Propchange: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestAuthenticationFilter.java ------------------------------------------------------------------------------ svn:mime-type = text/plain
Added: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestAuthenticationToken.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestAuthenticationToken.java?rev=1346222&view=auto ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestAuthenticationToken.java (added) +++ hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestAuthenticationToken.java Tue Jun 5 03:11:07 2012 @@ -0,0 +1,124 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.server; + +import org.apache.hadoop.security.authentication.client.AuthenticationException; +import junit.framework.TestCase; + +public class TestAuthenticationToken extends TestCase { + + public void testAnonymous() { + assertNotNull(AuthenticationToken.ANONYMOUS); + assertEquals(null, AuthenticationToken.ANONYMOUS.getUserName()); + assertEquals(null, AuthenticationToken.ANONYMOUS.getName()); + assertEquals(null, AuthenticationToken.ANONYMOUS.getType()); + assertEquals(-1, AuthenticationToken.ANONYMOUS.getExpires()); + assertFalse(AuthenticationToken.ANONYMOUS.isExpired()); + } + + public void testConstructor() throws Exception { + try { + new AuthenticationToken(null, "p", "t"); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + new AuthenticationToken("", "p", "t"); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + new AuthenticationToken("u", null, "t"); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + new AuthenticationToken("u", "", "t"); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + new AuthenticationToken("u", "p", null); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + new AuthenticationToken("u", "p", ""); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + new AuthenticationToken("u", "p", "t"); + } + + public void testGetters() throws Exception { + long expires = System.currentTimeMillis() + 50; + AuthenticationToken token = new AuthenticationToken("u", "p", "t"); + token.setExpires(expires); + assertEquals("u", token.getUserName()); + assertEquals("p", token.getName()); + assertEquals("t", token.getType()); + assertEquals(expires, token.getExpires()); + assertFalse(token.isExpired()); + Thread.sleep(51); + assertTrue(token.isExpired()); + } + + public void testToStringAndParse() throws Exception { + long expires = System.currentTimeMillis() + 50; + AuthenticationToken token = new AuthenticationToken("u", "p", "t"); + token.setExpires(expires); + String str = token.toString(); + token = AuthenticationToken.parse(str); + assertEquals("p", token.getName()); + assertEquals("t", token.getType()); + assertEquals(expires, token.getExpires()); + assertFalse(token.isExpired()); + Thread.sleep(51); + assertTrue(token.isExpired()); + } + + public void testParseInvalid() throws Exception { + long expires = System.currentTimeMillis() + 50; + AuthenticationToken token = new AuthenticationToken("u", "p", "t"); + token.setExpires(expires); + String str = token.toString(); + str = str.substring(0, str.indexOf("e=")); + try { + AuthenticationToken.parse(str); + fail(); + } catch (AuthenticationException ex) { + // Expected + } catch (Exception ex) { + fail(); + } + } +} Propchange: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestAuthenticationToken.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java?rev=1346222&view=auto ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java (added) +++ hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java Tue Jun 5 03:11:07 2012 @@ -0,0 +1,178 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.server; + +import org.apache.hadoop.security.authentication.KerberosTestUtils; +import org.apache.hadoop.security.authentication.client.AuthenticationException; +import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; +import junit.framework.TestCase; +import org.apache.commons.codec.binary.Base64; +import org.ietf.jgss.GSSContext; +import org.ietf.jgss.GSSManager; +import org.ietf.jgss.GSSName; +import org.mockito.Mockito; +import sun.security.jgss.GSSUtil; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Properties; +import java.util.concurrent.Callable; + +public class TestKerberosAuthenticationHandler extends TestCase { + + private KerberosAuthenticationHandler handler; + + @Override + protected void setUp() throws Exception { + super.setUp(); + handler = new KerberosAuthenticationHandler(); + Properties props = new Properties(); + props.setProperty(KerberosAuthenticationHandler.PRINCIPAL, KerberosTestUtils.getServerPrincipal()); + props.setProperty(KerberosAuthenticationHandler.KEYTAB, KerberosTestUtils.getKeytabFile()); + props.setProperty(KerberosAuthenticationHandler.NAME_RULES, + "RULE:[1:$1@$0](.*@" + KerberosTestUtils.getRealm()+")s/@.