Search in sources :

Example 51 with Principal

use of org.candlepin.auth.Principal in project candlepin by candlepin.

the class AuthenticationFilterTest method securityHoleWithAnonAndPrincipalProvided.

@Test
public void securityHoleWithAnonAndPrincipalProvided() throws Exception {
    Method method = FakeResource.class.getMethod("anonMethod", String.class);
    mockResourceMethod(method);
    mockReq.header("Authorization", "BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
    interceptor.filter(getContext());
    Principal p = ResteasyProviderFactory.getContextData(Principal.class);
    assertTrue(p instanceof NoAuthPrincipal);
    // Anon should not even bother attempting to create a real principal
    verify(usa, times(0)).validateUser(anyString(), anyString());
}
Also used : NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal) Method(java.lang.reflect.Method) UserPrincipal(org.candlepin.auth.UserPrincipal) Principal(org.candlepin.auth.Principal) NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal) Test(org.junit.Test)

Example 52 with Principal

use of org.candlepin.auth.Principal in project candlepin by candlepin.

the class AuthenticationFilterTest method securityHoleWithAnonAndNoPrincipal.

@Test
public void securityHoleWithAnonAndNoPrincipal() throws Exception {
    Method method = FakeResource.class.getMethod("anonMethod", String.class);
    mockResourceMethod(method);
    interceptor.filter(getContext());
    Principal p = ResteasyProviderFactory.getContextData(Principal.class);
    assertTrue(p instanceof NoAuthPrincipal);
    // Anon should not even bother attempting to create a real principal
    verify(usa, times(0)).validateUser(anyString(), anyString());
}
Also used : NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal) Method(java.lang.reflect.Method) UserPrincipal(org.candlepin.auth.UserPrincipal) Principal(org.candlepin.auth.Principal) NoAuthPrincipal(org.candlepin.auth.NoAuthPrincipal) Test(org.junit.Test)

Example 53 with Principal

use of org.candlepin.auth.Principal in project candlepin by candlepin.

the class ExporterTest method exportProducts.

