.createAuthenticationMechanism(CLIENT_CERT_NAME, props, getCallbackHandler("Duk3")); | ||
| } | ||
|
|
||
| //Test request with no certs | ||
| @Test | ||
| public void testNoCert() throws Exception { | ||
| TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{}); | ||
| createMechanism().evaluateRequest(request); | ||
| Assert.assertEquals(Status.NO_AUTH, request.getResult()); | ||
| } | ||
|
|
||
| //Test request with invalid/unknown cert | ||
| @Test | ||
| public void testUnknownCert() throws Exception { | ||
| TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{"Cert random"}, new X500Principal("CN=Duke, OU=Test, O=Wonderland, C=US")); | ||
| createMechanism().evaluateRequest(request); | ||
| Assert.assertEquals(Status.FAILED, request.getResult()); | ||
| } | ||
|
|
||
| //Test request with known cert | ||
| @Test | ||
| public void testKnownCert() throws Exception { | ||
| TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{"Cert test"}, new X500Principal("CN=Duk3, OU=T3st, O=W0nd3rl4nd, C=US")); | ||
| createMechanism().evaluateRequest(request); | ||
| Assert.assertEquals(Status.COMPLETE, request.getResult()); | ||
| } | ||
| } |
Oops, something went wrong.