redback-authentication/redback-authentication-providers/redback-authentication-ldap/src/test/java/org/apache/archiva/redback/authentication/ldap/LdapBindAuthenticatorTest.java - archiva-redback-core - Git at Google

 package org.apache.archiva.redback.authentication.ldap;

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import junit.framework.TestCase;
 import org.apache.archiva.redback.authentication.AuthenticationResult;
 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
 import org.apache.archiva.redback.policy.PasswordEncoder;
 import org.apache.archiva.redback.policy.encoders.SHA1PasswordEncoder;
 import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
 import org.apache.archiva.components.apacheds.ApacheDs;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.InitialDirContext;
 import java.util.Calendar;

 @RunWith( SpringJUnit4ClassRunner.class )
 @ContextConfiguration( locations = "classpath*:/META-INF/spring-context.xml" )
 public class LdapBindAuthenticatorTest
     extends TestCase
 {

     protected Logger log = LoggerFactory.getLogger( getClass() );

     @Inject
     @Named( value = "apacheDS#test" )
     private ApacheDs apacheDs;

     @Inject
     private LdapBindAuthenticator authnr;

     private String suffix;

     private PasswordEncoder passwordEncoder;

     @Inject
     private LdapCacheService ldapCacheService;

     @Before
     public void setUp()
         throws Exception
     {
         super.setUp();

         passwordEncoder = new SHA1PasswordEncoder();

         suffix =
             apacheDs.addSimplePartition( "test", new String[]{ "redback", "plexus", "codehaus", "org" } ).getSuffix();

         log.info( "DN Suffix: {}", suffix );

         apacheDs.startServer();

         makeUsers();

     }

     @After
     public void tearDown()
         throws Exception
     {
         // clear the cache
         ldapCacheService.removeAllLdapUserDn();

         InitialDirContext context = apacheDs.getAdminContext();

         context.unbind( createDn( "jesse" ) );

         context.unbind( createDn( "joakim" ) );

         context.unbind( createDn( "brent" ) );

         if ( !apacheDs.isStopped() )
         {
             apacheDs.stopServer();
         }

         super.tearDown();
     }

     @Test
     public void testAuthenticationEmptyPassword()
         throws Exception
     {
         PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();

         // Would throw NPE if attempting to bind, this hack tests bind prevention
         authDs.setPrincipal( "brent" );
         authDs.setPassword( null );
         AuthenticationResult result = authnr.authenticate( authDs );
         assertFalse( result.isAuthenticated() );

         // This passes anyway on ApacheDS, but not true for AD or Novel eDir
         authDs.setPassword( "" );
         result = authnr.authenticate( authDs );
         assertFalse( result.isAuthenticated() );
     }

     @Test
     public void testAuthentication()
         throws Exception
     {
         PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
         authDs.setPrincipal( "jesse" );
         authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
         AuthenticationResult result = authnr.authenticate( authDs );
         assertTrue( result.isAuthenticated() );
     }

     @Test
     public void testAuthenticationWithInvalidChar()
         throws Exception
     {
         PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
         authDs.setPrincipal( "jesse)(mail=foo" );
         authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
         AuthenticationResult result = authnr.authenticate( authDs );
         assertFalse( result.isAuthenticated() );
     }

     // REDBACK-289/MRM-1488
     @Test
     public void testAuthenticationFromCache()
         throws Exception
     {
         PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
         authDs.setPrincipal( "jesse" );
         authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );

         // user shouldn't be in the cache yet
         assertNull( ldapCacheService.getLdapUserDn( "jesse" ) );

         long startTime = Calendar.getInstance().getTimeInMillis();
         AuthenticationResult result = authnr.authenticate( authDs );
         long endTime = Calendar.getInstance().getTimeInMillis();

         assertTrue( result.isAuthenticated() );

         long firstAuth = endTime - startTime;

         // user should be in the cache now
         assertNotNull( ldapCacheService.getLdapUserDn( "jesse" ) );

         startTime = Calendar.getInstance().getTimeInMillis();
         result = authnr.authenticate( authDs );
         endTime = Calendar.getInstance().getTimeInMillis();

         long secondAuth = endTime - startTime;

         assertTrue( "Second authn should be quicker!", secondAuth < firstAuth );
     }

     private void makeUsers()
         throws Exception
     {
         InitialDirContext context = apacheDs.getAdminContext();

         String cn = "jesse";
         bindUserObject( context, cn, createDn( cn ) );

         cn = "joakim";
         bindUserObject( context, cn, createDn( cn ) );

         cn = "brent";
         bindUserObject( context, cn, createDn( cn ) );
     }

     private void bindUserObject( DirContext context, String cn, String dn )
         throws Exception
     {
         Attributes attributes = new BasicAttributes( true );
         BasicAttribute objectClass = new BasicAttribute( "objectClass" );
         objectClass.add( "top" );
         objectClass.add( "inetOrgPerson" );
         objectClass.add( "person" );
         objectClass.add( "organizationalperson" );
         attributes.put( objectClass );
         attributes.put( "cn", cn );
         attributes.put( "sn", "foo" );
         attributes.put( "mail", "foo" );
         attributes.put( "userPassword", passwordEncoder.encodePassword( "foo" ) );
         attributes.put( "givenName", "foo" );
         context.createSubcontext( dn, attributes );
     }

     private String createDn( String cn )
     {
         return "cn=" + cn + "," + suffix;
     }
 }
	package org.apache.archiva.redback.authentication.ldap;