*//\n"); + try { + handler.init(props); + } catch (Exception ex) { + handler = null; + throw ex; + } + } + + @Override + protected void tearDown() throws Exception { + if (handler != null) { + handler.destroy(); + handler = null; + } + super.tearDown(); + } + + public void testInit() throws Exception { + assertEquals(KerberosTestUtils.getServerPrincipal(), handler.getPrincipal()); + assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab()); + } + + public void testType() throws Exception { + KerberosAuthenticationHandler handler = new KerberosAuthenticationHandler(); + assertEquals(KerberosAuthenticationHandler.TYPE, handler.getType()); + } + + public void testRequestWithoutAuthorization() throws Exception { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + assertNull(handler.authenticate(request, response)); + Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); + Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + + public void testRequestWithInvalidAuthorization() throws Exception { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn("invalid"); + assertNull(handler.authenticate(request, response)); + Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE); + Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + + public void testRequestWithIncompleteAuthorization() throws Exception { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)) + .thenReturn(KerberosAuthenticator.NEGOTIATE); + try { + handler.authenticate(request, response); + fail(); + } catch (AuthenticationException ex) { + // Expected + } catch (Exception ex) { + fail(); + } + } + + + public void testRequestWithAuthorization() throws Exception { + String token = KerberosTestUtils.doAsClient(new Callable<String>() { + @Override + public String call() throws Exception { + GSSManager gssManager = GSSManager.getInstance(); + GSSContext gssContext = null; + try { + String servicePrincipal = KerberosTestUtils.getServerPrincipal(); + GSSName serviceName = gssManager.createName(servicePrincipal, GSSUtil.NT_GSS_KRB5_PRINCIPAL); + gssContext = gssManager.createContext(serviceName, GSSUtil.GSS_KRB5_MECH_OID, null, + GSSContext.DEFAULT_LIFETIME); + gssContext.requestCredDeleg(true); + gssContext.requestMutualAuth(true); + + byte[] inToken = new byte[0]; + byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length); + Base64 base64 = new Base64(0); + return base64.encodeToString(outToken); + + } finally { + if (gssContext != null) { + gssContext.dispose(); + } + } + } + }); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)) + .thenReturn(KerberosAuthenticator.NEGOTIATE + " " + token); + + AuthenticationToken authToken = handler.authenticate(request, response); + + if (authToken != null) { + Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), + Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*")); + Mockito.verify(response).setStatus(HttpServletResponse.SC_OK); + + assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName()); + assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName())); + assertEquals(KerberosAuthenticationHandler.TYPE, authToken.getType()); + } else { + Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE), + Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*")); + Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + } + + public void testRequestWithInvalidKerberosAuthorization() throws Exception { + + String token = new Base64(0).encodeToString(new byte[]{0, 1, 2}); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn( + KerberosAuthenticator.NEGOTIATE + token); + + try { + handler.authenticate(request, response); + fail(); + } catch (AuthenticationException ex) { + // Expected + } catch (Exception ex) { + fail(); + } + } + +} Propchange: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java?rev=1346222&view=auto ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java (added) +++ hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java Tue Jun 5 03:11:07 2012 @@ -0,0 +1,113 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.server; + +import org.apache.hadoop.security.authentication.client.AuthenticationException; +import junit.framework.TestCase; +import org.apache.hadoop.security.authentication.client.PseudoAuthenticator; +import org.mockito.Mockito; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Properties; + +public class TestPseudoAuthenticationHandler extends TestCase { + + public void testInit() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); + handler.init(props); + assertEquals(false, handler.getAcceptAnonymous()); + } finally { + handler.destroy(); + } + } + + public void testType() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + assertEquals(PseudoAuthenticationHandler.TYPE, handler.getType()); + } + + public void testAnonymousOn() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true"); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + AuthenticationToken token = handler.authenticate(request, response); + + assertEquals(AuthenticationToken.ANONYMOUS, token); + } finally { + handler.destroy(); + } + } + + public void testAnonymousOff() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + handler.authenticate(request, response); + fail(); + } catch (AuthenticationException ex) { + // Expected + } catch (Exception ex) { + fail(); + } finally { + handler.destroy(); + } + } + + private void _testUserName(boolean anonymous) throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous)); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + Mockito.when(request.getParameter(PseudoAuthenticator.USER_NAME)).thenReturn("user"); + + AuthenticationToken token = handler.authenticate(request, response); + + assertNotNull(token); + assertEquals("user", token.getUserName()); + assertEquals("user", token.getName()); + assertEquals(PseudoAuthenticationHandler.TYPE, token.getType()); + } finally { + handler.destroy(); + } + } + + public void testUserNameAnonymousOff() throws Exception { + _testUserName(false); + } + + public void testUserNameAnonymousOn() throws Exception { + _testUserName(true); + } + +} Propchange: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestKerberosName.