Modified: qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManagerTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManagerTest.java?rev=1632576&r1=1632575&r2=1632576&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManagerTest.java (original) +++ qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/ScramSHA1AuthenticationManagerTest.java Fri Oct 17 13:51:10 2014 @@ -20,213 +20,43 @@ */ package org.apache.qpid.server.security.auth.manager; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - import java.util.Collections; -import java.util.HashMap; import java.util.Map; -import java.util.UUID; - -import javax.security.auth.login.AccountNotFoundException; -import javax.security.sasl.SaslException; -import javax.security.sasl.SaslServer; - -import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor; -import org.apache.qpid.server.configuration.updater.TaskExecutor; -import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.User; -import org.apache.qpid.server.security.SecurityManager; -import org.apache.qpid.server.security.SubjectCreator; -import org.apache.qpid.server.security.auth.AuthenticationResult; -import org.apache.qpid.server.util.BrokerTestHelper; -import org.apache.qpid.test.utils.QpidTestCase; -public class ScramSHA1AuthenticationManagerTest extends QpidTestCase +public class ScramSHA1AuthenticationManagerTest extends ManagedAuthenticationManagerTestBase { - private ScramSHA1AuthenticationManager _authManager; - private Broker _broker; - private SecurityManager _securityManager; - private TaskExecutor _executor; - @Override public void setUp() throws Exception { super.setUp(); - _executor = new CurrentThreadTaskExecutor(); - _executor.start(); - _broker = BrokerTestHelper.createBrokerMock(); - _securityManager = mock(SecurityManager.class); - when(_broker.getTaskExecutor()).thenReturn(_executor); - when(_broker.getSecurityManager()).thenReturn(_securityManager); - final Map<String, Object> attributesMap = new HashMap<String, Object>(); - attributesMap.put(AuthenticationProvider.NAME, getTestName()); - attributesMap.put(AuthenticationProvider.ID, UUID.randomUUID()); - _authManager = new ScramSHA1AuthenticationManager(attributesMap, _broker); - _authManager.open(); } @Override - public void tearDown() throws Exception + protected ConfigModelPasswordManagingAuthenticationProvider<?> createAuthManager(final Map<String, Object> attributesMap) { - _executor.stop(); - super.tearDown(); - } - - public void testMechanisms() - { - SubjectCreator insecureCreator = _authManager.getSubjectCreator(false); - assertFalse("PLAIN authentication should not be available on an insecure connection", insecureCreator.getMechanisms().contains("PLAIN")); - SubjectCreator secureCreator = _authManager.getSubjectCreator(true); - assertTrue("PLAIN authentication should be available on a secure connection", secureCreator.getMechanisms().contains("PLAIN")); - - try - { - SaslServer saslServer = secureCreator.createSaslServer("PLAIN", "127.0.0.1", null); - assertNotNull(saslServer); - } - catch (SaslException e) - { - fail("Unable to create a SaslServer for PLAIN authentication on a secure connection" + e.getMessage()); - } - - try - { - SaslServer saslServer = insecureCreator.createSaslServer("PLAIN", "127.0.0.1", null); - fail("Erroneously created a SaslServer for PLAIN authentication on an insecure connection"); - } - catch (SaslException e) - { - // Pass - } - + return new ScramSHA1AuthenticationManager(attributesMap, getBroker()); } - public void testAddChildAndThenDelete() + @Override + protected boolean isPlain() { - // No children should be present before the test starts - assertEquals("No users should be present before the test starts", 0, _authManager.getChildren(User.class).size()); - assertEquals("No users should be present before the test starts", 0, _authManager.getUsers().size()); - - final Map<String, Object> childAttrs = new HashMap<String, Object>(); - - childAttrs.put(User.NAME, getTestName()); - childAttrs.put(User.PASSWORD, "password"); - User user = _authManager.addChild(User.class, childAttrs); - assertNotNull("User should be created but addChild returned null", user); - assertEquals(getTestName(), user.getName()); - // password shouldn't actually be the given string, but instead salt and the hashed value - assertFalse("Password shouldn't actually be the given