| /** |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.activemq.jaas; |
| |
| import java.io.IOException; |
| import java.security.Principal; |
| import java.util.HashMap; |
| import java.util.HashSet; |
| import java.util.Iterator; |
| import java.util.List; |
| import java.util.Set; |
| import java.util.Vector; |
| |
| import javax.security.auth.Subject; |
| import javax.security.auth.login.LoginException; |
| |
| import junit.framework.TestCase; |
| |
| public class CertificateLoginModuleTest extends TestCase { |
| |
| private static final String USER_NAME = "testUser"; |
| private static final List<String> GROUP_NAMES = new Vector<String>(); |
| |
| private StubCertificateLoginModule loginModule; |
| |
| private Subject subject; |
| |
| public CertificateLoginModuleTest() { |
| GROUP_NAMES.add("testGroup1"); |
| GROUP_NAMES.add("testGroup2"); |
| GROUP_NAMES.add("testGroup3"); |
| GROUP_NAMES.add("testGroup4"); |
| } |
| |
| protected void setUp() throws Exception { |
| subject = new Subject(); |
| } |
| |
| protected void tearDown() throws Exception { |
| } |
| |
| private void loginWithCredentials(String userName, Set<String> groupNames) throws LoginException { |
| loginModule = new StubCertificateLoginModule(userName, new HashSet<String>(groupNames)); |
| JaasCertificateCallbackHandler callbackHandler = new JaasCertificateCallbackHandler(null); |
| |
| loginModule.initialize(subject, callbackHandler, null, new HashMap()); |
| |
| loginModule.login(); |
| loginModule.commit(); |
| } |
| |
| private void checkPrincipalsMatch(Subject subject) { |
| boolean nameFound = false; |
| boolean groupsFound[] = new boolean[GROUP_NAMES.size()]; |
| for (int i = 0; i < groupsFound.length; ++i) { |
| groupsFound[i] = false; |
| } |
| |
| for (Iterator iter = subject.getPrincipals().iterator(); iter.hasNext();) { |
| Principal currentPrincipal = (Principal)iter.next(); |
| |
| if (currentPrincipal instanceof UserPrincipal) { |
| if (((UserPrincipal)currentPrincipal).getName().equals(USER_NAME)) { |
| if (!nameFound) { |
| nameFound = true; |
| } else { |
| fail("UserPrincipal found twice."); |
| } |
| |
| } else { |
| fail("Unknown UserPrincipal found."); |
| } |
| |
| } else if (currentPrincipal instanceof GroupPrincipal) { |
| int principalIdx = GROUP_NAMES.indexOf(((GroupPrincipal)currentPrincipal).getName()); |
| |
| if (principalIdx < 0) { |
| fail("Unknown GroupPrincipal found."); |
| } |
| |
| if (!groupsFound[principalIdx]) { |
| groupsFound[principalIdx] = true; |
| } else { |
| fail("GroupPrincipal found twice."); |
| } |
| } else { |
| fail("Unknown Principal type found."); |
| } |
| } |
| } |
| |
| public void testLoginSuccess() throws IOException { |
| try { |
| loginWithCredentials(USER_NAME, new HashSet<String>(GROUP_NAMES)); |
| } catch (Exception e) { |
| fail("Unable to login: " + e.getMessage()); |
| } |
| |
| checkPrincipalsMatch(subject); |
| } |
| |
| public void testLoginFailure() throws IOException { |
| boolean loginFailed = false; |
| |
| try { |
| loginWithCredentials(null, new HashSet<String>()); |
| } catch (LoginException e) { |
| loginFailed = true; |
| } |
| |
| if (!loginFailed) { |
| fail("Logged in with unknown certificate."); |
| } |
| } |
| |
| public void testLogOut() throws IOException { |
| try { |
| loginWithCredentials(USER_NAME, new HashSet<String>(GROUP_NAMES)); |
| } catch (Exception e) { |
| fail("Unable to login: " + e.getMessage()); |
| } |
| |
| loginModule.logout(); |
| |
| assertEquals("logout should have cleared Subject principals.", 0, subject.getPrincipals().size()); |
| } |
| } |