Search in sources :

Example 6 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class SecureQueryEncryptDecryptProcessorTest method testEncryptBadDecrypt.

@Test
public void testEncryptBadDecrypt() throws Exception {
    Query query;
    Template origTemplate = Parser.parseLiteral("http://host:0/path/file?query-param-name=query-param-value");
    // Test encryption.  Results are left in encTemplate
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    String secret = "sdkjfhsdkjfhsdfs";
    EasyMock.expect(as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn(secret.toCharArray()).anyTimes();
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn("test-cluster-name").anyTimes();
    UrlRewriteContext encContext = EasyMock.createNiceMock(UrlRewriteContext.class);
    EasyMock.expect(encContext.getCurrentUrl()).andReturn(origTemplate);
    Capture<Template> encTemplate = new Capture<Template>();
    encContext.setCurrentUrl(EasyMock.capture(encTemplate));
    EasyMock.replay(gatewayServices, as, encEnvironment, encContext);
    SecureQueryEncryptDescriptor descriptor = new SecureQueryEncryptDescriptor();
    SecureQueryEncryptProcessor processor = new SecureQueryEncryptProcessor();
    processor.initialize(encEnvironment, descriptor);
    processor.process(encContext);
    assertThat(encTemplate, notNullValue());
    query = encTemplate.getValue().getQuery().get("_");
    assertThat(query.getFirstValue().getPattern().length(), greaterThan(1));
    query = encTemplate.getValue().getQuery().get("query-param-name");
    assertThat(query, nullValue());
    // Test decryption with decode returning null
    gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn(secret.toCharArray()).anyTimes();
    UrlRewriteEnvironment decEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn("test-cluster-name").anyTimes();
    Params decParams = EasyMock.createNiceMock(Params.class);
    EasyMock.expect(decParams.resolve(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(Arrays.asList("test-cluster-name")).anyTimes();
    UrlRewriteContext decContext = EasyMock.createNiceMock(UrlRewriteContext.class);
    EasyMock.expect(decContext.getCurrentUrl()).andReturn(encTemplate.getValue());
    EasyMock.expect(decContext.getParameters()).andReturn(decParams);
    Capture<Template> decTemplate = new Capture<Template>();
    decContext.setCurrentUrl(EasyMock.capture(decTemplate));
    SecureQueryDecryptDescriptor descriptor1 = new SecureQueryDecryptDescriptor();
    SecureQueryDecryptProcessor decProcessor = EasyMock.createMockBuilder(SecureQueryDecryptProcessor.class).addMockedMethod(SecureQueryDecryptProcessor.class.getDeclaredMethod("decode", String.class)).createMock();
    EasyMock.expect(decProcessor.decode(EasyMock.anyObject(String.class))).andReturn(null);
    EasyMock.replay(gatewayServices, as, decEnvironment, decParams, decContext, decProcessor);
    decProcessor.initialize(decEnvironment, descriptor1);
    UrlRewriteStepStatus status = decProcessor.process(decContext);
    Assert.assertTrue((status == UrlRewriteStepStatus.FAILURE));
}
Also used : UrlRewriteEnvironment(org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment) GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) Query(org.apache.knox.gateway.util.urltemplate.Query) Params(org.apache.knox.gateway.util.urltemplate.Params) UrlRewriteContext(org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext) Capture(org.easymock.Capture) Template(org.apache.knox.gateway.util.urltemplate.Template) UrlRewriteStepStatus(org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) CryptoService(org.apache.knox.gateway.services.security.CryptoService) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) Test(org.junit.Test)

Example 7 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class SecureQueryEncryptDecryptProcessorTest method testEncryptDecrypt.

@Test
public void testEncryptDecrypt() throws Exception {
    Query query;
    Template origTemplate = Parser.parseLiteral("http://host:0/path/file?query-param-name=query-param-value");
    // Test encryption.  Results are left in encTemplate
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    String secret = "sdkjfhsdkjfhsdfs";
    EasyMock.expect(as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn(secret.toCharArray()).anyTimes();
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    UrlRewriteEnvironment encEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(encEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn("test-cluster-name").anyTimes();
    UrlRewriteContext encContext = EasyMock.createNiceMock(UrlRewriteContext.class);
    EasyMock.expect(encContext.getCurrentUrl()).andReturn(origTemplate);
    Capture<Template> encTemplate = new Capture<Template>();
    encContext.setCurrentUrl(EasyMock.capture(encTemplate));
    EasyMock.replay(gatewayServices, as, encEnvironment, encContext);
    SecureQueryEncryptDescriptor descriptor = new SecureQueryEncryptDescriptor();
    SecureQueryEncryptProcessor processor = new SecureQueryEncryptProcessor();
    processor.initialize(encEnvironment, descriptor);
    processor.process(encContext);
    assertThat(encTemplate, notNullValue());
    query = encTemplate.getValue().getQuery().get("_");
    assertThat(query.getFirstValue().getPattern().length(), greaterThan(1));
    query = encTemplate.getValue().getQuery().get("query-param-name");
    assertThat(query, nullValue());
    // Test decryption.  Results are left in decTemplate.
    gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService);
    as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getPasswordFromAliasForCluster("test-cluster-name", "encryptQueryString")).andReturn(secret.toCharArray()).anyTimes();
    UrlRewriteEnvironment decEnvironment = EasyMock.createNiceMock(UrlRewriteEnvironment.class);
    EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE)).andReturn(gatewayServices).anyTimes();
    EasyMock.expect(decEnvironment.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn("test-cluster-name").anyTimes();
    Params decParams = EasyMock.createNiceMock(Params.class);
    EasyMock.expect(decParams.resolve(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE)).andReturn(Arrays.asList("test-cluster-name")).anyTimes();
    UrlRewriteContext decContext = EasyMock.createNiceMock(UrlRewriteContext.class);
    EasyMock.expect(decContext.getCurrentUrl()).andReturn(encTemplate.getValue());
    EasyMock.expect(decContext.getParameters()).andReturn(decParams);
    Capture<Template> decTemplate = new Capture<Template>();
    decContext.setCurrentUrl(EasyMock.capture(decTemplate));
    EasyMock.replay(gatewayServices, as, decEnvironment, decParams, decContext);
    SecureQueryDecryptDescriptor descriptor1 = new SecureQueryDecryptDescriptor();
    SecureQueryDecryptProcessor decProcessor = new SecureQueryDecryptProcessor();
    decProcessor.initialize(decEnvironment, descriptor1);
    decProcessor.process(decContext);
    assertThat(decTemplate, notNullValue());
    assertThat(decTemplate.getValue(), notNullValue());
    query = decTemplate.getValue().getQuery().get("query-param-name");
    assertThat(query.getFirstValue().getPattern(), is("query-param-value"));
    query = decTemplate.getValue().getQuery().get("_");
    assertThat(query, nullValue());
}
Also used : UrlRewriteEnvironment(org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment) GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) Query(org.apache.knox.gateway.util.urltemplate.Query) Params(org.apache.knox.gateway.util.urltemplate.Params) UrlRewriteContext(org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext) Capture(org.easymock.Capture) Template(org.apache.knox.gateway.util.urltemplate.Template) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) CryptoService(org.apache.knox.gateway.services.security.CryptoService) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) Test(org.junit.Test)

