Search in sources :

Example 1 with DefaultPrincipalFactory

use of org.apereo.cas.authentication.principal.DefaultPrincipalFactory in project cas by apereo.

the class X509CredentialsAuthenticationHandlerTests method getTestParameters.

/**
     * Gets the unit test parameters.
     *
     * @return Test parameter data.
     * @throws Exception On test data setup errors.
     */
@Parameters
public static Collection<Object[]> getTestParameters() throws Exception {
    final Collection<Object[]> params = new ArrayList<>();
    X509CredentialsAuthenticationHandler handler;
    X509CertificateCredential credential;
    // Test case #1: Unsupported credential type
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    params.add(new Object[] { handler, new UsernamePasswordCredential(), false, null });
    // Test case #2:Valid certificate
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(new Object[] { handler, credential, true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #3: Expired certificate
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-expired.crt")), true, new CertificateExpiredException() });
    // Test case #4: Untrusted issuer
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException() });
    // Test case #5: Disallowed subject
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"));
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException() });
    // Test case #6: Check key usage on a cert without keyUsage extension
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(new Object[] { handler, credential, true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #7: Require key usage on a cert without keyUsage extension
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new FailedLoginException() });
    // Test case #8: Require key usage on a cert with acceptable keyUsage extension values
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    credential = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
    params.add(new Object[] { handler, credential, true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #9: Require key usage on a cert with unacceptable keyUsage extension values
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, new FailedLoginException() });
    //===================================
    // Revocation tests
    //===================================
    ResourceCRLRevocationChecker checker;
    // Test case #10: Valid certificate with CRL checking
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #11: Revoked end user certificate
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), null) });
    // Test case #12: Valid certificate on expired CRL data
    final ThresholdExpiredCRLRevocationPolicy zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), null, zeroThresholdPolicy);
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new ExpiredCRLException(null, ZonedDateTime.now(ZoneOffset.UTC)) });
    return params;
}
Also used : RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException) CertificateExpiredException(java.security.cert.CertificateExpiredException) ArrayList(java.util.ArrayList) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) ClassPathResource(org.springframework.core.io.ClassPathResource) ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy) ExpiredCRLException(org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException) FailedLoginException(javax.security.auth.login.FailedLoginException) X509CertificateCredential(org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential) ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Parameters(org.junit.runners.Parameterized.Parameters)

Example 2 with DefaultPrincipalFactory

use of org.apereo.cas.authentication.principal.DefaultPrincipalFactory in project cas by apereo.

the class PrincipalBearingCredentialsAuthenticationHandlerTests method verifySupports.

@Test
public void verifySupports() {
    final PrincipalBearingCredential credentials = new PrincipalBearingCredential(new DefaultPrincipalFactory().createPrincipal("scott"));
    assertTrue(this.handler.supports(credentials));
    assertFalse(this.handler.supports(new UsernamePasswordCredential()));
}
Also used : PrincipalBearingCredential(org.apereo.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredential) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Test(org.junit.Test)

Example 3 with DefaultPrincipalFactory

use of org.apereo.cas.authentication.principal.DefaultPrincipalFactory in project cas by apereo.

the class PrincipalBearingCredentialsAuthenticationHandlerTests method verifyNonNullPrincipal.

/**
     * When the credentials bear a Principal, succeed the authentication.
     */
@Test
public void verifyNonNullPrincipal() throws Exception {
    final PrincipalBearingCredential credentials = new PrincipalBearingCredential(new DefaultPrincipalFactory().createPrincipal("scott"));
    assertNotNull(this.handler.authenticate(credentials));
}
Also used : PrincipalBearingCredential(org.apereo.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredential) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) Test(org.junit.Test)

Example 4 with DefaultPrincipalFactory

use of org.apereo.cas.authentication.principal.DefaultPrincipalFactory in project cas by apereo.

the class KryoTranscoderTests method verifyEncodeDecodeTGTImpl.

