Search in sources :

Example 1 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method _testDoFilterAuthentication.

private void _testDoFilterAuthentication(boolean withDomainPath, boolean invalidToken, boolean expired) throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    FilterConfig config = Mockito.mock(FilterConfig.class);
    Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
    Mockito.when(config.getInitParameter("expired.token")).thenReturn(Boolean.toString(expired));
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
    Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TOKEN_VALIDITY)).thenReturn(new Long(TOKEN_VALIDITY_SEC).toString());
    Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
    Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY, AuthenticationFilter.SIGNATURE_SECRET, "management.operation" + ".return", "expired.token")).elements());
    getMockedServletContextWithStringSigner(config);
    if (withDomainPath) {
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.AUTH_TOKEN_VALIDITY, AuthenticationFilter.SIGNATURE_SECRET, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH, "management.operation.return")).elements());
    }
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    Mockito.when(request.getParameter("authenticated")).thenReturn("true");
    Mockito.when(request.getRequestURL()).thenReturn(new StringBuffer("http://foo:8080/bar"));
    Mockito.when(request.getRequestURI()).thenReturn("/bar");
    Mockito.when(request.getQueryString()).thenReturn("authenticated=true");
    if (invalidToken) {
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { new Cookie(AuthenticatedURL.AUTH_COOKIE, "foo") });
    }
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    FilterChain chain = Mockito.mock(FilterChain.class);
    final HashMap<String, String> cookieMap = new HashMap<String, String>();
    Mockito.doAnswer(new Answer<Object>() {

        @Override
        public Object answer(InvocationOnMock invocation) throws Throwable {
            String cookieHeader = (String) invocation.getArguments()[1];
            parseCookieMap(cookieHeader, cookieMap);
            return null;
        }
    }).when(response).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
    try {
        filter.init(config);
        filter.doFilter(request, response, chain);
        if (expired) {
            Mockito.verify(response, Mockito.never()).addHeader(Mockito.eq("Set-Cookie"), Mockito.anyString());
        } else {
            String v = cookieMap.get(AuthenticatedURL.AUTH_COOKIE);
            Assert.assertNotNull("cookie missing", v);
            Assert.assertTrue(v.contains("u=") && v.contains("p=") && v.contains("t=") && v.contains("e=") && v.contains("s="));
            Mockito.verify(chain).doFilter(Mockito.any(ServletRequest.class), Mockito.any(ServletResponse.class));
            SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
            Properties secretProviderProps = new Properties();
            secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
            secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
            Signer signer = new Signer(secretProvider);
            String value = signer.verifyAndExtract(v);
            AuthenticationToken token = AuthenticationToken.parse(value);
            assertThat(token.getExpires(), not(0L));
            if (withDomainPath) {
                Assert.assertEquals(".foo.com", cookieMap.get("Domain"));
                Assert.assertEquals("/bar", cookieMap.get("Path"));
            } else {
                Assert.assertFalse(cookieMap.containsKey("Domain"));
                Assert.assertFalse(cookieMap.containsKey("Path"));
            }
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletRequest(javax.servlet.ServletRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) ServletResponse(javax.servlet.ServletResponse) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) HashMap(java.util.HashMap) FilterChain(javax.servlet.FilterChain) HttpServletResponse(javax.servlet.http.HttpServletResponse) Properties(java.util.Properties) HttpServletRequest(javax.servlet.http.HttpServletRequest) Signer(com.hortonworks.registries.auth.util.Signer) InvocationOnMock(org.mockito.invocation.InvocationOnMock) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector)

Example 2 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testGetToken.

@Test
public void testGetToken() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        SignerSecretProvider secretProvider = getMockedServletContextWithStringSigner(config);
        filter.init(config);
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setExpires(System.currentTimeMillis() + TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        AuthenticationToken newToken = filter.getToken(request);
        Assert.assertEquals(token.toString(), newToken.toString());
    } finally {
        filter.destroy();
    }
}
Also used : Signer(com.hortonworks.registries.auth.util.Signer) HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) HttpServletRequest(javax.servlet.http.HttpServletRequest) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Example 3 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method getMockedServletContextWithStringSigner.

private static SignerSecretProvider getMockedServletContextWithStringSigner(FilterConfig config) throws Exception {
    Properties secretProviderProps = new Properties();
    secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
    SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
    secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
    ServletContext context = Mockito.mock(ServletContext.class);
    Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(secretProvider);
    Mockito.when(config.getServletContext()).thenReturn(context);
    return secretProvider;
}
Also used : SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) ServletContext(javax.servlet.ServletContext) Properties(java.util.Properties)

Example 4 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testInit.

@Test
public void testInit() throws Exception {
    // custom secret as inline
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<>(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(new SignerSecretProvider() {

            @Override
            public void init(Properties config, ServletContext servletContext, long tokenValidity) {
            }

            @Override
            public byte[] getCurrentSecret() {
                return null;
            }

