Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ELY 2173] Add test for the CLIENT_CERT mechanism
- Loading branch information
Dimitris Kafetzis
committed
Sep 19, 2023
1 parent
fd18d21
commit f51784c
Showing
5 changed files
with
384 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
106 changes: 106 additions & 0 deletions
106
...est/java/org.wildfly.security.http.cert/ClientCertAuthenticationMechanismFactoryTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,106 @@ | ||
| package org.wildfly.security.http.cert; | ||
|
|
||
| import org.wildfly.security.http.HttpAuthenticationException; | ||
| import org.wildfly.security.http.HttpServerAuthenticationMechanism; | ||
| import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory; | ||
|
|
||
| import javax.security.auth.callback.Callback; | ||
| import javax.security.auth.callback.CallbackHandler; | ||
| import javax.security.auth.callback.UnsupportedCallbackException; | ||
| import java.io.IOException; | ||
| import java.util.HashMap; | ||
| import java.util.Map; | ||
| import org.junit.Assert; | ||
| import org.junit.Test; | ||
|
|
||
| public class ClientCertAuthenticationMechanismFactoryTest { | ||
| private HttpServerAuthenticationMechanismFactory clientCertMechanismFactory = new ClientCertMechanismFactory(); | ||
|
|
||
| CallbackHandler dummyCallbackHandler = new CallbackHandler() { | ||
| @Override | ||
| public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { | ||
| } | ||
| }; | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#getMechanismNames(Map)} correctly | ||
| * handles null or empty properties parameter as possible value. | ||
| */ | ||
| @Test | ||
| public void testGetMechanismNamesPropertiesNull() { | ||
| clientCertMechanismFactory.getMechanismNames(null); | ||
| clientCertMechanismFactory.getMechanismNames(new HashMap<String, String>()); | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#getMechanismNames(Map)} does not return null. | ||
| */ | ||
| @Test | ||
| public void testGetMechanismNamesReturnNotNull() { | ||
| String[] mechanismNames = clientCertMechanismFactory.getMechanismNames(null); | ||
| Assert.assertNotNull("Array of mechanism names is not null.", mechanismNames); | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle null mechanism name parameter correctly - does not allow. | ||
| * @throws HttpAuthenticationException | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismMechanismNameNull() throws HttpAuthenticationException { | ||
| try { | ||
| clientCertMechanismFactory.createAuthenticationMechanism(null, new HashMap<String,String>(), dummyCallbackHandler); | ||
| Assert.fail("Mechanism name could not be null"); | ||
| } catch (IllegalArgumentException e) { | ||
| // OK - expected exception state | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle null properties parameter correctly - does not allow. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismPropertiesNull() throws HttpAuthenticationException { | ||
| try { | ||
| clientCertMechanismFactory.createAuthenticationMechanism("CLIENT_CERT", null, dummyCallbackHandler); | ||
| Assert.fail("Properties could not be null"); | ||
| } catch (IllegalArgumentException e) { | ||
| // OK - expected exception state | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle wrong mechanism ("BASIC") - returns null. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismBasicMechanismName() throws HttpAuthenticationException{ | ||
| HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = clientCertMechanismFactory.createAuthenticationMechanism("BASIC",new HashMap<String,String>(),dummyCallbackHandler); | ||
| Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle null properties parameter correctly - does not allow. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismCallbackHandlerNull() throws HttpAuthenticationException { | ||
| try { | ||
| clientCertMechanismFactory.createAuthenticationMechanism("CLIENT_CERT", new HashMap<String,String>(), null); | ||
