use of org.candlepin.auth.Principal in project candlepin by candlepin.
the class AuthenticationFilterTest method securityHoleWithAnonAndPrincipalProvided.
@Test
public void securityHoleWithAnonAndPrincipalProvided() throws Exception {
Method method = FakeResource.class.getMethod("anonMethod", String.class);
mockResourceMethod(method);
mockReq.header("Authorization", "BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==");
interceptor.filter(getContext());
Principal p = ResteasyProviderFactory.getContextData(Principal.class);
assertTrue(p instanceof NoAuthPrincipal);
// Anon should not even bother attempting to create a real principal
verify(usa, times(0)).validateUser(anyString(), anyString());
}
use of org.candlepin.auth.Principal in project candlepin by candlepin.
the class AuthenticationFilterTest method securityHoleWithAnonAndNoPrincipal.
@Test
public void securityHoleWithAnonAndNoPrincipal() throws Exception {
Method method = FakeResource.class.getMethod("anonMethod", String.class);
mockResourceMethod(method);
interceptor.filter(getContext());
Principal p = ResteasyProviderFactory.getContextData(Principal.class);
assertTrue(p instanceof NoAuthPrincipal);
// Anon should not even bother attempting to create a real principal
verify(usa, times(0)).validateUser(anyString(), anyString());
}
use of org.candlepin.auth.Principal in project candlepin by candlepin.
the class ExporterTest method exportProducts.
@SuppressWarnings("unchecked")
@Test
public void exportProducts() throws Exception {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
Consumer consumer = mock(Consumer.class);
Entitlement ent = mock(Entitlement.class);
Pool pool = mock(Pool.class);
Rules mrules = mock(Rules.class);
Principal principal = mock(Principal.class);
IdentityCertificate idcert = new IdentityCertificate();
Set<Entitlement> entitlements = new HashSet<>();
entitlements.add(ent);
Owner owner = TestUtil.createOwner("Example-Corporation");
Product prod = TestUtil.createProduct("12345", "RHEL Product");
prod.setMultiplier(1L);
prod.setCreated(new Date());
prod.setUpdated(new Date());
prod.setAttributes(Collections.<String, String>emptyMap());
Product prod1 = TestUtil.createProduct("MKT-prod", "RHEL Product");
prod1.setMultiplier(1L);
prod1.setCreated(new Date());
prod1.setUpdated(new Date());
prod1.setAttributes(Collections.<String, String>emptyMap());
Product subProduct = TestUtil.createProduct("MKT-sub-prod", "Sub Product");
subProduct.setMultiplier(1L);
subProduct.setCreated(new Date());
subProduct.setUpdated(new Date());
subProduct.setAttributes(Collections.<String, String>emptyMap());
Product subProvidedProduct = TestUtil.createProduct("332211", "Sub Product");
subProvidedProduct.setMultiplier(1L);
subProvidedProduct.setCreated(new Date());
subProvidedProduct.setUpdated(new Date());
subProvidedProduct.setAttributes(Collections.<String, String>emptyMap());
ProductCertificate pcert = new ProductCertificate();
pcert.setKey("euh0876puhapodifbvj094");
pcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
pcert.setCreated(new Date());
pcert.setUpdated(new Date());
Set<Product> ppset = new HashSet<>();
ppset.add(prod);
Set<Product> sppSet = new HashSet<>();
sppSet.add(subProvidedProduct);
when(pool.getId()).thenReturn("MockedPoolId");
when(pool.getProvidedProducts()).thenReturn(ppset);
when(pc.getPoolProvidedProductsCached(pool)).thenReturn(ppset);
when(pool.getProduct()).thenReturn(prod1);
when(pool.getDerivedProvidedProducts()).thenReturn(sppSet);
when(pc.getPoolDerivedProvidedProductsCached(pool)).thenReturn(sppSet);
when(pool.getDerivedProduct()).thenReturn(subProduct);
when(ent.getPool()).thenReturn(pool);
when(mrules.getRules()).thenReturn("foobar");
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(rc.getRules()).thenReturn(mrules);
when(consumer.getEntitlements()).thenReturn(entitlements);
when(psa.getProductCertificate(any(Owner.class), any(String.class))).thenReturn(pcert);
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
CandlepinQuery cqmock = mock(CandlepinQuery.class);
when(cqmock.iterator()).thenReturn(Arrays.asList(new ConsumerType("system")).iterator());
when(ctc.listAll()).thenReturn(cqmock);
CandlepinQuery emptyIteratorMock = mock(CandlepinQuery.class);
when(emptyIteratorMock.iterate()).thenReturn(new MockResultIterator(Arrays.asList().iterator()));
when(emptyIteratorMock.iterator()).thenReturn(Arrays.asList().iterator());
when(cdnc.listAll()).thenReturn(emptyIteratorMock);
when(ctc.listAll()).thenReturn(emptyIteratorMock);
// FINALLY test this badboy
Exporter e = new Exporter(ctc, oc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov, dvc, dve, cdnc, cdne, pc, su, exportExtensionAdapter, translator);
File export = e.getFullExport(consumer);
// VERIFY
assertNotNull(export);
verifyContent(export, "export/products/12345.pem", new VerifyProductCert("12345.pem"));
assertFalse(verifyHasEntry(export, "export/products/MKT-prod.pem"));
verifyContent(export, "export/products/332211.pem", new VerifyProductCert("332211.pem"));
assertFalse(verifyHasEntry(export, "export/products/MKT-sub-prod.pem"));
FileUtils.deleteDirectory(export.getParentFile());
assertTrue(new File("/tmp/consumer_export.zip").delete());
assertTrue(new File("/tmp/12345.pem").delete());
assertTrue(new File("/tmp/332211.pem").delete());
}
use of org.candlepin.auth.Principal in project candlepin by candlepin.
