use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.
the class PersonDirectoryPrincipalResolverLdapTests method verifyResolver.
@Test
public void verifyResolver() {
val attributeMerger = CoreAuthenticationUtils.getAttributeMerger(casProperties.getAuthn().getAttributeRepository().getCore().getMerger());
val resolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(PrincipalFactoryUtils.newPrincipalFactory(), this.attributeRepository, attributeMerger, casProperties.getPersonDirectory());
val p = resolver.resolve(new UsernamePasswordCredential("admin", "password"), Optional.of(CoreAuthenticationTestUtils.getPrincipal("admin")), Optional.of(new SimpleTestUsernamePasswordAuthenticationHandler()));
assertNotNull(p);
assertTrue(p.getAttributes().containsKey("description"));
assertTrue(p.getAttributes().containsKey("entryDN"));
}
use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.
the class JdbcPasswordManagementServiceTests method verifyUserPasswordChange.
@Test
public void verifyUserPasswordChange() {
val c = new UsernamePasswordCredential("casuser", "password");
val bean = new PasswordChangeRequest();
bean.setConfirmedPassword("newPassword1");
bean.setUsername(c.getUsername());
bean.setPassword("newPassword1");
assertTrue(passwordChangeService.change(c, bean));
assertFalse(passwordHistoryService.fetch(c.getUsername()).isEmpty());
assertFalse(passwordChangeService.change(c, bean));
}
use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.
the class PersonDirectoryPrincipalResolverOpenLdapTests method verifyResolverWithTags.
@Test
public void verifyResolverWithTags() throws Exception {
val bindInit = new BindConnectionInitializer("cn=admin,dc=example,dc=org", new Credential("P@ssw0rd"));
@Cleanup val connection = new LDAPConnection("localhost", 11389, bindInit.getBindDn(), bindInit.getBindCredential().getString());
val uid = UUID.randomUUID().toString();
val ldif = getLdif(uid);
val rs = new ByteArrayInputStream(ldif.getBytes(StandardCharsets.UTF_8));
LdapIntegrationTestsOperations.populateEntries(connection, rs, "ou=people,dc=example,dc=org", bindInit);
val resolver = CoreAuthenticationUtils.newPersonDirectoryPrincipalResolver(PrincipalFactoryUtils.newPrincipalFactory(), this.attributeRepository, CoreAuthenticationUtils.getAttributeMerger(casProperties.getAuthn().getAttributeRepository().getCore().getMerger()), casProperties.getPersonDirectory());
val p = resolver.resolve(new UsernamePasswordCredential(uid, "password"), Optional.of(CoreAuthenticationTestUtils.getPrincipal(uid)), Optional.of(new SimpleTestUsernamePasswordAuthenticationHandler()));
assertNotNull(p);
assertTrue(p.getAttributes().containsKey("homePostalAddress;lang-jp"));
assertTrue(p.getAttributes().containsKey("homePostalAddress;lang-fr"));
assertTrue(p.getAttributes().containsKey("cn"));
assertTrue(p.getAttributes().containsKey("surname"));
}
use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.
the class X509CredentialsAuthenticationHandlerTests method getTestParameters.
/**
* Gets the unit test parameters.
*
* @return Test parameter data.
*/
@SuppressWarnings("PMD.ExcessiveMethodLength")
public static Stream<Arguments> getTestParameters() {
val params = new ArrayList<Arguments>();
/* Test case #1: Unsupported credential type */
var handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
params.add(arguments(handler, new UsernamePasswordCredential(), false, null, null));
/* Test case #2:Valid certificate /*/
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
var credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #3: Expired certificate */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-expired.crt")), true, null, new CertificateExpiredException()));
/* Test case #4: Untrusted issuer */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false);
params.add(arguments(handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()));
/* Test case #5: Disallowed subject */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"));
params.add(arguments(handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, null, new FailedLoginException()));
/* Test case #6: Check key usage on a cert without keyUsage extension */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #7: Require key usage on a cert without keyUsage extension */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new FailedLoginException()));
/* Test case #8: Require key usage on a cert with acceptable keyUsage extension values */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
credential = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #9: Require key usage on a cert with unacceptable keyUsage extension values */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, null, new FailedLoginException()));
/*
* Revocation tests
*/
/* Test case #10: Valid certificate with CRL checking */
var checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
/* Test case #11: Revoked end user certificate */
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
params.add(arguments(handler, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, null, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), null)));
/* Test case #12: Valid certificate on expired CRL data */
val zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), null, zeroThresholdPolicy);
checker.init();
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
params.add(arguments(handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, null, new ExpiredCRLException(null, ZonedDateTime.now(ZoneOffset.UTC))));
/* Certificate not allowed */
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, RegexUtils.MATCH_NOTHING_PATTERN);
credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 0);
var certificate = new CasX509Certificate(true);
certificate.setBasicConstraints(Integer.MAX_VALUE);
credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, 1);
certificate = new CasX509Certificate(true);
certificate.setBasicConstraints(10);
credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), new FailedLoginException()));
handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".+"), true, true, false);
certificate = new CasX509Certificate(true);
certificate.setKeyUsage(true);
credential = new X509CertificateCredential(Stream.of(certificate).toArray(X509Certificate[]::new));
params.add(arguments(handler, credential, true, new DefaultAuthenticationHandlerExecutionResult(handler, credential, PrincipalFactoryUtils.newPrincipalFactory().createPrincipal(credential.getId())), null));
return params.stream();
}
use of org.apereo.cas.authentication.credential.UsernamePasswordCredential in project cas by apereo.
the class LdapAuthenticationHandler method getLdapAuthenticationResponse.
private AuthenticationResponse getLdapAuthenticationResponse(final UsernamePasswordCredential upc) throws PreventedException {
try {
LOGGER.debug("Attempting LDAP authentication for [{}]. Authenticator pre-configured attributes are [{}], " + "additional requested attributes for this authentication request are [{}]", upc, authenticator.getReturnAttributes(), authenticatedEntryAttributes);
var ldaptiveCred = new Credential(upc.getPassword());
val request = new AuthenticationRequest(upc.getUsername(), ldaptiveCred, authenticatedEntryAttributes);
return authenticator.authenticate(request);
} catch (final LdapException e) {
LOGGER.trace(e.getMessage(), e);
throw new PreventedException(e);
}
}
Aggregations