http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java deleted file mode 100644 index 931fa07..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/CredentialManagerImplTest.java +++ /dev/null @@ -1,872 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import static org.junit.Assert.*; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.Security; -import java.security.UnrecoverableKeyException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Enumeration; -import java.util.List; -import java.util.Random; - -import javax.net.ssl.SSLSocketFactory; - -import net.sf.taverna.t2.lang.observer.Observable; -import net.sf.taverna.t2.lang.observer.Observer; -import net.sf.taverna.t2.security.credentialmanager.CMException; -import net.sf.taverna.t2.security.credentialmanager.CredentialManager; -import net.sf.taverna.t2.security.credentialmanager.CredentialManager.KeystoreType; -import net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.KeystoreChangedEvent; -import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider; -import net.sf.taverna.t2.security.credentialmanager.UsernamePassword; - -import org.apache.commons.io.FileUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.junit.After; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * Tests here should not require Java strong/unlimited cryptography policy to be installed, - * although if something goes wrong that is the first thing to be checked for. - * - * Java by default comes with the weak policy - * that disables the use of certain cryto algorithms and bigger key sizes. Although - * it is claimed that as of Java 6 the default policy is strong, we have seen otherwise, - * so make sure you install it. - * - * For Java 6, strong/unlimited cryptography policy can be downloaded - * (together with the installation instructions) from: - * http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html - * - * An empty Keystore/Truststore is created before each test so we always start afresh - * (see the setUp() method). - * s - * @author Alex Nenadic - * - */ -public class CredentialManagerImplTest { - - private CredentialManagerImpl credentialManager; - private String masterPassword = "uber"; - private DummyMasterPasswordProvider masterPasswordProvider; - private File credentialManagerDirectory; - - private static UsernamePassword usernamePassword; - private static URI serviceURI; - - private static Key privateKey; - private static Certificate[] privateKeyCertChain; - private static URL privateKeyFileURL = CredentialManagerImplTest.class.getResource( - "/security/test-private-key-cert.p12"); - private static final String privateKeyAndPKCS12KeystorePassword = "test"; // password for the test PKCS#12 keystore in resources - - private static X509Certificate trustedCertficate; - private static URL trustedCertficateFileURL = CredentialManagerImplTest.class.getResource( - "/security/google-trusted-certificate.pem"); - - private static Observer<KeystoreChangedEvent> keystoreChangedObserver; - - /** - * @throws java.lang.Exception - */ - @BeforeClass - public static void setUpBeforeClass() throws Exception { - - // Just in case, add the BouncyCastle provider - // It gets added from the CredentialManagerImpl constructor as well - // but we may need some crypto operations before we invoke the Cred. Manager - Security.addProvider(new BouncyCastleProvider()); - - // Create a test username and password for a service - serviceURI = new URI("http://someservice";); - usernamePassword = new UsernamePassword("testuser", "testpasswd"); - - // Load the test private key and its certificate - File privateKeyCertFile = new File(privateKeyFileURL.getPath()); - KeyStore pkcs12Keystore = java.security.KeyStore.getInstance("PKCS12", "BC"); // We have to use the BC provider here as the certificate chain is not loaded if we use whichever provider is first in Java!!! - FileInputStream inStream = new FileInputStream(privateKeyCertFile); - pkcs12Keystore.load(inStream, privateKeyAndPKCS12KeystorePassword.toCharArray()); - // KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(privateKeyCertFile, privateKeyPassword); - Enumeration<String> aliases = pkcs12Keystore.aliases(); - while (aliases.hasMoreElements()) { - // The test-private-key-cert.p12 file contains only one private key - // and corresponding certificate entry - String alias = aliases.nextElement(); - if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry? - privateKey = pkcs12Keystore.getKey(alias, - privateKeyAndPKCS12KeystorePassword.toCharArray()); - privateKeyCertChain = pkcs12Keystore.getCertificateChain(alias); - break; - } - } - inStream.close(); - - // Load the test trusted certificate (belonging to *.Google.com) - File trustedCertFile = new File(trustedCertficateFileURL.getPath()); - inStream = new FileInputStream(trustedCertFile); - CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); - trustedCertficate = (X509Certificate) certFactory.generateCertificate(inStream); - try{ - inStream.close(); - } - catch (Exception e) { - // Ignore - } - - keystoreChangedObserver = new