@SuppressWarnings("unchecked")
@Test
public void exportProducts() throws Exception {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    Consumer consumer = mock(Consumer.class);
    Entitlement ent = mock(Entitlement.class);
    Pool pool = mock(Pool.class);
    Rules mrules = mock(Rules.class);
    Principal principal = mock(Principal.class);
    IdentityCertificate idcert = new IdentityCertificate();
    Set<Entitlement> entitlements = new HashSet<>();
    entitlements.add(ent);
    Owner owner = TestUtil.createOwner("Example-Corporation");
    Product prod = TestUtil.createProduct("12345", "RHEL Product");
    prod.setMultiplier(1L);
    prod.setCreated(new Date());
    prod.setUpdated(new Date());
    prod.setAttributes(Collections.<String, String>emptyMap());
    Product prod1 = TestUtil.createProduct("MKT-prod", "RHEL Product");
    prod1.setMultiplier(1L);
    prod1.setCreated(new Date());
    prod1.setUpdated(new Date());
    prod1.setAttributes(Collections.<String, String>emptyMap());
    Product subProduct = TestUtil.createProduct("MKT-sub-prod", "Sub Product");
    subProduct.setMultiplier(1L);
    subProduct.setCreated(new Date());
    subProduct.setUpdated(new Date());
    subProduct.setAttributes(Collections.<String, String>emptyMap());
    Product subProvidedProduct = TestUtil.createProduct("332211", "Sub Product");
    subProvidedProduct.setMultiplier(1L);
    subProvidedProduct.setCreated(new Date());
    subProvidedProduct.setUpdated(new Date());
    subProvidedProduct.setAttributes(Collections.<String, String>emptyMap());
    ProductCertificate pcert = new ProductCertificate();
    pcert.setKey("euh0876puhapodifbvj094");
    pcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    pcert.setCreated(new Date());
    pcert.setUpdated(new Date());
    Set<Product> ppset = new HashSet<>();
    ppset.add(prod);
    Set<Product> sppSet = new HashSet<>();
    sppSet.add(subProvidedProduct);
    when(pool.getId()).thenReturn("MockedPoolId");
    when(pool.getProvidedProducts()).thenReturn(ppset);
    when(pc.getPoolProvidedProductsCached(pool)).thenReturn(ppset);
    when(pool.getProduct()).thenReturn(prod1);
    when(pool.getDerivedProvidedProducts()).thenReturn(sppSet);
    when(pc.getPoolDerivedProvidedProductsCached(pool)).thenReturn(sppSet);
    when(pool.getDerivedProduct()).thenReturn(subProduct);
    when(ent.getPool()).thenReturn(pool);
    when(mrules.getRules()).thenReturn("foobar");
    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(rc.getRules()).thenReturn(mrules);
    when(consumer.getEntitlements()).thenReturn(entitlements);
    when(psa.getProductCertificate(any(Owner.class), any(String.class))).thenReturn(pcert);
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");
    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);
    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
    CandlepinQuery cqmock = mock(CandlepinQuery.class);
    when(cqmock.iterator()).thenReturn(Arrays.asList(new ConsumerType("system")).iterator());
    when(ctc.listAll()).thenReturn(cqmock);
    CandlepinQuery emptyIteratorMock = mock(CandlepinQuery.class);
    when(emptyIteratorMock.iterate()).thenReturn(new MockResultIterator(Arrays.asList().iterator()));
    when(emptyIteratorMock.iterator()).thenReturn(Arrays.asList().iterator());
    when(cdnc.listAll()).thenReturn(emptyIteratorMock);
    when(ctc.listAll()).thenReturn(emptyIteratorMock);
    // FINALLY test this badboy
    Exporter e = new Exporter(ctc, oc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov, dvc, dve, cdnc, cdne, pc, su, exportExtensionAdapter, translator);
    File export = e.getFullExport(consumer);
    // VERIFY
    assertNotNull(export);
    verifyContent(export, "export/products/12345.pem", new VerifyProductCert("12345.pem"));
    assertFalse(verifyHasEntry(export, "export/products/MKT-prod.pem"));
    verifyContent(export, "export/products/332211.pem", new VerifyProductCert("332211.pem"));
    assertFalse(verifyHasEntry(export, "export/products/MKT-sub-prod.pem"));
    FileUtils.deleteDirectory(export.getParentFile());
    assertTrue(new File("/tmp/consumer_export.zip").delete());
    assertTrue(new File("/tmp/12345.pem").delete());
    assertTrue(new File("/tmp/332211.pem").delete());
}
Also used : Owner(org.candlepin.model.Owner) KeyPair(org.candlepin.model.KeyPair) ZipInputStream(java.util.zip.ZipInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) ProductCertificate(org.candlepin.model.ProductCertificate) Product(org.candlepin.model.Product) CertificateSerial(org.candlepin.model.CertificateSerial) CandlepinQuery(org.candlepin.model.CandlepinQuery) Rules(org.candlepin.model.Rules) ExportRules(org.candlepin.policy.js.export.ExportRules) Date(java.util.Date) Consumer(org.candlepin.model.Consumer) Pool(org.candlepin.model.Pool) Entitlement(org.candlepin.model.Entitlement) ConsumerType(org.candlepin.model.ConsumerType) File(java.io.File) Principal(org.candlepin.auth.Principal) IdentityCertificate(org.candlepin.model.IdentityCertificate) HashSet(java.util.HashSet) MockResultIterator(org.candlepin.test.MockResultIterator) Test(org.junit.Test)

Example 54 with Principal

use of org.candlepin.auth.Principal in project candlepin by candlepin.

the class ExporterTest method exportMetadata.

