Search in sources :

Example 16 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class PersonDirectoryPrincipalResolverLdapTests method verifyResolver.

@Test
public void verifyResolver() {
    val attributeMerger = CoreAuthenticationUtils.getAttributeMerger(casProperties.getAuthn().getAttributeRepository().getCore().getMerger());
    val resolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(PrincipalFactoryUtils.newPrincipalFactory(), this.attributeRepository, attributeMerger, casProperties.getPersonDirectory());
    val p = resolver.resolve(new UsernamePasswordCredential("admin", "password"), Optional.of(CoreAuthenticationTestUtils.getPrincipal("admin")), Optional.of(new SimpleTestUsernamePasswordAuthenticationHandler()));
    assertNotNull(p);
    assertTrue(p.getAttributes().containsKey("description"));
    assertTrue(p.getAttributes().containsKey("entryDN"));
}
Also used : lombok.val(lombok.val) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 17 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class JdbcPasswordManagementServiceTests method verifyUserPasswordChange.

@Test
public void verifyUserPasswordChange() {
    val c = new UsernamePasswordCredential("casuser", "password");
    val bean = new PasswordChangeRequest();
    bean.setConfirmedPassword("newPassword1");
    bean.setUsername(c.getUsername());
    bean.setPassword("newPassword1");
    assertTrue(passwordChangeService.change(c, bean));
    assertFalse(passwordHistoryService.fetch(c.getUsername()).isEmpty());
    assertFalse(passwordChangeService.change(c, bean));
}
Also used : lombok.val(lombok.val) PasswordChangeRequest(org.apereo.cas.pm.PasswordChangeRequest) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test)

Example 18 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class PersonDirectoryPrincipalResolverOpenLdapTests method verifyResolverWithTags.

@Test
public void verifyResolverWithTags() throws Exception {
    val bindInit = new BindConnectionInitializer("cn=admin,dc=example,dc=org", new Credential("P@ssw0rd"));
    @Cleanup val connection = new LDAPConnection("localhost", 11389, bindInit.getBindDn(), bindInit.getBindCredential().getString());
    val uid = UUID.randomUUID().toString();
    val ldif = getLdif(uid);
    val rs = new ByteArrayInputStream(ldif.getBytes(StandardCharsets.UTF_8));
    LdapIntegrationTestsOperations.populateEntries(connection, rs, "ou=people,dc=example,dc=org", bindInit);
    val resolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(PrincipalFactoryUtils.newPrincipalFactory(), this.attributeRepository, CoreAuthenticationUtils.getAttributeMerger(casProperties.getAuthn().getAttributeRepository().getCore().getMerger()), casProperties.getPersonDirectory());
    val p = resolver.resolve(new UsernamePasswordCredential(uid, "password"), Optional.of(CoreAuthenticationTestUtils.getPrincipal(uid)), Optional.of(new SimpleTestUsernamePasswordAuthenticationHandler()));
    assertNotNull(p);
    assertTrue(p.getAttributes().containsKey("homePostalAddress;lang-jp"));
    assertTrue(p.getAttributes().containsKey("homePostalAddress;lang-fr"));
    assertTrue(p.getAttributes().containsKey("cn"));
    assertTrue(p.getAttributes().containsKey("surname"));
}
Also used : lombok.val(lombok.val) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Credential(org.ldaptive.Credential) ByteArrayInputStream(java.io.ByteArrayInputStream) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) BindConnectionInitializer(org.ldaptive.BindConnectionInitializer) Cleanup(lombok.Cleanup) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 19 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class X509CredentialsAuthenticationHandlerTests method getTestParameters.