Observer<KeystoreChangedEvent>() { - - @Override - public void notify(Observable<KeystoreChangedEvent> sender, - KeystoreChangedEvent message) throws Exception { - // TODO Auto-generated method stub - - } - }; - } - - /** - * @throws java.lang.Exception - */ - @Before - public void setUp() throws Exception { - - try { - credentialManager = new CredentialManagerImpl(); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - Random randomGenerator = new Random(); - String credentialManagerDirectoryPath = System - .getProperty("java.io.tmpdir") - + System.getProperty("file.separator") - + "taverna-security-" - + randomGenerator.nextInt(1000000); - System.out.println("Credential Manager's directory path: " - + credentialManagerDirectoryPath); - credentialManagerDirectory = new File(credentialManagerDirectoryPath); - try { - credentialManager - .setConfigurationDirectoryPath(credentialManagerDirectory); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - - // Create the dummy master password provider - masterPasswordProvider = new DummyMasterPasswordProvider(); - masterPasswordProvider.setMasterPassword(masterPassword); - List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>(); - masterPasswordProviders.add(masterPasswordProvider); - credentialManager.setMasterPasswordProviders(masterPasswordProviders); - - // Set an empty list for service username and password providers - credentialManager.setServiceUsernameAndPasswordProviders(new ArrayList<ServiceUsernameAndPasswordProvider>()); - - credentialManager.setJavaTruststorePasswordProviders(new ArrayList<JavaTruststorePasswordProvider>()); - - credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>()); - - } - - @After - // Clean up the credentialManagerDirectory we created for testing - public void cleanUp(){ -// assertTrue(credentialManagerDirectory.exists()); -// assertFalse(credentialManagerDirectory.listFiles().length == 0); // something was created there - - if (credentialManagerDirectory.exists()){ - try { - FileUtils.deleteDirectory(credentialManagerDirectory); - System.out.println("Deleting Credential Manager's directory: " - + credentialManagerDirectory.getAbsolutePath()); - } catch (IOException e) { - System.out.println(e.getStackTrace()); - } - } - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#CredentialManagerImpl()}. - * @throws CMException - */ - @Test - public void testCredentialManagerImpl() throws CMException { - new CredentialManagerImpl(); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getUsernameAndPasswordForService(java.net.URI, boolean, java.lang.String)}. - * @throws URISyntaxException - * @throws CMException - */ - @Test - public void testGetUsernameAndPasswordForServiceURI() throws URISyntaxException, CMException { - // The Credential Manage's Keystore is empty so we should not be able to find anything initially - assertNull(credentialManager.getUsernameAndPasswordForService(serviceURI, false, "")); - - credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI); - - UsernamePassword testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, ""); - assertNotNull(testUsernamePassword); - assertTrue(Arrays.equals(usernamePassword.getPassword(), testUsernamePassword.getPassword())); - assertTrue(usernamePassword.getUsername().equals(testUsernamePassword.getUsername())); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addUsernameAndPasswordForService(net.sf.taverna.t2.security.credentialmanager.UsernamePassword, java.net.URI)}. - * @throws URISyntaxException - * @throws CMException - */ - @Test - public void testAddUsernameAndPasswordForService() throws CMException, URISyntaxException { - - String alias = credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI); - - UsernamePassword testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, ""); - assertNotNull(testUsernamePassword); - assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias)); - assertTrue(Arrays.equals(usernamePassword.getPassword(), testUsernamePassword.getPassword())); - assertTrue(usernamePassword.getUsername().equals(testUsernamePassword.getUsername())); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#hasUsernamePasswordForService(java.net.URI)}. - * @throws CMException - */ - @Test - public void testHasUsernamePasswordForService() throws CMException { - - UsernamePassword testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, ""); - assertNull(testUsernamePassword); - - String alias = credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI); - testUsernamePassword = credentialManager.getUsernameAndPasswordForService(serviceURI, false, ""); - assertNotNull(testUsernamePassword); - assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias)); - assertTrue(Arrays.equals(usernamePassword.getPassword(), testUsernamePassword.getPassword())); - assertTrue(usernamePassword.getUsername().equals(testUsernamePassword.getUsername())); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteUsernameAndPasswordForService(java.net.URI)}. - * @throws URISyntaxException - * @throws CMException - */ - @Test - public void