string, but instead salt and the hashed value", "password".equals(user.getPassword())); - - AuthenticationResult authResult = - _authManager.authenticate(getTestName(), "password"); - - assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, authResult.getStatus()); - - assertEquals("Manager should have exactly one user child",1, _authManager.getChildren(User.class).size()); - assertEquals("Manager should have exactly one user child",1, _authManager.getUsers().size()); - - - user.delete(); - - assertEquals("No users should be present after child deletion", 0, _authManager.getChildren(User.class).size()); - - - authResult = _authManager.authenticate(getTestName(), "password"); - assertEquals("User should no longer authenticate with given password", AuthenticationResult.AuthenticationStatus.ERROR, authResult.getStatus()); - + return false; } - public void testCreateUser() + @Override + public void tearDown() throws Exception { - assertEquals("No users should be present before the test starts", 0, _authManager.getChildren(User.class).size()); - assertTrue(_authManager.createUser(getTestName(), "password", Collections.<String, String>emptyMap())); - assertEquals("Manager should have exactly one user child",1, _authManager.getChildren(User.class).size()); - User user = _authManager.getChildren(User.class).iterator().next(); - assertEquals(getTestName(), user.getName()); - // password shouldn't actually be the given string, but instead salt and the hashed value - assertFalse("Password shouldn't actually be the given string, but instead salt and the hashed value", "password".equals(user.getPassword())); - final Map<String, Object> childAttrs = new HashMap<String, Object>(); - - childAttrs.put(User.NAME, getTestName()); - childAttrs.put(User.PASSWORD, "password"); - try - { - user = _authManager.addChild(User.class, childAttrs); - fail("Should not be able to create a second user with the same name"); - } - catch(IllegalArgumentException e) - { - // pass - } - try - { - _authManager.deleteUser(getTestName()); - } - catch (AccountNotFoundException e) - { - fail("AccountNotFoundException thrown when none was expected: " + e.getMessage()); - } - try - { - _authManager.deleteUser(getTestName()); - fail("AccountNotFoundException not thrown when was expected"); - } - catch (AccountNotFoundException e) - { - // pass - } + super.tearDown(); } - public void testUpdateUser() - { - assertTrue(_authManager.createUser(getTestName(), "password", Collections.<String, String>emptyMap())); - assertTrue(_authManager.createUser(getTestName()+"_2", "password", Collections.<String, String>emptyMap())); - assertEquals("Manager should have exactly two user children",2, _authManager.getChildren(User.class).size()); - - AuthenticationResult authResult = _authManager.authenticate(getTestName(), "password"); - - assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, authResult.getStatus()); - authResult = _authManager.authenticate(getTestName()+"_2", "password"); - assertEquals("User should authenticate with given password", AuthenticationResult.AuthenticationStatus.SUCCESS, authResult.getStatus()); - - for(User user : _authManager.getChildren(User.class)) - { - if(user.getName().equals(getTestName())) - { - user.setAttributes(Collections.singletonMap(User.PASSWORD, "newpassword")); - } - } - - authResult = _authManager.authenticate(getTestName(), "newpassword"); - assertEquals("User should authenticate with updated password", AuthenticationResult.AuthenticationStatus.SUCCESS, authResult.getStatus()); - authResult = _authManager.authenticate(getTestName()+"_2", "password"); - assertEquals("User should authenticate with original password", AuthenticationResult.AuthenticationStatus.SUCCESS, authResult.getStatus()); - - authResult = _authManager.authenticate(getTestName(), "password"); - assertEquals("User not authenticate with original password", AuthenticationResult.AuthenticationStatus.ERROR, authResult.getStatus()); - - for(User user : _authManager.getChildren(User.class)) - { - if(user.getName().equals(getTestName())) - { - user.setPassword("newerpassword"); - } - } - - authResult = _authManager.authenticate(getTestName(), "newerpassword"); - assertEquals("User should authenticate with updated password", AuthenticationResult.AuthenticationStatus.SUCCESS, authResult.getStatus()); - - - - } public void testNonASCIIUser() { try { - _authManager.createUser(getTestName()+Character.toString((char)0xa3), "password", Collections.<String, String>emptyMap()); + getAuthManager().createUser(getTestName() + Character.toString((char) 0xa3), + "password", + Collections.<String, String>emptyMap()); fail("Expected exception when attempting to create a user with a non ascii name"); } catch(IllegalArgumentException e)