Example 8 with CryptoService

use of org.apache.knox.gateway.services.security.CryptoService in project knox by apache.

the class ShiroDeploymentContributorTest method testDeployment.

@Test
public void testDeployment() throws IOException {
    WebArchive webArchive = ShrinkWrap.create(WebArchive.class, "test-archive");
    Map<String, String> providerParams = new HashMap<>();
    Provider provider = new Provider();
    provider.setEnabled(true);
    provider.setName("shiro");
    provider.setParams(providerParams);
    Topology topology = new Topology();
    topology.setName("Sample");
    DeploymentContext context = EasyMock.createNiceMock(DeploymentContext.class);
    EasyMock.expect(context.getWebArchive()).andReturn(webArchive).anyTimes();
    EasyMock.expect(context.getWebAppDescriptor()).andReturn(Descriptors.create(WebAppDescriptor.class)).anyTimes();
    EasyMock.expect(context.getTopology()).andReturn(topology).anyTimes();
    EasyMock.replay(context);
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    CryptoService cryptoService = new DefaultCryptoService();
    ((DefaultCryptoService) cryptoService).setAliasService(as);
    GatewayServices gatewayServices = EasyMock.createNiceMock(GatewayServices.class);
    EasyMock.expect(gatewayServices.getService(GatewayServices.CRYPTO_SERVICE)).andReturn(cryptoService).anyTimes();
    ShiroDeploymentContributor contributor = new ShiroDeploymentContributor();
    assertThat(contributor.getRole(), is("authentication"));
    assertThat(contributor.getName(), is("ShiroProvider"));
    // Just make sure it doesn't blow up.
    contributor.initializeContribution(context);
    contributor.contributeProvider(context, provider);
    // Just make sure it doesn't blow up.
    contributor.finalizeContribution(context);
    assertThat(context.getWebAppDescriptor().getOrCreateSessionConfig().getOrCreateCookieConfig().isHttpOnly(), is(true));
    assertThat(context.getWebAppDescriptor().getOrCreateSessionConfig().getOrCreateCookieConfig().isSecure(), is(true));
}
Also used : DeploymentContext(org.apache.knox.gateway.deploy.DeploymentContext) GatewayServices(org.apache.knox.gateway.services.GatewayServices) AliasService(org.apache.knox.gateway.services.security.AliasService) HashMap(java.util.HashMap) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) CryptoService(org.apache.knox.gateway.services.security.CryptoService) WebArchive(org.jboss.shrinkwrap.api.spec.WebArchive) Topology(org.apache.knox.gateway.topology.Topology) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) Provider(org.apache.knox.gateway.topology.Provider) Test(org.junit.Test)

Aggregations

GatewayServices (org.apache.knox.gateway.services.GatewayServices)8 CryptoService (org.apache.knox.gateway.services.security.CryptoService)8 AliasService (org.apache.knox.gateway.services.security.AliasService)7 DefaultCryptoService (org.apache.knox.gateway.services.security.impl.DefaultCryptoService)7 Test (org.junit.Test)7 UrlRewriteEnvironment (org.apache.knox.gateway.filter.rewrite.api.UrlRewriteEnvironment)6 UrlRewriteContext (org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteContext)4 Capture (org.easymock.Capture)4 HashMap (java.util.HashMap)3 DeploymentContext (org.apache.knox.gateway.deploy.DeploymentContext)3 Provider (org.apache.knox.gateway.topology.Provider)3 Topology (org.apache.knox.gateway.topology.Topology)3 Template (org.apache.knox.gateway.util.urltemplate.Template)3 WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)3 UrlRewriteStepStatus (org.apache.knox.gateway.filter.rewrite.spi.UrlRewriteStepStatus)2 Params (org.apache.knox.gateway.util.urltemplate.Params)2 Query (org.apache.knox.gateway.util.urltemplate.Query)2 EncryptStepContextParams (org.apache.knox.gateway.encrypturi.EncryptStepContextParams)1 DecryptUriDescriptor (org.apache.knox.gateway.encrypturi.api.DecryptUriDescriptor)1 EncryptUriDescriptor (org.apache.knox.gateway.encrypturi.api.EncryptUriDescriptor)1