	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import junit.framework.TestCase;
	import org.apache.archiva.redback.authentication.AuthenticationResult;
	import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
	import org.apache.archiva.redback.policy.PasswordEncoder;
	import org.apache.archiva.redback.policy.encoders.SHA1PasswordEncoder;
	import org.apache.archiva.redback.users.ldap.service.LdapCacheService;
	import org.apache.archiva.components.apacheds.ApacheDs;
	import org.junit.After;
	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.test.context.ContextConfiguration;
	import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;

	import javax.inject.Inject;
	import javax.inject.Named;
	import javax.naming.directory.Attributes;
	import javax.naming.directory.BasicAttribute;
	import javax.naming.directory.BasicAttributes;
	import javax.naming.directory.DirContext;
	import javax.naming.directory.InitialDirContext;
	import java.util.Calendar;

	@RunWith( SpringJUnit4ClassRunner.class )
	@ContextConfiguration( locations = "classpath*:/META-INF/spring-context.xml" )
	public class LdapBindAuthenticatorTest
	extends TestCase
	{

	protected Logger log = LoggerFactory.getLogger( getClass() );

	@Inject
	@Named( value = "apacheDS#test" )
	private ApacheDs apacheDs;

	@Inject
	private LdapBindAuthenticator authnr;

	private String suffix;

	private PasswordEncoder passwordEncoder;

	@Inject
	private LdapCacheService ldapCacheService;

	@Before
	public void setUp()
	throws Exception
	{
	super.setUp();

	passwordEncoder = new SHA1PasswordEncoder();

	suffix =
	apacheDs.addSimplePartition( "test", new String[]{ "redback", "plexus", "codehaus", "org" } ).getSuffix();

	log.info( "DN Suffix: {}", suffix );

	apacheDs.startServer();

	makeUsers();

	}

	@After
	public void tearDown()
	throws Exception
	{
	// clear the cache
	ldapCacheService.removeAllLdapUserDn();

	InitialDirContext context = apacheDs.getAdminContext();

	context.unbind( createDn( "jesse" ) );

	context.unbind( createDn( "joakim" ) );

	context.unbind( createDn( "brent" ) );

	if ( !apacheDs.isStopped() )
	{
	apacheDs.stopServer();
	}

	super.tearDown();
	}

	@Test
	public void testAuthenticationEmptyPassword()
	throws Exception
	{
	PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();

	// Would throw NPE if attempting to bind, this hack tests bind prevention
	authDs.setPrincipal( "brent" );
	authDs.setPassword( null );
	AuthenticationResult result = authnr.authenticate( authDs );
	assertFalse( result.isAuthenticated() );

	// This passes anyway on ApacheDS, but not true for AD or Novel eDir
	authDs.setPassword( "" );
	result = authnr.authenticate( authDs );
	assertFalse( result.isAuthenticated() );
	}

	@Test
	public void testAuthentication()
	throws Exception
	{
	PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
	authDs.setPrincipal( "jesse" );
	authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
	AuthenticationResult result = authnr.authenticate( authDs );
	assertTrue( result.isAuthenticated() );
	}

	@Test
	public void testAuthenticationWithInvalidChar()
	throws Exception
	{
	PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
	authDs.setPrincipal( "jesse)(mail=foo" );
	authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );
	AuthenticationResult result = authnr.authenticate( authDs );
	assertFalse( result.isAuthenticated() );
	}

	// REDBACK-289/MRM-1488
	@Test
	public void testAuthenticationFromCache()
	throws Exception
	{
	PasswordBasedAuthenticationDataSource authDs = new PasswordBasedAuthenticationDataSource();
	authDs.setPrincipal( "jesse" );
	authDs.setPassword( passwordEncoder.encodePassword( "foo" ) );

	// user shouldn't be in the cache yet
	assertNull( ldapCacheService.getLdapUserDn( "jesse" ) );

	long startTime = Calendar.getInstance().getTimeInMillis();
	AuthenticationResult result = authnr.authenticate( authDs );
	long endTime = Calendar.getInstance().getTimeInMillis();

	assertTrue( result.isAuthenticated() );

	long firstAuth = endTime - startTime;

	// user should be in the cache now
	assertNotNull( ldapCacheService.getLdapUserDn( "jesse" ) );

	startTime = Calendar.getInstance().getTimeInMillis();
	result = authnr.authenticate( authDs );
	endTime = Calendar.getInstance().getTimeInMillis();

	long secondAuth = endTime - startTime;

	assertTrue( "Second authn should be quicker!", secondAuth < firstAuth );
	}

	private void makeUsers()
	throws Exception
	{
	InitialDirContext context = apacheDs.getAdminContext();

	String cn = "jesse";
	bindUserObject( context, cn, createDn( cn ) );

	cn = "joakim";
	bindUserObject( context, cn, createDn( cn ) );

	cn = "brent";
	bindUserObject( context, cn, createDn( cn ) );
	}

	private void bindUserObject( DirContext context, String cn, String dn )
	throws Exception
	{
	Attributes attributes = new BasicAttributes( true );
	BasicAttribute objectClass = new BasicAttribute( "objectClass" );
	objectClass.add( "top" );
	objectClass.add( "inetOrgPerson" );
	objectClass.add( "person" );
	objectClass.add( "organizationalperson" );
	attributes.put( objectClass );
	attributes.put( "cn", cn );
	attributes.put( "sn", "foo" );
	attributes.put( "mail", "foo" );
	attributes.put( "userPassword", passwordEncoder.encodePassword( "foo" ) );
	attributes.put( "givenName", "foo" );
	context.createSubcontext( dn, attributes );
	}

	private String createDn( String cn )
	{
	return "cn=" + cn + "," + suffix;
	}
	}