@Test
public void verifyEncodeDecodeTGTImpl() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final AuthenticationBuilder bldr = new DefaultAuthenticationBuilder(new DefaultPrincipalFactory().createPrincipal("user", new HashMap<>(this.principalAttributes)));
    bldr.setAttributes(new HashMap<>(this.principalAttributes));
    bldr.setAuthenticationDate(ZonedDateTime.now());
    bldr.addCredential(new BasicCredentialMetaData(userPassCredential));
    bldr.addFailure("error", AccountNotFoundException.class);
    bldr.addSuccess("authn", new DefaultHandlerResult(new AcceptUsersAuthenticationHandler(""), new BasicCredentialMetaData(userPassCredential)));
    final TicketGrantingTicket expectedTGT = new TicketGrantingTicketImpl(TGT_ID, RegisteredServiceTestUtils.getService(), null, bldr.build(), new NeverExpiresExpirationPolicy());
    final ServiceTicket ticket = expectedTGT.grantServiceTicket(ST_ID, RegisteredServiceTestUtils.getService(), new NeverExpiresExpirationPolicy(), false, true);
    CachedData result = transcoder.encode(expectedTGT);
    final TicketGrantingTicket resultTicket = (TicketGrantingTicket) transcoder.decode(result);
    assertEquals(expectedTGT, resultTicket);
    result = transcoder.encode(ticket);
    final ServiceTicket resultStTicket = (ServiceTicket) transcoder.decode(result);
    assertEquals(ticket, resultStTicket);
}
Also used : DefaultAuthenticationBuilder(org.apereo.cas.authentication.DefaultAuthenticationBuilder) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Credential(org.apereo.cas.authentication.Credential) HttpBasedServiceCredential(org.apereo.cas.authentication.HttpBasedServiceCredential) DefaultAuthenticationBuilder(org.apereo.cas.authentication.DefaultAuthenticationBuilder) AuthenticationBuilder(org.apereo.cas.authentication.AuthenticationBuilder) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) MockServiceTicket(org.apereo.cas.mock.MockServiceTicket) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) CachedData(net.spy.memcached.CachedData) NeverExpiresExpirationPolicy(org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy) TicketGrantingTicketImpl(org.apereo.cas.ticket.TicketGrantingTicketImpl) AcceptUsersAuthenticationHandler(org.apereo.cas.authentication.AcceptUsersAuthenticationHandler) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData) Test(org.junit.Test)

Example 5 with DefaultPrincipalFactory

use of org.apereo.cas.authentication.principal.DefaultPrincipalFactory in project cas by apereo.

the class Saml10SuccessResponseViewTests method verifyResponse.

@Test
public void verifyResponse() throws Exception {
    final Map<String, Object> model = new HashMap<>();
    final Map<String, Object> attributes = new HashMap<>();
    attributes.put(TEST_ATTRIBUTE, TEST_VALUE);
    attributes.put("testEmptyCollection", Collections.emptyList());
    attributes.put("testAttributeCollection", Arrays.asList("tac1", "tac2"));
    final Principal principal = new DefaultPrincipalFactory().createPrincipal(PRINCIPAL_ID, attributes);
    final Map<String, Object> authAttributes = new HashMap<>();
    authAttributes.put(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD, SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");
    final Authentication primary = CoreAuthenticationTestUtils.getAuthentication(principal, authAttributes);
    final Assertion assertion = new ImmutableAssertion(primary, Collections.singletonList(primary), CoreAuthenticationTestUtils.getService(), true);
    model.put("assertion", assertion);
    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();
    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();
    assertTrue(written.contains(PRINCIPAL_ID));
    assertTrue(written.contains(TEST_ATTRIBUTE));
    assertTrue(written.contains(TEST_VALUE));
    assertFalse(written.contains("testEmptyCollection"));
    assertTrue(written.contains("testAttributeCollection"));
    assertTrue(written.contains("tac1"));
    assertTrue(written.contains("tac2"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
    assertTrue(written.contains("AssertionID"));
}
Also used : HashMap(java.util.HashMap) ImmutableAssertion(org.apereo.cas.validation.ImmutableAssertion) Authentication(org.apereo.cas.authentication.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Assertion(org.apereo.cas.validation.Assertion) ImmutableAssertion(org.apereo.cas.validation.ImmutableAssertion) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Aggregations

DefaultPrincipalFactory (org.apereo.cas.authentication.principal.DefaultPrincipalFactory)16 Test (org.junit.Test)12 Principal (org.apereo.cas.authentication.principal.Principal)8 HashMap (java.util.HashMap)6 Authentication (org.apereo.cas.authentication.Authentication)4 DefaultHandlerResult (org.apereo.cas.authentication.DefaultHandlerResult)4 FailedLoginException (javax.security.auth.login.FailedLoginException)3 BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)3 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)3 Assertion (org.apereo.cas.validation.Assertion)3 ImmutableAssertion (org.apereo.cas.validation.ImmutableAssertion)3 ArrayList (java.util.ArrayList)2 PrincipalBearingCredential (org.apereo.cas.adaptors.trusted.authentication.principal.PrincipalBearingCredential)2 HandlerResult (org.apereo.cas.authentication.HandlerResult)2 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)2 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)2 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1