This is an automated email from the ASF dual-hosted git repository.
rzo1 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/storm.git
The following commit(s) were added to refs/heads/master by this push:
new 94ef3b826 [STORM-1241] port storm.security.auth.auto-login-module-test
to java (#3232)
94ef3b826 is described below
commit 94ef3b826adf8932bcb8c8026ad6897598d47226
Author: nd368 <[email protected]>
AuthorDate: Mon Oct 23 19:39:45 2023 +0100
[STORM-1241] port storm.security.auth.auto-login-module-test to java (#3232)
* [STORM-1241] port storm.security.auth.auto-login-module-test to java
* [STORM-1241] port storm.security.auth.auto-login-module-test to java
* [STORM-1241] port storm.security.auth.auto-login-module-test to java
* Move test to address reviewer comments
* JUnit 5
---------
Co-authored-by: Richard Zowalla <[email protected]>
---
.../auth/kerberos/AutoLoginModuleTest.java | 128 +++++++++++++++++++++
.../storm/security/auth/auto_login_module_test.clj | 111 ------------------
2 files changed, 128 insertions(+), 111 deletions(-)
diff --git
a/storm-client/test/jvm/org/apache/storm/security/auth/kerberos/AutoLoginModuleTest.java
b/storm-client/test/jvm/org/apache/storm/security/auth/kerberos/AutoLoginModuleTest.java
new file mode 100644
index 000000000..1f570a378
--- /dev/null
+++
b/storm-client/test/jvm/org/apache/storm/security/auth/kerberos/AutoLoginModuleTest.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2018 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.storm.security.auth.kerberos;
+
+import org.apache.storm.security.auth.kerberos.AutoTGTKrb5LoginModule;
+import org.apache.storm.security.auth.kerberos.AutoTGTKrb5LoginModuleTest;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mockito;
+
+import javax.security.auth.Subject;
+import javax.security.auth.kerberos.KerberosPrincipal;
+import javax.security.auth.kerberos.KerberosTicket;
+import javax.security.auth.login.LoginException;
+import java.net.InetAddress;
+import java.security.Principal;
+import java.text.SimpleDateFormat;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Date;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class AutoLoginModuleTest {
+
+ @Test
+ public void loginModuleNoSubjNoTgtTest() throws Exception {
+ // Behavior is correct when there is no Subject or TGT
+ AutoTGTKrb5LoginModule loginModule = new AutoTGTKrb5LoginModule();
+ Assertions.assertThrows(LoginException.class, loginModule::login);
+ assertFalse(loginModule.commit());
+ assertFalse(loginModule.abort());
+ assertTrue(loginModule.logout());
+ }
+
+ @Test
+ public void loginModuleReadonlySubjNoTgtTest() throws Exception {
+ // Behavior is correct when there is a read-only Subject and no TGT
+ Subject readonlySubject = new Subject(true, Collections.emptySet(),
Collections.emptySet(), Collections.emptySet());
+ AutoTGTKrb5LoginModule loginModule = new AutoTGTKrb5LoginModule();
+ loginModule.initialize(readonlySubject, null, null, null);
+ assertFalse(loginModule.commit());
+ assertTrue(loginModule.logout());
+ }
+
+ @Test
+ public void loginModuleWithSubjNoTgtTest() throws Exception {
+ // Behavior is correct when there is a Subject and no TGT
+ AutoTGTKrb5LoginModule loginModule = new AutoTGTKrb5LoginModule();
+ loginModule.initialize(new Subject(), null, null, null);
+ Assertions.assertThrows(LoginException.class, loginModule::login);
+ assertFalse(loginModule.commit());
+ assertFalse(loginModule.abort());
