storm-core/test/clj/org/apache/storm/security/auth/auto_login_module_test.clj - storm - Git at Google

 ;; Licensed to the Apache Software Foundation (ASF) under one
 ;; or more contributor license agreements.  See the NOTICE file
 ;; distributed with this work for additional information
 ;; regarding copyright ownership.  The ASF licenses this file
 ;; to you under the Apache License, Version 2.0 (the
 ;; "License"); you may not use this file except in compliance
 ;; with the License.  You may obtain a copy of the License at
 ;;
 ;; http://www.apache.org/licenses/LICENSE-2.0
 ;;
 ;; Unless required by applicable law or agreed to in writing, software
 ;; distributed under the License is distributed on an "AS IS" BASIS,
 ;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ;; See the License for the specific language governing permissions and
 ;; limitations under the License.
 (ns org.apache.storm.security.auth.auto-login-module-test
   (:use [clojure test])
   (:use [org.apache.storm util])
   (:import [org.apache.storm.security.auth.kerberos AutoTGT
             AutoTGTKrb5LoginModule AutoTGTKrb5LoginModuleTest])
   (:import [javax.security.auth Subject Subject])
   (:import [javax.security.auth.kerberos KerberosTicket KerberosPrincipal])
   (:import [org.mockito Mockito])
   (:import [java.text SimpleDateFormat])
   (:import [java.util Date])
   (:import [java.util Arrays])
   (:import [java.net InetAddress])
   )

 (deftest login-module-no-subj-no-tgt-test
   (testing "Behavior is correct when there is no Subject or TGT"
     (let [login-module (AutoTGTKrb5LoginModule.)]

       (is (thrown-cause? javax.security.auth.login.LoginException
                          (.login login-module)))
       (is (not (.commit login-module)))
       (is (not (.abort login-module)))
       (is (.logout login-module)))))

 (deftest login-module-readonly-subj-no-tgt-test
   (testing "Behavior is correct when there is a read-only Subject and no TGT"
     (let [readonly-subj (Subject. true #{} #{} #{})
           login-module (AutoTGTKrb5LoginModule.)]
       (.initialize login-module readonly-subj nil nil nil)
       (is (not (.commit login-module)))
       (is (.logout login-module)))))

 (deftest login-module-with-subj-no-tgt-test
   (testing "Behavior is correct when there is a Subject and no TGT"
     (let [login-module (AutoTGTKrb5LoginModule.)]
       (.initialize login-module (Subject.) nil nil nil)
       (is (thrown-cause? javax.security.auth.login.LoginException
                          (.login login-module)))
       (is (not (.commit login-module)))
       (is (not (.abort login-module)))
       (is (.logout login-module)))))

 (deftest login-module-no-subj-with-tgt-test
   (testing "Behavior is correct when there is no Subject and a TGT"
     (let [login-module (AutoTGTKrb5LoginModuleTest.)]
       (.setKerbTicket login-module (Mockito/mock KerberosTicket))
       (is (.login login-module))
       (is (thrown-cause? javax.security.auth.login.LoginException
                          (.commit login-module)))

       (.setKerbTicket login-module (Mockito/mock KerberosTicket))
       (is (.abort login-module))
       (is (.logout login-module)))))

 (deftest login-module-readonly-subj-with-tgt-test
   (testing "Behavior is correct when there is a read-only Subject and a TGT"
     (let [readonly-subj (Subject. true #{} #{} #{})
           login-module (AutoTGTKrb5LoginModuleTest.)]
       (.initialize login-module readonly-subj nil nil nil)
       (.setKerbTicket login-module (Mockito/mock KerberosTicket))
       (is (.login login-module))
       (is (thrown-cause? javax.security.auth.login.LoginException
                          (.commit login-module)))

       (.setKerbTicket login-module (Mockito/mock KerberosTicket))
       (is (.abort login-module))
       (is (.logout login-module)))))

