Examples with AuthenticationResult org.apache.qpid.server.security.auth.AuthenticationResult used on opensource projects

Example 31 with AuthenticationResult

use of org.apache.qpid.server.security.auth.AuthenticationResult in project qpid-broker-j by apache.

the class PlainNegotiatorTest method testHandleInvalidUser.

public void testHandleInvalidUser() throws Exception {
    final AuthenticationResult result = _negotiator.handleResponse(String.format(RESPONSE_FORMAT_STRING, "invalidUser", VALID_PASSWORD).getBytes(US_ASCII));
    assertEquals("Unexpected authentication result", _errorResult, result);
}

Example 32 with AuthenticationResult

use of org.apache.qpid.server.security.auth.AuthenticationResult in project qpid-broker-j by apache.

the class PlainNegotiatorTest method testHandleInvalidPassword.

public void testHandleInvalidPassword() throws Exception {
    final AuthenticationResult result = _negotiator.handleResponse(String.format(RESPONSE_FORMAT_STRING, VALID_USERNAME, "invalidPassword").getBytes(US_ASCII));
    assertEquals("Unexpected authentication result", _errorResult, result);
}

Example 33 with AuthenticationResult

use of org.apache.qpid.server.security.auth.AuthenticationResult in project qpid-broker-j by apache.

the class ScramNegotiatorTest method doSaslNegotiationTestValidCredentials.

private void doSaslNegotiationTestValidCredentials(final String mechanism, final AuthenticationProvider<?> authenticationProvider, final ScramSaslServerSource scramSaslServerSource) throws Exception {
    ScramNegotiator scramNegotiator = new ScramNegotiator(authenticationProvider, scramSaslServerSource, mechanism);
    byte[] initialResponse = createInitialResponse(VALID_USER_NAME);
    AuthenticationResult firstResult = scramNegotiator.handleResponse(initialResponse);
    assertEquals("Unexpected first result status", AuthenticationResult.AuthenticationStatus.CONTINUE, firstResult.getStatus());
    assertNotNull("Unexpected first result challenge", firstResult.getChallenge());
    byte[] response = calculateClientProof(firstResult.getChallenge(), scramSaslServerSource.getHmacName(), scramSaslServerSource.getDigestName(), VALID_USER_PASSWORD);
    AuthenticationResult secondResult = scramNegotiator.handleResponse(response);
    assertEquals("Unexpected second result status", AuthenticationResult.AuthenticationStatus.SUCCESS, secondResult.getStatus());
    assertNotNull("Unexpected second result challenge", secondResult.getChallenge());
    assertEquals("Unexpected second result principal", VALID_USER_NAME, secondResult.getMainPrincipal().getName());
    String serverFinalMessage = new String(secondResult.getChallenge(), ASCII);
    String[] parts = serverFinalMessage.split(",");
    if (!parts[0].startsWith("v=")) {
        fail("Server final message did not contain verifier");
    }
    byte[] serverSignature = Strings.decodeBase64(parts[0].substring(2));
    if (!Arrays.equals(_serverSignature, serverSignature)) {
        fail("Server signature did not match");
    }
    AuthenticationResult thirdResult = scramNegotiator.handleResponse(initialResponse);
    assertEquals("Unexpected result status after completion of negotiation", AuthenticationResult.AuthenticationStatus.ERROR, thirdResult.getStatus());
    assertNull("Unexpected principal after completion of negotiation", thirdResult.getMainPrincipal());
}

Example 34 with AuthenticationResult

use of org.apache.qpid.server.security.auth.AuthenticationResult in project qpid-broker-j by apache.

the class AMQPConnection_0_8Test method setUp.