+ assertTrue(loginModule.logout());
+ }
+
+ @Test
+ public void loginModuleNoSubjWithTgtTest() throws Exception {
+ // Behavior is correct when there is no Subject and a TGT
+ AutoTGTKrb5LoginModuleTest loginModule = new
AutoTGTKrb5LoginModuleTest();
+ loginModule.setKerbTicket(Mockito.mock(KerberosTicket.class));
+ assertTrue(loginModule.login());
+ Assertions.assertThrows(LoginException.class, loginModule::commit);
+ loginModule.setKerbTicket(Mockito.mock(KerberosTicket.class));
+ assertTrue(loginModule.abort());
+ assertTrue(loginModule.logout());
+ }
+
+ @Test
+ public void loginModuleReadonlySubjWithTgtTest() throws Exception {
+ // Behavior is correct when there is a read-only Subject and a TGT
+ Subject readonlySubject = new Subject(true, Collections.emptySet(),
Collections.emptySet(), Collections.emptySet());
+ AutoTGTKrb5LoginModuleTest loginModule = new
AutoTGTKrb5LoginModuleTest();
+ loginModule.initialize(readonlySubject, null, null, null);
+ loginModule.setKerbTicket(Mockito.mock(KerberosTicket.class));
+ assertTrue(loginModule.login());
+ Assertions.assertThrows(LoginException.class, loginModule::commit);
+ loginModule.setKerbTicket(Mockito.mock(KerberosTicket.class));
+ assertTrue(loginModule.abort());
+ assertTrue(loginModule.logout());
+ }
+
+ @Test
+ public void loginModuleWithSubjAndTgt() throws Exception {
+ // Behavior is correct when there is a Subject and a TGT
+ AutoTGTKrb5LoginModuleTest loginModule = new
AutoTGTKrb5LoginModuleTest();
+ loginModule.client = Mockito.mock(Principal.class);
+ Date endTime = new SimpleDateFormat("ddMMyyyy").parse("31122030");
+ byte[] asn1Enc = new byte[10];
+ Arrays.fill(asn1Enc, (byte)122);
+ byte[] sessionKey = new byte[10];
+ Arrays.fill(sessionKey, (byte)123);
+ KerberosTicket ticket = new KerberosTicket(
+ asn1Enc,
+ new KerberosPrincipal("client/[email protected]"),
+ new KerberosPrincipal("server/[email protected]"),
+ sessionKey,
+ 234,
+ new boolean[]{false, true, false, true, false, true, false},
+ new Date(),
+ new Date(),
+ endTime,
+ endTime,
+ new InetAddress[]{InetAddress.getByName("localhost")}
+ );
+ loginModule.initialize(new Subject(), null, null, null);
+ loginModule.setKerbTicket(ticket);
+ assertTrue(loginModule.login());
+ assertTrue(loginModule.commit());
+ assertTrue(loginModule.abort());
+ assertTrue(loginModule.logout());
+ }
+}
diff --git
a/storm-core/test/clj/org/apache/storm/security/auth/auto_login_module_test.clj
b/storm-core/test/clj/org/apache/storm/security/auth/auto_login_module_test.clj
deleted file mode 100644
index 518bb74bd..000000000
---
a/storm-core/test/clj/org/apache/storm/security/auth/auto_login_module_test.clj
+++ /dev/null
@@ -1,111 +0,0 @@
-;; Licensed to the Apache Software Foundation (ASF) under one
-;; or more contributor license agreements. See the NOTICE file
-;; distributed with this work for additional information
-;; regarding copyright ownership. The ASF licenses this file
-;; to you under the Apache License, Version 2.0 (the
-;; "License"); you may not use this file except in compliance
-;; with the License. You may obtain a copy of the License at
-;;
-;; http://www.apache.org/licenses/LICENSE-2.0
-;;
-;; Unless required by applicable law or agreed to in writing, software
-;; distributed under the License is distributed on an "AS IS" BASIS,
-;; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-;; See the License for the specific language governing permissions and
-;; limitations under the License.