 (deftest login-module-with-subj-and-tgt
   (testing "Behavior is correct when there is a Subject and a TGT"
     (let [login-module (AutoTGTKrb5LoginModuleTest.)
           _ (set! (. login-module client) (Mockito/mock
                                             java.security.Principal))
           endTime (.parse (java.text.SimpleDateFormat. "ddMMyyyy") "31122030")
           asn1Enc (byte-array 10)
           _ (Arrays/fill asn1Enc (byte 122))
           sessionKey (byte-array 10)
           _ (Arrays/fill sessionKey (byte 123))
           ticket (KerberosTicket.
                    asn1Enc
                    (KerberosPrincipal. "client/localhost@local.com")
                    (KerberosPrincipal. "server/localhost@local.com")
                    sessionKey
                    234
                    (boolean-array (map even? (range 3 10)))
                    (Date.)
                    (Date.)
                    endTime,
                    endTime,
                    (into-array InetAddress [(InetAddress/getByName "localhost")]))]
       (.initialize login-module (Subject.) nil nil nil)
       (.setKerbTicket login-module ticket)
       (is (.login login-module))
       (is (.commit login-module))
       (is (.abort login-module))
       (is (.logout login-module)))))
	;; Licensed to the Apache Software Foundation (ASF) under one
	;; or more contributor license agreements. See the NOTICE file
	;; distributed with this work for additional information
	;; regarding copyright ownership. The ASF licenses this file
	;; to you under the Apache License, Version 2.0 (the
	;; "License"); you may not use this file except in compliance
	;; with the License. You may obtain a copy of the License at
	;;
	;; http://www.apache.org/licenses/LICENSE-2.0
	;;
	;; Unless required by applicable law or agreed to in writing, software
	;; distributed under the License is distributed on an "AS IS" BASIS,
	;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	;; See the License for the specific language governing permissions and
	;; limitations under the License.
	(ns org.apache.storm.security.auth.auto-login-module-test
	(:use [clojure test])
	(:use [org.apache.storm util])
	(:import [org.apache.storm.security.auth.kerberos AutoTGT
	AutoTGTKrb5LoginModule AutoTGTKrb5LoginModuleTest])
	(:import [javax.security.auth Subject Subject])
	(:import [javax.security.auth.kerberos KerberosTicket KerberosPrincipal])
	(:import [org.mockito Mockito])
	(:import [java.text SimpleDateFormat])
	(:import [java.util Date])
	(:import [java.util Arrays])
	(:import [java.net InetAddress])
	)

	(deftest login-module-no-subj-no-tgt-test
	(testing "Behavior is correct when there is no Subject or TGT"
	(let [login-module (AutoTGTKrb5LoginModule.)]

	(is (thrown-cause? javax.security.auth.login.LoginException
	(.login login-module)))
	(is (not (.commit login-module)))
	(is (not (.abort login-module)))
	(is (.logout login-module)))))

	(deftest login-module-readonly-subj-no-tgt-test
	(testing "Behavior is correct when there is a read-only Subject and no TGT"
	(let [readonly-subj (Subject. true #{} #{} #{})
	login-module (AutoTGTKrb5LoginModule.)]
	(.initialize login-module readonly-subj nil nil nil)
	(is (not (.commit login-module)))
	(is (.logout login-module)))))

	(deftest login-module-with-subj-no-tgt-test
	(testing "Behavior is correct when there is a Subject and no TGT"
	(let [login-module (AutoTGTKrb5LoginModule.)]
	(.initialize login-module (Subject.) nil nil nil)
	(is (thrown-cause? javax.security.auth.login.LoginException
	(.login login-module)))
	(is (not (.commit login-module)))
	(is (not (.abort login-module)))
	(is (.logout login-module)))))

	(deftest login-module-no-subj-with-tgt-test
	(testing "Behavior is correct when there is no Subject and a TGT"
	(let [login-module (AutoTGTKrb5LoginModuleTest.)]
	(.setKerbTicket login-module (Mockito/mock KerberosTicket))
	(is (.login login-module))
	(is (thrown-cause? javax.security.auth.login.LoginException
	(.commit login-module)))

	(.setKerbTicket login-module (Mockito/mock KerberosTicket))
	(is (.abort login-module))
	(is (.logout login-module)))))

	(deftest login-module-readonly-subj-with-tgt-test
	(testing "Behavior is correct when there is a read-only Subject and a TGT"
	(let [readonly-subj (Subject. true #{} #{} #{})
	login-module (AutoTGTKrb5LoginModuleTest.)]
	(.initialize login-module readonly-subj nil nil nil)
	(.setKerbTicket login-module (Mockito/mock KerberosTicket))
	(is (.login login-module))
	(is (thrown-cause? javax.security.auth.login.LoginException
	(.commit login-module)))

	(.setKerbTicket login-module (Mockito/mock KerberosTicket))
	(is (.abort login-module))
	(is (.logout login-module)))))

	(deftest login-module-with-subj-and-tgt
	(testing "Behavior is correct when there is a Subject and a TGT"
	(let [login-module (AutoTGTKrb5LoginModuleTest.)
	_ (set! (. login-module client) (Mockito/mock
	java.security.Principal))
	endTime (.parse (java.text.SimpleDateFormat. "ddMMyyyy") "31122030")
	asn1Enc (byte-array 10)
	_ (Arrays/fill asn1Enc (byte 122))
	sessionKey (byte-array 10)
	_ (Arrays/fill sessionKey (byte 123))
	ticket (KerberosTicket.
	asn1Enc
	(KerberosPrincipal. "client/localhost@local.com")
	(KerberosPrincipal. "server/localhost@local.com")
	sessionKey
	234
	(boolean-array (map even? (range 3 10)))
	(Date.)
	(Date.)
	endTime,
	endTime,
	(into-array InetAddress [(InetAddress/getByName "localhost")]))]
	(.initialize login-module (Subject.) nil nil nil)
	(.setKerbTicket login-module ticket)
	(is (.login login-module))
	(is (.commit login-module))
	(is (.abort login-module))
	(is (.logout login-module)))))