@Override
public void setUp() throws Exception {
    super.setUp();
    EventLogger value = new EventLogger();
    SystemConfig systemConfig = mock(SystemConfig.class);
    when(systemConfig.getEventLogger()).thenReturn(mock(EventLogger.class));
    _taskExecutor = new TaskExecutorImpl();
    _taskExecutor.start();
    Model model = BrokerModel.getInstance();
    _broker = mock(Broker.class);
    when(_broker.getParent()).thenReturn(systemConfig);
    when(_broker.getModel()).thenReturn(model);
    when(_broker.getCategoryClass()).thenReturn(Broker.class);
    when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_broker.getChildExecutor()).thenReturn(_taskExecutor);
    when(_broker.getEventLogger()).thenReturn(value);
    when(_broker.getContextValue(eq(Long.class), eq(Broker.CHANNEL_FLOW_CONTROL_ENFORCEMENT_TIMEOUT))).thenReturn(0l);
    _virtualHostNode = mock(VirtualHostNode.class);
    when(_virtualHostNode.getParent()).thenReturn(_broker);
    when(_virtualHostNode.getModel()).thenReturn(model);
    when(_virtualHostNode.getCategoryClass()).thenReturn(VirtualHostNode.class);
    when(_virtualHostNode.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_virtualHostNode.getChildExecutor()).thenReturn(_taskExecutor);
    _virtualHost = mock(QueueManagingVirtualHost.class);
    VirtualHostPrincipal virtualHostPrincipal = new VirtualHostPrincipal(_virtualHost);
    when(_virtualHost.getParent()).thenReturn(_virtualHostNode);
    when(_virtualHost.getModel()).thenReturn(model);
    when(_virtualHost.getCategoryClass()).thenReturn(VirtualHost.class);
    when(_virtualHost.getState()).thenReturn(State.ACTIVE);
    when(_virtualHost.isActive()).thenReturn(true);
    when(_virtualHost.getTaskExecutor()).thenReturn(_taskExecutor);
    when(_virtualHost.getPrincipal()).thenReturn(virtualHostPrincipal);
    when(_virtualHost.getContextValue(Integer.class, Broker.MESSAGE_COMPRESSION_THRESHOLD_SIZE)).thenReturn(1024);
    when(_virtualHost.getContextValue(Long.class, Connection.MAX_UNCOMMITTED_IN_MEMORY_SIZE)).thenReturn(1024l);
    when(_virtualHost.getContextValue(Boolean.class, Broker.BROKER_MSG_AUTH)).thenReturn(false);
    when(_virtualHost.authoriseCreateConnection(any(AMQPConnection.class))).thenReturn(true);
    when(_virtualHost.getEventLogger()).thenReturn(value);
    SubjectCreator subjectCreator = mock(SubjectCreator.class);
    SaslNegotiator saslNegotiator = mock(SaslNegotiator.class);
    when(subjectCreator.createSaslNegotiator(eq(SASL_MECH.toString()), any(SaslSettings.class))).thenReturn(saslNegotiator);
    when(subjectCreator.authenticate(saslNegotiator, SASL_RESPONSE)).thenReturn(new SubjectAuthenticationResult(new AuthenticationResult(new AuthenticatedPrincipal(new UsernamePrincipal("username", null))), new Subject()));
    AuthenticationProvider authenticationProvider = mock(AuthenticationProvider.class);
    when(authenticationProvider.getAvailableMechanisms(anyBoolean())).thenReturn(Collections.singletonList(SASL_MECH.toString()));
    _port = mock(AmqpPort.class);
    when(_port.getParent()).thenReturn(_broker);
    when(_port.getCategoryClass()).thenReturn(Port.class);
    when(_port.getChildExecutor()).thenReturn(_taskExecutor);
    when(_port.getModel()).thenReturn(model);
    when(_port.getAuthenticationProvider()).thenReturn(authenticationProvider);
    when(_port.getAddressSpace(VIRTUAL_HOST_NAME)).thenReturn(_virtualHost);
    when(_port.getContextValue(Long.class, Port.CONNECTION_MAXIMUM_AUTHENTICATION_DELAY)).thenReturn(2500l);
    when(_port.getContextValue(Integer.class, Connection.MAX_MESSAGE_SIZE)).thenReturn(Connection.DEFAULT_MAX_MESSAGE_SIZE);
    when(_port.getSubjectCreator(eq(false), anyString())).thenReturn(subjectCreator);
    _sender = mock(ByteBufferSender.class);
    _network = mock(ServerNetworkConnection.class);
    when(_network.getSender()).thenReturn(_sender);
    when(_network.getLocalAddress()).thenReturn(new InetSocketAddress("localhost", 12345));
    _transport = Transport.TCP;
    _protocol = Protocol.AMQP_0_8;
    _ticker = new AggregateTicker();
}

Example 35 with AuthenticationResult

use of org.apache.qpid.server.security.auth.AuthenticationResult in project qpid-broker-j by apache.

the class BasicAuthPreemptiveAuthenticator method attemptAuthentication.

@Override
public Subject attemptAuthentication(final HttpServletRequest request, final HttpManagementConfiguration managementConfiguration) {
    String header = request.getHeader("Authorization");
    final Port<?> port = managementConfiguration.getPort(request);
    final AuthenticationProvider<?> authenticationProvider = managementConfiguration.getAuthenticationProvider(request);
    SubjectCreator subjectCreator = port.getSubjectCreator(request.isSecure(), request.getServerName());
    if (header != null && authenticationProvider instanceof UsernamePasswordAuthenticationProvider) {
        UsernamePasswordAuthenticationProvider<?> namePasswdAuthProvider = (UsernamePasswordAuthenticationProvider<?>) authenticationProvider;
        String[] tokens = header.split("\\s");
        if (tokens.length >= 2 && "BASIC".equalsIgnoreCase(tokens[0])) {
            boolean isBasicAuthSupported = false;
            if (request.isSecure()) {
                isBasicAuthSupported = managementConfiguration.isHttpsBasicAuthenticationEnabled();
            } else {
                isBasicAuthSupported = managementConfiguration.isHttpBasicAuthenticationEnabled();
            }
            if (isBasicAuthSupported) {
                String base64UsernameAndPassword = tokens[1];
                String[] credentials = (new String(Strings.decodeBase64(base64UsernameAndPassword), StandardCharsets.UTF_8)).split(":", 2);
                if (credentials.length == 2) {
                    String username = credentials[0];
                    String password = credentials[1];
                    AuthenticationResult authenticationResult = namePasswdAuthProvider.authenticate(username, password);
                    SubjectAuthenticationResult result = subjectCreator.createResultWithGroups(authenticationResult);
                    return result.getSubject();
                }
            }
        }
    }
    return null;
}