trunk/activemq-core/src/test/java/org/apache/activemq/security/JaasCertificateAuthenticationBrokerTest.java - activemq - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.activemq.security;

 import java.security.Principal;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;

 import javax.security.auth.login.AppConfigurationEntry;
 import javax.security.auth.login.Configuration;

 import junit.framework.TestCase;
 import org.apache.activemq.broker.ConnectionContext;
 import org.apache.activemq.broker.StubBroker;
 import org.apache.activemq.command.ConnectionInfo;
 import org.apache.activemq.jaas.GroupPrincipal;
 import org.apache.activemq.jaas.UserPrincipal;
 import org.apache.activemq.transport.tcp.StubX509Certificate;

 public class JaasCertificateAuthenticationBrokerTest extends TestCase {
     StubBroker receiveBroker;

     JaasCertificateAuthenticationBroker authBroker;

     ConnectionContext connectionContext;
     ConnectionInfo connectionInfo;

     protected void setUp() throws Exception {
         receiveBroker = new StubBroker();

         authBroker = new JaasCertificateAuthenticationBroker(receiveBroker, "");

         connectionContext = new ConnectionContext();
         connectionInfo = new ConnectionInfo();

         connectionInfo.setTransportContext(new StubX509Certificate[] {});
     }

     protected void tearDown() throws Exception {
         super.tearDown();
     }

     private void setConfiguration(Set<String> userNames, Set<String> groupNames, boolean loginShouldSucceed) {
         HashMap<String, String> configOptions = new HashMap<String, String>();

         String userNamesString;
         {
             Iterator<String> iter = userNames.iterator();
             userNamesString = "" + (iter.hasNext() ? iter.next() : "");
             while (iter.hasNext()) {
                 userNamesString += "," + iter.next();
             }
         }

         String groupNamesString = "";
         {
             Iterator<String> iter = groupNames.iterator();
             groupNamesString = "" + (iter.hasNext() ? iter.next() : "");
             while (iter.hasNext()) {
                 groupNamesString += "," + iter.next();
             }
         }

         configOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, loginShouldSucceed ? "true" : "false");
         configOptions.put(StubLoginModule.USERS_PROPERTY, userNamesString);
         configOptions.put(StubLoginModule.GROUPS_PROPERTY, groupNamesString);
         AppConfigurationEntry configEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
                                                                       configOptions);

         StubJaasConfiguration jaasConfig = new StubJaasConfiguration(configEntry);

         Configuration.setConfiguration(jaasConfig);
     }

     public void testAddConnectionSuccess() {
         String dnUserName = "dnUserName";

         HashSet<String> userNames = new HashSet<String>();
         userNames.add(dnUserName);

         HashSet<String> groupNames = new HashSet<String>();
         groupNames.add("testGroup1");
         groupNames.add("testGroup2");
         groupNames.add("tesetGroup3");

         setConfiguration(userNames, groupNames, true);

         try {
             authBroker.addConnection(connectionContext, connectionInfo);
         } catch (Exception e) {
             fail("Call to addConnection failed: " + e.getMessage());
         }

         assertEquals("Number of addConnection calls to underlying Broker must match number of calls made to " + "AuthenticationBroker.", 1, receiveBroker.addConnectionData.size());

         ConnectionContext receivedContext = ((StubBroker.AddConnectionData)receiveBroker.addConnectionData.getFirst()).connectionContext;

         assertEquals("The SecurityContext's userName must be set to that of the UserPrincipal.", dnUserName, receivedContext.getSecurityContext().getUserName());

         Set receivedPrincipals = receivedContext.getSecurityContext().getPrincipals();

         for (Iterator iter = receivedPrincipals.iterator(); iter.hasNext();) {
             Principal currentPrincipal = (Principal)iter.next();

             if (currentPrincipal instanceof UserPrincipal) {
                 if (userNames.remove(currentPrincipal.getName())) {
                     // Nothing, we did good.
                 } else {
                     // Found an unknown userName.
                     fail("Unknown UserPrincipal found");
                 }
             } else if (currentPrincipal instanceof GroupPrincipal) {
                 if (groupNames.remove(currentPrincipal.getName())) {
                     // Nothing, we did good.
                 } else {
                     fail("Unknown GroupPrincipal found.");
                 }
             } else {
                 fail("Unexpected Principal subclass found.");
             }
         }

         if (!userNames.isEmpty()) {
             fail("Some usernames were not added as UserPrincipals");
         }

         if (!groupNames.isEmpty()) {
             fail("Some group names were not added as GroupPrincipals");
         }
     }

     public void testAddConnectionFailure() {
         HashSet<String> userNames = new HashSet<String>();

         HashSet<String> groupNames = new HashSet<String>();
         groupNames.add("testGroup1");
         groupNames.add("testGroup2");
         groupNames.add("tesetGroup3");

         setConfiguration(userNames, groupNames, false);

         boolean connectFailed = false;
         try {
             authBroker.addConnection(connectionContext, connectionInfo);
         } catch (SecurityException e) {
             connectFailed = true;
         } catch (Exception e) {
             fail("Failed to connect for unexpected reason: " + e.getMessage());
         }

         if (!connectFailed) {
             fail("Unauthenticated connection allowed.");
         }

         assertEquals("Unauthenticated connection allowed.", true, receiveBroker.addConnectionData.isEmpty());
     }

     public void testRemoveConnection() throws Exception {
         connectionContext.setSecurityContext(new StubSecurityContext());

         authBroker.removeConnection(connectionContext, connectionInfo, new Throwable());

         assertEquals("removeConnection should clear ConnectionContext.", null, connectionContext.getSecurityContext());

         assertEquals("Incorrect number of calls to underlying broker were made.", 1, receiveBroker.removeConnectionData.size());
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.activemq.security;

	import java.security.Principal;
	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.Iterator;
	import java.util.Set;

	import javax.security.auth.login.AppConfigurationEntry;
	import javax.security.auth.login.Configuration;

	import junit.framework.TestCase;
	import org.apache.activemq.broker.ConnectionContext;
	import org.apache.activemq.broker.StubBroker;
	import org.apache.activemq.command.ConnectionInfo;
	import org.apache.activemq.jaas.GroupPrincipal;
	import org.apache.activemq.jaas.UserPrincipal;
	import org.apache.activemq.transport.tcp.StubX509Certificate;

	public class JaasCertificateAuthenticationBrokerTest extends TestCase {
	StubBroker receiveBroker;