-(ns org.apache.storm.security.auth.auto-login-module-test
- (:use [clojure test])
- (:use [org.apache.storm util])
- (:import [org.apache.storm.security.auth.kerberos AutoTGT
- AutoTGTKrb5LoginModule AutoTGTKrb5LoginModuleTest])
- (:import [javax.security.auth Subject Subject])
- (:import [javax.security.auth.kerberos KerberosTicket KerberosPrincipal])
- (:import [org.mockito Mockito])
- (:import [java.text SimpleDateFormat])
- (:import [java.util Date])
- (:import [java.util Arrays])
- (:import [java.net InetAddress])
- )
-
-(deftest login-module-no-subj-no-tgt-test
- (testing "Behavior is correct when there is no Subject or TGT"
- (let [login-module (AutoTGTKrb5LoginModule.)]
-
- (is (thrown-cause? javax.security.auth.login.LoginException
- (.login login-module)))
- (is (not (.commit login-module)))
- (is (not (.abort login-module)))
- (is (.logout login-module)))))
-
-(deftest login-module-readonly-subj-no-tgt-test
- (testing "Behavior is correct when there is a read-only Subject and no TGT"
- (let [readonly-subj (Subject. true #{} #{} #{})
- login-module (AutoTGTKrb5LoginModule.)]
- (.initialize login-module readonly-subj nil nil nil)
- (is (not (.commit login-module)))
- (is (.logout login-module)))))
-
-(deftest login-module-with-subj-no-tgt-test
- (testing "Behavior is correct when there is a Subject and no TGT"
- (let [login-module (AutoTGTKrb5LoginModule.)]
- (.initialize login-module (Subject.) nil nil nil)
- (is (thrown-cause? javax.security.auth.login.LoginException
- (.login login-module)))
- (is (not (.commit login-module)))
- (is (not (.abort login-module)))
- (is (.logout login-module)))))
-
-(deftest login-module-no-subj-with-tgt-test
- (testing "Behavior is correct when there is no Subject and a TGT"
- (let [login-module (AutoTGTKrb5LoginModuleTest.)]
- (.setKerbTicket login-module (Mockito/mock KerberosTicket))
- (is (.login login-module))
- (is (thrown-cause? javax.security.auth.login.LoginException
- (.commit login-module)))
-
- (.setKerbTicket login-module (Mockito/mock KerberosTicket))
- (is (.abort login-module))
- (is (.logout login-module)))))
-
-(deftest login-module-readonly-subj-with-tgt-test
- (testing "Behavior is correct when there is a read-only Subject and a TGT"
- (let [readonly-subj (Subject. true #{} #{} #{})
- login-module (AutoTGTKrb5LoginModuleTest.)]
- (.initialize login-module readonly-subj nil nil nil)
- (.setKerbTicket login-module (Mockito/mock KerberosTicket))
- (is (.login login-module))
- (is (thrown-cause? javax.security.auth.login.LoginException
- (.commit login-module)))
-
- (.setKerbTicket login-module (Mockito/mock KerberosTicket))
- (is (.abort login-module))
- (is (.logout login-module)))))
-
-(deftest login-module-with-subj-and-tgt
- (testing "Behavior is correct when there is a Subject and a TGT"
- (let [login-module (AutoTGTKrb5LoginModuleTest.)
- _ (set! (. login-module client) (Mockito/mock
- java.security.Principal))
- endTime (.parse (java.text.SimpleDateFormat. "ddMMyyyy") "31122030")
- asn1Enc (byte-array 10)
- _ (Arrays/fill asn1Enc (byte 122))
- sessionKey (byte-array 10)
- _ (Arrays/fill sessionKey (byte 123))
- ticket (KerberosTicket.
- asn1Enc
- (KerberosPrincipal. "client/[email protected]")
- (KerberosPrincipal. "server/[email protected]")
- sessionKey
- 234
- (boolean-array (map even? (range 3 10)))
- (Date.)
- (Date.)
- endTime,
- endTime,
- (into-array InetAddress [(InetAddress/getByName
"localhost")]))]
- (.initialize login-module (Subject.) nil nil nil)
- (.setKerbTicket login-module ticket)
- (is (.login login-module))
- (is (.commit login-module))
- (is (.abort login-module))
- (is (.logout login-module)))))