/**
 * Gets the unit test parameters.
 *
 * @return Test parameter data.
 */
@SuppressWarnings("PMD.ExcessiveMethodLength")
public static Stream<Arguments> getTestParameters() {
    val params = new ArrayList<Arguments>();
    /* Test case #1: Unsupported credential type */
    var handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    params.add(arguments(handler, new UsernamePasswordCredential(), false, null, null));
    /* Test case #2:Valid certificate /*/
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    var credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
    /* Test case #3: Expired certificate */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-expired.crt")), true, null, new CertificateExpiredException()));
    /* Test case #4: Untrusted issuer */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false);
    params.add(arguments(handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()));
    /* Test case #5: Disallowed subject  */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"));
    params.add(arguments(handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()));
    /* Test case #6: Check key usage on a cert without keyUsage extension */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
    /* Test case #7: Require key usage on a cert without keyUsage extension */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new FailedLoginException()));
    /* Test case #8: Require key usage on a cert with acceptable keyUsage extension values */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    credential = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
    /* Test case #9: Require key usage on a cert with unacceptable keyUsage extension values */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, null, new FailedLoginException()));
    /*
         * Revocation tests
         */
    /* Test case #10: Valid certificate with CRL checking */
    var checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
    /* Test case #11: Revoked end user certificate */
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, null, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), null)));
    /* Test case #12: Valid certificate on expired CRL data */
    val zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), null, zeroThresholdPolicy);
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new ExpiredCRLException(null, ZonedDateTime.now(ZoneOffset.UTC))));
    /* Certificate not allowed */
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, RegexUtils.MATCH_NOTHING_PATTERN);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 0);
    var certificate = new CasX509Certificate(true);
    certificate.setBasicConstraints(Integer.MAX_VALUE);
    credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 1);
    certificate = new CasX509Certificate(true);
    certificate.setBasicConstraints(10);
    credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".+"), true, true, false);
    certificate = new CasX509Certificate(true);
    certificate.setKeyUsage(true);
    credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
    params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
    return params.stream();
}
Also used : lombok.val(lombok.val) RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException) CertificateExpiredException(java.security.cert.CertificateExpiredException) ArrayList(java.util.ArrayList) DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult) CasX509Certificate(org.apereo.cas.adaptors.x509.authentication.CasX509Certificate) ClassPathResource(org.springframework.core.io.ClassPathResource) ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy) ExpiredCRLException(org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException) FailedLoginException(javax.security.auth.login.FailedLoginException) X509CertificateCredential(org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential) ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential)

Example 20 with UsernamePasswordCredential

use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.

the class LdapAuthenticationHandler method getLdapAuthenticationResponse.

private AuthenticationResponse getLdapAuthenticationResponse(final UsernamePasswordCredential upc) throws PreventedException {
    try {
        LOGGER.debug("Attempting LDAP authentication for [{}]. Authenticator pre-configured attributes are [{}], " + "additional requested attributes for this authentication request are [{}]", upc, authenticator.getReturnAttributes(), authenticatedEntryAttributes);
        var ldaptiveCred = new Credential(upc.getPassword());
        val request = new AuthenticationRequest(upc.getUsername(), ldaptiveCred, authenticatedEntryAttributes);
        return authenticator.authenticate(request);
    } catch (final LdapException e) {
        LOGGER.trace(e.getMessage(), e);
        throw new PreventedException(e);
    }
}
Also used : lombok.val(lombok.val) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Credential(org.ldaptive.Credential) AuthenticationRequest(org.ldaptive.auth.AuthenticationRequest) LdapException(org.ldaptive.LdapException)

Aggregations

lombok.val (lombok.val)111 UsernamePasswordCredential (org.apereo.cas.authentication.credential.UsernamePasswordCredential)111 Test (org.junit.jupiter.api.Test)74 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)30 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)14 SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)12 HashMap (java.util.HashMap)8 Map (java.util.Map)8 BasicCredentialMetaData (org.apereo.cas.authentication.metadata.BasicCredentialMetaData)8 LinkedHashMap (java.util.LinkedHashMap)7 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)7 Executable (org.junit.jupiter.api.function.Executable)7 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)6 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)6 MockRequestContext (org.springframework.webflow.test.MockRequestContext)6 ArrayList (java.util.ArrayList)5 ClassPathResource (org.springframework.core.io.ClassPathResource)5 MockServletContext (org.springframework.mock.web.MockServletContext)5 FailedLoginException (javax.security.auth.login.FailedLoginException)4 SurrogateUsernamePasswordCredential (org.apereo.cas.authentication.SurrogateUsernamePasswordCredential)4