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestKerberosName.java?rev=1346222&view=auto ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestKerberosName.java (added) +++ hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestKerberosName.java Tue Jun 5 03:11:07 2012 @@ -0,0 +1,88 @@ +package org.apache.hadoop.security.authentication.util; + +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import java.io.IOException; + +import org.apache.hadoop.security.authentication.KerberosTestUtils; +import org.junit.Before; +import org.junit.Test; +import static org.junit.Assert.*; + +public class TestKerberosName { + + @Before + public void setUp() throws Exception { + String rules = + "RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" + + "RULE:[2:$1](johndoe)s/^.*$/guest/\n" + + "RULE:[2:$1;$2](^.*;admin$)s/;admin$//\n" + + "RULE:[2:$2](root)\n" + + "DEFAULT"; + KerberosName.setRules(rules); + KerberosName.printRules(); + } + + private void checkTranslation(String from, String to) throws Exception { + System.out.println("Translate " + from); + KerberosName nm = new KerberosName(from); + String simple = nm.getShortName(); + System.out.println("to " + simple); + assertEquals("short name incorrect", to, simple); + } + + @Test + public void testRules() throws Exception { + checkTranslation("omalley@" + KerberosTestUtils.getRealm(), "omalley"); + checkTranslation("hdfs/10.0.0.1@" + KerberosTestUtils.getRealm(), "hdfs"); + checkTranslation("o...@yahoo.com", "oom"); + checkTranslation("johndoe/z...@foo.com", "guest"); + checkTranslation("joe/ad...@foo.com", "joe"); + checkTranslation("joe/r...@foo.com", "root"); + } + + private void checkBadName(String name) { + System.out.println("Checking " + name + " to ensure it is bad."); + try { + new KerberosName(name); + fail("didn't get exception for " + name); + } catch (IllegalArgumentException iae) { + // PASS + } + } + + private void checkBadTranslation(String from) { + System.out.println("Checking bad translation for " + from); + KerberosName nm = new KerberosName(from); + try { + nm.getShortName(); + fail("didn't get exception for " + from); + } catch (IOException ie) { + // PASS + } + } + + @Test + public void testAntiPatterns() throws Exception { + checkBadName("owen/owen/o...@foo.com"); + checkBadName("owen@foo/bar.com"); + checkBadTranslation("f...@acme.com"); + checkBadTranslation("root/j...@foo.com"); + } +} Propchange: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestKerberosName.java ------------------------------------------------------------------------------ svn:mime-type = text/plain Added: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestSigner.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestSigner.java?rev=1346222&view=auto ============================================================================== --- hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestSigner.java (added) +++ hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestSigner.java Tue Jun 5 03:11:07 2012 @@ -0,0 +1,93 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.util; + +import junit.framework.TestCase; + +public class TestSigner extends TestCase { + + public void testNoSecret() throws Exception { + try { + new Signer(null); + fail(); + } + catch (IllegalArgumentException ex) { + } + } + + public void testNullAndEmptyString() throws Exception { + Signer signer = new Signer("secret".getBytes()); + try { + signer.sign(null); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + signer.sign(""); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + } + + public void testSignature() throws Exception { + Signer signer = new Signer("secret".getBytes()); + String s1 = signer.sign("ok"); + String s2 = signer.sign("ok"); + String s3 = signer.sign("wrong"); + assertEquals(s1, s2); + assertNotSame(s1, s3); + } + + public void testVerify() throws Exception { + Signer signer = new Signer("secret".getBytes()); + String t = "test"; + String s = signer.sign(t); + String e = signer.verifyAndExtract(s); + assertEquals(t, e); + } + + public void testInvalidSignedText() throws Exception { + Signer signer = new Signer("secret".getBytes()); + try { + signer.verifyAndExtract("test"); + fail(); + } catch (SignerException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + } + + public void testTampering() throws Exception { + Signer signer = new Signer("secret".getBytes()); + String t = "test"; + String s = signer.sign(t); + s += "x"; + try { + signer.verifyAndExtract(s); + fail(); + } catch (SignerException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + } + +} Propchange: hadoop/common/branches/branch-0.22/common/src/test/core/org/apache/hadoop/security/authentication/util/TestSigner.java ------------------------------------------------------------------------------ svn:mime-type = text/plain