@Test
public void exportMetadata() throws ExportCreationException, IOException {
    config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
    Date start = new Date();
    Rules mrules = mock(Rules.class);
    Consumer consumer = mock(Consumer.class);
    Principal principal = mock(Principal.class);
    IdentityCertificate idcert = new IdentityCertificate();
    when(mrules.getRules()).thenReturn("foobar");
    when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
    when(rc.getRules()).thenReturn(mrules);
    when(pprov.get()).thenReturn(principal);
    when(principal.getUsername()).thenReturn("testUser");
    idcert.setSerial(new CertificateSerial(10L, new Date()));
    idcert.setKey("euh0876puhapodifbvj094");
    idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
    idcert.setCreated(new Date());
    idcert.setUpdated(new Date());
    when(consumer.getIdCert()).thenReturn(idcert);
    KeyPair keyPair = createKeyPair();
    when(consumer.getKeyPair()).thenReturn(keyPair);
    when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
    when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
    CandlepinQuery cqmock = mock(CandlepinQuery.class);
    when(cqmock.iterator()).thenReturn(Arrays.asList(new ConsumerType("system")).iterator());
    when(ctc.listAll()).thenReturn(cqmock);
    CandlepinQuery emptyIteratorMock = mock(CandlepinQuery.class);
    when(emptyIteratorMock.iterate()).thenReturn(new MockResultIterator(Arrays.asList().iterator()));
    when(cdnc.listAll()).thenReturn(emptyIteratorMock);
    // FINALLY test this badboy
    Exporter e = new Exporter(ctc, oc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov, dvc, dve, cdnc, cdne, pc, su, exportExtensionAdapter, translator);
    File export = e.getFullExport(consumer);
    // VERIFY
    assertNotNull(export);
    assertTrue(export.exists());
    verifyContent(export, "export/meta.json", new VerifyMetadata(start));
    // cleanup the mess
    FileUtils.deleteDirectory(export.getParentFile());
    assertTrue(new File("/tmp/consumer_export.zip").delete());
    assertTrue(new File("/tmp/meta.json").delete());
}
Also used : KeyPair(org.candlepin.model.KeyPair) ZipInputStream(java.util.zip.ZipInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) CertificateSerial(org.candlepin.model.CertificateSerial) CandlepinQuery(org.candlepin.model.CandlepinQuery) Rules(org.candlepin.model.Rules) ExportRules(org.candlepin.policy.js.export.ExportRules) Date(java.util.Date) Consumer(org.candlepin.model.Consumer) ConsumerType(org.candlepin.model.ConsumerType) File(java.io.File) Principal(org.candlepin.auth.Principal) IdentityCertificate(org.candlepin.model.IdentityCertificate) MockResultIterator(org.candlepin.test.MockResultIterator) Test(org.junit.Test)

Example 55 with Principal

use of org.candlepin.auth.Principal in project candlepin by candlepin.

the class AbstractHibernateCurator method getSecureCriteriaRestrictions.

/**
 * Builds the criteria restrictions for the given entity class. If the entity does not need any
 * restrictions or the current principal otherwise has full access, this method returns null.
 *
 * @param entityClass
 *  The entity class for which to build secure criteria restrictions
 *
 * @return
 *  the criteria restrictions for the given entity class, or null if no restrictions are
 *  necessary.
 */
protected Criterion getSecureCriteriaRestrictions(Class entityClass) {
    Principal principal = this.principalProvider.get();
    Criterion restrictions = null;
    // access, skip the restriction building
    if (principal != null && !principal.hasFullAccess()) {
        for (Permission permission : principal.getPermissions()) {
            Criterion restriction = permission.getCriteriaRestrictions(entityClass);
            if (restriction != null) {
                log.debug("Adding criteria restriction from permission {} for {}: {}", permission, entityClass, restriction);
                restrictions = (restrictions != null) ? Restrictions.or(restrictions, restriction) : restriction;
            }
        }
    }
    return restrictions;
}
Also used : Criterion(org.hibernate.criterion.Criterion) Permission(org.candlepin.auth.permissions.Permission) Principal(org.candlepin.auth.Principal)

Aggregations

Principal (org.candlepin.auth.Principal)74 Test (org.junit.Test)54 UserPrincipal (org.candlepin.auth.UserPrincipal)40 NoAuthPrincipal (org.candlepin.auth.NoAuthPrincipal)20 ConsumerPrincipal (org.candlepin.auth.ConsumerPrincipal)17 ConsumerDTO (org.candlepin.dto.api.v1.ConsumerDTO)15 Consumer (org.candlepin.model.Consumer)15 Owner (org.candlepin.model.Owner)15 TrustedUserPrincipal (org.candlepin.auth.TrustedUserPrincipal)14 Date (java.util.Date)12 ConsumerType (org.candlepin.model.ConsumerType)11 HashSet (java.util.HashSet)10 Pool (org.candlepin.model.Pool)10 JobDetail (org.quartz.JobDetail)10 Method (java.lang.reflect.Method)9 Permission (org.candlepin.auth.permissions.Permission)9 JobDataMap (org.quartz.JobDataMap)9 CandlepinQuery (org.candlepin.model.CandlepinQuery)8 File (java.io.File)7 FileInputStream (java.io.FileInputStream)7