            @Override
            public byte[][] getAllSecrets() {
                return null;
            }
        });
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertFalse(filter.isRandomSecret());
        Assert.assertTrue(filter.isCustomSignerSecretProvider());
    } finally {
        filter.destroy();
    }
    // custom secret by file
    File testDir = new File(System.getProperty("test.build.data", "target/test-dir"));
    testDir.mkdirs();
    String secretValue = "hadoop";
    File secretFile = new File(testDir, "http-secret.txt");
    Writer writer = new FileWriter(secretFile);
    writer.write(secretValue);
    writer.close();
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET_FILE)).thenReturn(secretFile.getAbsolutePath());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET_FILE)).elements());
        ServletContext context = Mockito.mock(ServletContext.class);
        Mockito.when(context.getAttribute(AuthenticationFilter.SIGNER_SECRET_PROVIDER_ATTRIBUTE)).thenReturn(null);
        Mockito.when(config.getServletContext()).thenReturn(context);
        filter.init(config);
        Assert.assertFalse(filter.isRandomSecret());
        Assert.assertFalse(filter.isCustomSignerSecretProvider());
    } finally {
        filter.destroy();
    }
    // custom cookie domain and cookie path
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("simple");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_DOMAIN)).thenReturn(".foo.com");
        Mockito.when(config.getInitParameter(AuthenticationFilter.COOKIE_PATH)).thenReturn("/bar");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.COOKIE_DOMAIN, AuthenticationFilter.COOKIE_PATH)).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        Assert.assertEquals(".foo.com", filter.getCookieDomain());
        Assert.assertEquals("/bar", filter.getCookiePath());
    } finally {
        filter.destroy();
    }
    // authentication handler lifecycle, and custom impl
    DummyAuthenticationHandler.reset();
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        Assert.assertTrue(DummyAuthenticationHandler.init);
    } finally {
        filter.destroy();
        Assert.assertTrue(DummyAuthenticationHandler.destroy);
    }
    // kerberos auth handler
    filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        ServletContext sc = Mockito.mock(ServletContext.class);
        Mockito.when(config.getServletContext()).thenReturn(sc);
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn("kerberos");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE)).elements());
        filter.init(config);
    } catch (ServletException ex) {
    // Expected
    } finally {
        Assert.assertEquals(KerberosAuthenticationHandler.class, filter.getAuthenticationHandler().getClass());
        filter.destroy();
    }
}
Also used : SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) FileWriter(java.io.FileWriter) Properties(java.util.Properties) ServletException(javax.servlet.ServletException) ServletContext(javax.servlet.ServletContext) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) File(java.io.File) FileWriter(java.io.FileWriter) Writer(java.io.Writer) Test(org.junit.Test)

Example 5 with SignerSecretProvider

use of com.hortonworks.registries.auth.util.SignerSecretProvider in project registry by hortonworks.

the class TestAuthenticationFilter method testGetTokenExpired.

@Test
public void testGetTokenExpired() throws Exception {
    AuthenticationFilter filter = new AuthenticationFilter();
    try {
        FilterConfig config = Mockito.mock(FilterConfig.class);
        Mockito.when(config.getInitParameter("management.operation.return")).thenReturn("true");
        Mockito.when(config.getInitParameter(AuthenticationFilter.AUTH_TYPE)).thenReturn(DummyAuthenticationHandler.class.getName());
        Mockito.when(config.getInitParameter(AuthenticationFilter.SIGNATURE_SECRET)).thenReturn("secret");
        Mockito.when(config.getInitParameterNames()).thenReturn(new Vector<String>(Arrays.asList(AuthenticationFilter.AUTH_TYPE, AuthenticationFilter.SIGNATURE_SECRET, "management.operation.return")).elements());
        getMockedServletContextWithStringSigner(config);
        filter.init(config);
        AuthenticationToken token = new AuthenticationToken("u", "p", DummyAuthenticationHandler.TYPE);
        token.setExpires(System.currentTimeMillis() - TOKEN_VALIDITY_SEC);
        SignerSecretProvider secretProvider = StringSignerSecretProviderCreator.newStringSignerSecretProvider();
        Properties secretProviderProps = new Properties();
        secretProviderProps.setProperty(AuthenticationFilter.SIGNATURE_SECRET, "secret");
        secretProvider.init(secretProviderProps, null, TOKEN_VALIDITY_SEC);
        Signer signer = new Signer(secretProvider);
        String tokenSigned = signer.sign(token.toString());
        Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, tokenSigned);
        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
        Mockito.when(request.getCookies()).thenReturn(new Cookie[] { cookie });
        boolean failed = false;
        try {
            filter.getToken(request);
        } catch (AuthenticationException ex) {
            Assert.assertEquals("AuthenticationToken expired", ex.getMessage());
            failed = true;
        } finally {
            Assert.assertTrue("token not expired", failed);
        }
    } finally {
        filter.destroy();
    }
}
Also used : HttpCookie(java.net.HttpCookie) Cookie(javax.servlet.http.Cookie) SignerSecretProvider(com.hortonworks.registries.auth.util.SignerSecretProvider) AuthenticationException(com.hortonworks.registries.auth.client.AuthenticationException) Properties(java.util.Properties) Signer(com.hortonworks.registries.auth.util.Signer) HttpServletRequest(javax.servlet.http.HttpServletRequest) FilterConfig(javax.servlet.FilterConfig) Vector(java.util.Vector) Test(org.junit.Test)

Aggregations

SignerSecretProvider (com.hortonworks.registries.auth.util.SignerSecretProvider)10 Properties (java.util.Properties)9 Vector (java.util.Vector)9 FilterConfig (javax.servlet.FilterConfig)9 Signer (com.hortonworks.registries.auth.util.Signer)8 HttpCookie (java.net.HttpCookie)8 Cookie (javax.servlet.http.Cookie)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)8 Test (org.junit.Test)8 FilterChain (javax.servlet.FilterChain)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 AuthenticationException (com.hortonworks.registries.auth.client.AuthenticationException)2 ServletContext (javax.servlet.ServletContext)2 InvocationOnMock (org.mockito.invocation.InvocationOnMock)2 File (java.io.File)1 FileWriter (java.io.FileWriter)1 Writer (java.io.Writer)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1 ServletRequest (javax.servlet.ServletRequest)1