the class ExporterTest method exportMetadata.
@Test
public void exportMetadata() throws ExportCreationException, IOException {
config.setProperty(ConfigProperties.SYNC_WORK_DIR, "/tmp/");
Date start = new Date();
Rules mrules = mock(Rules.class);
Consumer consumer = mock(Consumer.class);
Principal principal = mock(Principal.class);
IdentityCertificate idcert = new IdentityCertificate();
when(mrules.getRules()).thenReturn("foobar");
when(pki.getSHA256WithRSAHash(any(InputStream.class))).thenReturn("signature".getBytes());
when(rc.getRules()).thenReturn(mrules);
when(pprov.get()).thenReturn(principal);
when(principal.getUsername()).thenReturn("testUser");
idcert.setSerial(new CertificateSerial(10L, new Date()));
idcert.setKey("euh0876puhapodifbvj094");
idcert.setCert("hpj-08ha-w4gpoknpon*)&^%#");
idcert.setCreated(new Date());
idcert.setUpdated(new Date());
when(consumer.getIdCert()).thenReturn(idcert);
KeyPair keyPair = createKeyPair();
when(consumer.getKeyPair()).thenReturn(keyPair);
when(pki.getPemEncoded(keyPair.getPrivateKey())).thenReturn("privateKey".getBytes());
when(pki.getPemEncoded(keyPair.getPublicKey())).thenReturn("publicKey".getBytes());
CandlepinQuery cqmock = mock(CandlepinQuery.class);
when(cqmock.iterator()).thenReturn(Arrays.asList(new ConsumerType("system")).iterator());
when(ctc.listAll()).thenReturn(cqmock);
CandlepinQuery emptyIteratorMock = mock(CandlepinQuery.class);
when(emptyIteratorMock.iterate()).thenReturn(new MockResultIterator(Arrays.asList().iterator()));
when(cdnc.listAll()).thenReturn(emptyIteratorMock);
// FINALLY test this badboy
Exporter e = new Exporter(ctc, oc, me, ce, cte, re, ece, ecsa, pe, psa, pce, ec, ee, pki, config, exportRules, pprov, dvc, dve, cdnc, cdne, pc, su, exportExtensionAdapter, translator);
File export = e.getFullExport(consumer);
// VERIFY
assertNotNull(export);
assertTrue(export.exists());
verifyContent(export, "export/meta.json", new VerifyMetadata(start));
// cleanup the mess
FileUtils.deleteDirectory(export.getParentFile());
assertTrue(new File("/tmp/consumer_export.zip").delete());
assertTrue(new File("/tmp/meta.json").delete());
}
use of org.candlepin.auth.Principal in project candlepin by candlepin.
the class AbstractHibernateCurator method getSecureCriteriaRestrictions.
/**
* Builds the criteria restrictions for the given entity class. If the entity does not need any
* restrictions or the current principal otherwise has full access, this method returns null.
*
* @param entityClass
* The entity class for which to build secure criteria restrictions
*
* @return
* the criteria restrictions for the given entity class, or null if no restrictions are
* necessary.
*/
protected Criterion getSecureCriteriaRestrictions(Class entityClass) {
Principal principal = this.principalProvider.get();
Criterion restrictions = null;
// access, skip the restriction building
if (principal != null && !principal.hasFullAccess()) {
for (Permission permission : principal.getPermissions()) {
Criterion restriction = permission.getCriteriaRestrictions(entityClass);
if (restriction != null) {
log.debug("Adding criteria restriction from permission {} for {}: {}", permission, entityClass, restriction);
restrictions = (restrictions != null) ? Restrictions.or(restrictions, restriction) : restriction;
}
}
}
return restrictions;
}
Aggregations