Modified: qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java?rev=1632576&r1=1632575&r2=1632576&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java (original) +++ qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/auth/sasl/CRAMMD5HexInitialiserTest.java Fri Oct 17 13:51:10 2014 @@ -28,6 +28,7 @@ import java.security.NoSuchAlgorithmExce import javax.security.auth.callback.Callback; import javax.security.auth.callback.NameCallback; import javax.security.auth.callback.PasswordCallback; +import javax.xml.bind.DatatypeConverter; import junit.framework.TestCase; @@ -35,7 +36,6 @@ import org.apache.qpid.server.security.a import org.apache.qpid.server.security.auth.database.PrincipalDatabase; import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexInitialiser; import org.apache.qpid.test.utils.TestFileUtils; -import org.apache.qpid.tools.security.Passwd; /** * These tests ensure that the Hex wrapping that the initialiser performs does actually operate when the handle method is called. @@ -73,7 +73,13 @@ public class CRAMMD5HexInitialiserTest e public void setUp() throws Exception { super.setUp(); - _file = TestFileUtils.createTempFile(this, "password-file", new Passwd().getOutput(TEST_USER , TEST_PASSWORD)); + + MessageDigest md = MessageDigest.getInstance("MD5"); + + md.update(TEST_PASSWORD.getBytes("utf-8")); + + _file = TestFileUtils.createTempFile(this, "password-file", + TEST_USER + ":" + DatatypeConverter.printBase64Binary(md.digest())); } public void tearDown() throws Exception Modified: qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js?rev=1632576&r1=1632575&r2=1632576&view=diff ============================================================================== --- qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js (original) +++ qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/resources/js/qpid/common/util.js Fri Oct 17 13:51:10 2014 @@ -152,7 +152,8 @@ define(["dojo/_base/xhr", util.isProviderManagingUsers = function(type) { - return (type === "PlainPasswordFile" || type === "Base64MD5PasswordFile" || type === "SCRAM-SHA-1" || type === "SCRAM-SHA-256"); + return (type === "PlainPasswordFile" || type === "Base64MD5PasswordFile" || type === "SCRAM-SHA-1" + || type === "SCRAM-SHA-256" || type === "Plain" || type === "MD5" ); }; util.showSetAttributesDialog = function(attributeWidgetFactories, data, putURL, dialogTitle, category, type, appendNameToUrl) Modified: qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java?rev=1632576&r1=1632575&r2=1632576&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java (original) +++ qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementTest.java Fri Oct 17 13:51:10 2014 @@ -35,7 +35,6 @@ import org.apache.qpid.server.security.a import org.apache.qpid.test.utils.JMXTestUtils; import org.apache.qpid.test.utils.QpidBrokerTestCase; import org.apache.qpid.test.utils.TestBrokerConfiguration; -import org.apache.qpid.tools.security.Passwd; /** * System test for User Management. @@ -49,11 +48,9 @@ public class UserManagementTest extends private String _testUserName; private File _passwordFile; private UserManagement _userManagement; - private Passwd _passwd; public void setUp() throws Exception { - _passwd = createPasswordEncodingUtility(); _passwordFile = createTemporaryPasswordFileWithJmxAdminUser(); Map<String, Object> newAttributes = new HashMap<String, Object>(); @@ -161,17 +158,6 @@ public class UserManagementTest extends assertEquals("unexpected authentication provider type", getAuthenticationManagerType(), actualType); } - protected Passwd createPasswordEncodingUtility() - { - return new Passwd() - { - @Override - public String getOutput(String username, String password) - { - return username + ":" + password; - } - }; - } protected String getAuthenticationManagerType() { @@ -188,21 +174,25 @@ public class UserManagementTest extends private void writePasswordFile(File passwordFile, String... userNamePasswordPairs) throws Exception { - FileWriter writer = null; - try + try(FileWriter writer = new FileWriter(passwordFile)) { - writer = new FileWriter(passwordFile); for (int i = 0; i < userNamePasswordPairs.length; i=i+2) { String username = userNamePasswordPairs[i]; String password = userNamePasswordPairs[i+1]; - writer.append(_passwd.getOutput(username, password) + "\n"); + writeUsernamePassword(writer, username, password); } } - finally - { - writer.close(); - } + + } + + protected void writeUsernamePassword(final FileWriter writer, final String username, final String password) + throws IOException + { + writer.append(username); + writer.append(':'); + writer.append(password); + writer.append('\n'); } @@ -218,10 +208,8 @@ public class UserManagementTest extends private boolean passwordFileContainsUser(String username) throws IOException { - BufferedReader reader = null; - try + try(BufferedReader reader = new BufferedReader(new FileReader(_passwordFile))) { - reader = new BufferedReader(new FileReader(_passwordFile)); String line = reader.readLine(); while(line != null) { @@ -234,10 +222,6 @@ public class UserManagementTest extends return false; } - finally - { - reader.close(); - } } private void assertJmsConnectionSucceeds(String username, String password) throws Exception Modified: qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java?rev=1632576&r1=1632575&r2=1632576&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java (original) +++ qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/management/jmx/UserManagementWithBase64MD5PasswordsTest.java Fri Oct 17 13:51:10 2014 @@ -18,17 +18,42 @@ */ package org.apache.qpid.systest.management.jmx; +import java.io.FileWriter; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +import javax.xml.bind.DatatypeConverter; + import org.apache.qpid.server.security.auth.manager.Base64MD5PasswordDatabaseAuthenticationManager; -import org.apache.qpid.tools.security.Passwd; +import org.apache.qpid.server.util.ServerScopedRuntimeException; public class UserManagementWithBase64MD5PasswordsTest extends UserManagementTest { @Override - protected Passwd createPasswordEncodingUtility() + protected void writeUsernamePassword(final FileWriter writer, final String username, final String password) + throws IOException { - return new Passwd(); + writer.append(username); + writer.append(":"); + byte[] data = password.getBytes(StandardCharsets.UTF_8); + MessageDigest md = null; + try + { + md = MessageDigest.getInstance("MD5"); + } + catch (NoSuchAlgorithmException e) + { + throw new ServerScopedRuntimeException("MD5 not supported although Java compliance requires it"); + } + + md.update(data); + writer.append(DatatypeConverter.printBase64Binary(md.digest())); + writer.append('\n'); } + @Override protected String getAuthenticationManagerType() { Modified: qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java?rev=1632576&r1=1632575&r2=1632576&view=diff ============================================================================== --- qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java (original) +++ qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/SaslRestTest.java Fri Oct 17 13:51:10 2014 @@ -29,11 +29,14 @@ import java.io.FileWriter; import java.io.IOException; import java.io.OutputStream; import java.net.HttpURLConnection; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.xml.bind.DatatypeConverter; + import org.apache.commons.codec.binary.Base64; import org.codehaus.jackson.JsonParseException; import org.codehaus.jackson.map.JsonMappingException; @@ -41,7 +44,6 @@ import org.codehaus.jackson.map.JsonMapp import org.apache.qpid.server.model.AuthenticationProvider; import org.apache.qpid.server.security.auth.manager.Base64MD5PasswordDatabaseAuthenticationManager; import org.apache.qpid.test.utils.TestBrokerConfiguration; -import org.apache.qpid.tools.security.Passwd; public class SaslRestTest extends QpidRestTestCase { @@ -353,7 +355,12 @@ public class SaslRestTest extends QpidRe String passwordFileEntry; try { - passwordFileEntry = new Passwd().getOutput("admin", "admin"); + + MessageDigest md = MessageDigest.getInstance("MD5"); + + md.update("admin".getBytes("utf-8")); + + passwordFileEntry = "admin" + ":" + DatatypeConverter.printBase64Binary(md.digest()); } catch (NoSuchAlgorithmException e) { --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