| Assert.fail("CallbackHandler could not be null"); | ||
| } catch (IllegalArgumentException e) { | ||
| // OK - expected exception state | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Tests that {@link ServerMechanismFactoryImpl#createAuthenticationMechanism(String, Map, javax.security.auth.callback.CallbackHandler)} | ||
| * does handle wrong mechanism name correctly - returns null. | ||
| */ | ||
| @Test | ||
| public void testCreateAuthenticationMechanismWrongMechanismName() throws HttpAuthenticationException { | ||
| HttpServerAuthenticationMechanism httpServerAuthenticationMechanism = clientCertMechanismFactory.createAuthenticationMechanism("MECHANISM_NAME_DOES_NOT_EXISTS", new HashMap<String,String>(), dummyCallbackHandler); | ||
| Assert.assertNull("Provided mechanism must be null.", httpServerAuthenticationMechanism); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
...e/src/test/java/org/wildfly/security/http/cert/ClientCertAuthenticationMechanismTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| package org.wildfly.security.http.cert; | ||
|
|
||
| import mockit.Tested; | ||
| import org.junit.AfterClass; | ||
| import org.junit.Assert; | ||
| import org.junit.BeforeClass; | ||
| import org.junit.Test; | ||
| import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm; | ||
| import org.wildfly.security.auth.server.SecurityDomain; | ||
| import org.wildfly.security.cache.IdentityCache; | ||
| import org.wildfly.security.http.HttpAuthenticationException; | ||
| import org.wildfly.security.http.HttpServerAuthenticationMechanism; | ||
| import org.wildfly.security.http.impl.AbstractBaseHttpTest; | ||
|
|
||
| import javax.security.auth.x500.X500Principal; | ||
| import java.security.Provider; | ||
| import java.security.Security; | ||
| import java.util.HashMap; | ||
| import java.util.Map; | ||
| import static org.wildfly.security.http.HttpConstants.*; | ||
|
|
||
| public class ClientCertAuthenticationMechanismTest extends AbstractBaseHttpTest { | ||
| private static final Provider provider = WildFlyElytronHttpClientCertProvider.getInstance(); | ||
|
|
||
| @Tested | ||
| private IdentityCache identityCache; | ||
|
|
||
| @BeforeClass | ||
| public static void registerCertProvider() { | ||
| Security.insertProviderAt(provider, 1); | ||
| SecurityDomain securityDomain = SecurityDomain.builder().addRealm("Simple", new SimpleMapBackedSecurityRealm()).build().setDefaultRealmName("Simple").build(); | ||
| } | ||
|
|
||
| @AfterClass | ||
| public static void removeCertProvider() { | ||
| Security.removeProvider(provider.getName()); | ||
| } | ||
|
|
||
| private HttpServerAuthenticationMechanism createMechanism() throws HttpAuthenticationException { | ||
| Map<String, Object> props = new HashMap<>(); | ||
| return certFactory.createAuthenticationMechanism(CLIENT_CERT_NAME, props, getCallbackHandler("Duk3")); | ||
| } | ||
|
|
||
| //Test request with no certs | ||
| @Test | ||
| public void testNoCert() throws Exception { | ||
| TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{}); | ||
| createMechanism().evaluateRequest(request); | ||
| Assert.assertEquals(Status.NO_AUTH, request.getResult()); | ||
| } | ||
|
|
||
| //Test request with invalid/unknown cert | ||
| @Test | ||
| public void testUnknownCert() throws Exception { | ||
| TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{"Cert random"}, new X500Principal("CN=Duke, OU=Test, O=Wonderland, C=US")); | ||
| createMechanism().evaluateRequest(request); | ||
| Assert.assertEquals(Status.FAILED, request.getResult()); | ||
| } | ||
|
|
||
| //Test request with known cert | ||
| @Test | ||
| public void testKnownCert() throws Exception { | ||
| TestingHttpServerRequest request = new TestingHttpServerRequest(new String[]{"Cert test"}, new X500Principal("CN=Duk3, OU=T3st, O=W0nd3rl4nd, C=US")); | ||
| createMechanism().evaluateRequest(request); | ||
| Assert.assertEquals(Status.COMPLETE, request.getResult()); | ||
| } | ||
| } |
Oops, something went wrong.