	JaasCertificateAuthenticationBroker authBroker;

	ConnectionContext connectionContext;
	ConnectionInfo connectionInfo;

	protected void setUp() throws Exception {
	receiveBroker = new StubBroker();

	authBroker = new JaasCertificateAuthenticationBroker(receiveBroker, "");

	connectionContext = new ConnectionContext();
	connectionInfo = new ConnectionInfo();

	connectionInfo.setTransportContext(new StubX509Certificate[] {});
	}

	protected void tearDown() throws Exception {
	super.tearDown();
	}

	private void setConfiguration(Set<String> userNames, Set<String> groupNames, boolean loginShouldSucceed) {
	HashMap<String, String> configOptions = new HashMap<String, String>();

	String userNamesString;
	{
	Iterator<String> iter = userNames.iterator();
	userNamesString = "" + (iter.hasNext() ? iter.next() : "");
	while (iter.hasNext()) {
	userNamesString += "," + iter.next();
	}
	}

	String groupNamesString = "";
	{
	Iterator<String> iter = groupNames.iterator();
	groupNamesString = "" + (iter.hasNext() ? iter.next() : "");
	while (iter.hasNext()) {
	groupNamesString += "," + iter.next();
	}
	}

	configOptions.put(StubLoginModule.ALLOW_LOGIN_PROPERTY, loginShouldSucceed ? "true" : "false");
	configOptions.put(StubLoginModule.USERS_PROPERTY, userNamesString);
	configOptions.put(StubLoginModule.GROUPS_PROPERTY, groupNamesString);
	AppConfigurationEntry configEntry = new AppConfigurationEntry("org.apache.activemq.security.StubLoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
	configOptions);

	StubJaasConfiguration jaasConfig = new StubJaasConfiguration(configEntry);

	Configuration.setConfiguration(jaasConfig);
	}

	public void testAddConnectionSuccess() {
	String dnUserName = "dnUserName";

	HashSet<String> userNames = new HashSet<String>();
	userNames.add(dnUserName);

	HashSet<String> groupNames = new HashSet<String>();
	groupNames.add("testGroup1");
	groupNames.add("testGroup2");
	groupNames.add("tesetGroup3");

	setConfiguration(userNames, groupNames, true);

	try {
	authBroker.addConnection(connectionContext, connectionInfo);
	} catch (Exception e) {
	fail("Call to addConnection failed: " + e.getMessage());
	}

	assertEquals("Number of addConnection calls to underlying Broker must match number of calls made to " + "AuthenticationBroker.", 1, receiveBroker.addConnectionData.size());

	ConnectionContext receivedContext = ((StubBroker.AddConnectionData)receiveBroker.addConnectionData.getFirst()).connectionContext;

	assertEquals("The SecurityContext's userName must be set to that of the UserPrincipal.", dnUserName, receivedContext.getSecurityContext().getUserName());

	Set receivedPrincipals = receivedContext.getSecurityContext().getPrincipals();

	for (Iterator iter = receivedPrincipals.iterator(); iter.hasNext();) {
	Principal currentPrincipal = (Principal)iter.next();

	if (currentPrincipal instanceof UserPrincipal) {
	if (userNames.remove(currentPrincipal.getName())) {
	// Nothing, we did good.
	} else {
	// Found an unknown userName.
	fail("Unknown UserPrincipal found");
	}
	} else if (currentPrincipal instanceof GroupPrincipal) {
	if (groupNames.remove(currentPrincipal.getName())) {
	// Nothing, we did good.
	} else {
	fail("Unknown GroupPrincipal found.");
	}
	} else {
	fail("Unexpected Principal subclass found.");
	}
	}

	if (!userNames.isEmpty()) {
	fail("Some usernames were not added as UserPrincipals");
	}

	if (!groupNames.isEmpty()) {
	fail("Some group names were not added as GroupPrincipals");
	}
	}

	public void testAddConnectionFailure() {
	HashSet<String> userNames = new HashSet<String>();

	HashSet<String> groupNames = new HashSet<String>();
	groupNames.add("testGroup1");
	groupNames.add("testGroup2");
	groupNames.add("tesetGroup3");

	setConfiguration(userNames, groupNames, false);

	boolean connectFailed = false;
	try {
	authBroker.addConnection(connectionContext, connectionInfo);
	} catch (SecurityException e) {
	connectFailed = true;
	} catch (Exception e) {
	fail("Failed to connect for unexpected reason: " + e.getMessage());
	}

	if (!connectFailed) {
	fail("Unauthenticated connection allowed.");
	}

	assertEquals("Unauthenticated connection allowed.", true, receiveBroker.addConnectionData.isEmpty());
	}

	public void testRemoveConnection() throws Exception {
	connectionContext.setSecurityContext(new StubSecurityContext());

	authBroker.removeConnection(connectionContext, connectionInfo, new Throwable());

	assertEquals("removeConnection should clear ConnectionContext.", null, connectionContext.getSecurityContext());

	assertEquals("Incorrect number of calls to underlying broker were made.", 1, receiveBroker.removeConnectionData.size());
	}
	}