testDeleteUsernameAndPasswordForServiceURI() throws URISyntaxException, CMException { - - // The Credential Manage's Keystore is empty initially so this should - // have no effect apart from initializing the Keystore/Truststore - credentialManager.deleteUsernameAndPasswordForService(serviceURI); - - credentialManager.addUsernameAndPasswordForService(usernamePassword,serviceURI); - credentialManager.deleteUsernameAndPasswordForService(serviceURI); - - assertNull(credentialManager.getUsernameAndPasswordForService(serviceURI, false, "")); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addKeyPair(java.security.Key, java.security.cert.Certificate[])}. - * @throws CMException - * @throws KeyStoreException - * @throws NoSuchAlgorithmException - * @throws UnrecoverableKeyException - * @throws IOException - * @throws FileNotFoundException - * @throws CertificateException - */ - @Test - public void testAddKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { - - String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - assertTrue(credentialManager.hasKeyPair(privateKey, privateKeyCertChain)); - assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias)); - - credentialManager.deleteKeyPair(alias); - assertFalse(credentialManager.hasKeyPair(privateKey, privateKeyCertChain)); - assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#hasKeyPair(java.security.Key, java.security.cert.Certificate[])}. - * @throws CMException - * @throws KeyStoreException - * @throws NoSuchAlgorithmException - * @throws UnrecoverableKeyException - * @throws IOException - * @throws FileNotFoundException - * @throws CertificateException - */ - @Test - public void testHasKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { - assertFalse(credentialManager.hasKeyPair(privateKey, privateKeyCertChain)); - credentialManager.addKeyPair(privateKey, privateKeyCertChain); - assertTrue(credentialManager.hasKeyPair(privateKey, privateKeyCertChain)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteKeyPair(java.lang.String)}. - * @throws CMException - * @throws KeyStoreException - * @throws NoSuchAlgorithmException - * @throws UnrecoverableKeyException - * @throws IOException - * @throws FileNotFoundException - * @throws CertificateException - */ - @Test - public void testDeleteKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { - // The Credential Manage's Keystore is empty initially so this should - // have no effect apart from initializing the Keystore/Truststore - credentialManager.deleteKeyPair("somealias"); - - String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - credentialManager.deleteKeyPair(alias); - assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, alias)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteKeyPair(Key, Certificate[])}. - * @throws CMException - */ - @Test - public void testDeleteKeyPair2() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { - credentialManager.addKeyPair(privateKey, privateKeyCertChain); - assertTrue(credentialManager.hasKeyPair(privateKey, privateKeyCertChain)); - credentialManager.deleteKeyPair(privateKey, privateKeyCertChain); - assertFalse(credentialManager.hasKeyPair(privateKey, privateKeyCertChain)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#exportKeyPair(java.lang.String, java.io.File, java.lang.String)}. - * @throws CMException - * @throws KeyStoreException - * @throws NoSuchAlgorithmException - * @throws UnrecoverableKeyException - */ - @Test - public void testExportKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { - String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - File fileToExportTo = new File(credentialManagerDirectory, "test-export-key.p12"); - credentialManager.exportKeyPair(alias, fileToExportTo, privateKeyAndPKCS12KeystorePassword); - assertTrue(fileToExportTo.exists()); - // Load it back from the file we just saved - KeyStore ks = credentialManager.loadPKCS12Keystore(fileToExportTo, privateKeyAndPKCS12KeystorePassword); - Enumeration<String> aliases = ks.aliases(); - Key newPrivateKey = null; - Certificate[] newPrivateKeyCerts = null; - while (aliases.hasMoreElements()) { - // The test-private-key-cert.p12 file contains only one private key - // and corresponding certificate entry - alias = aliases.nextElement(); - if (ks.isKeyEntry(alias)) { // is it a (private) key entry? - newPrivateKey = ks.getKey(alias, - privateKeyAndPKCS12KeystorePassword.toCharArray()); - newPrivateKeyCerts = ks.getCertificateChain(alias); - break; - } - } - assertNotNull(newPrivateKey); - assertNotNull(newPrivateKeyCerts); - //assertTrue(Arrays.equals(newPrivateKey.getEncoded(), privateKey.getEncoded())); - assertTrue(newPrivateKey.equals(privateKey)); - assertTrue(Arrays.equals(newPrivateKeyCerts, privateKeyCertChain)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getCertificate(java.lang.String, java.lang.String)}. - * @throws CMException - */ - @Test - public void testGetCertificate() throws CMException { - String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - // Get certificate from the Keystore associated with the private key we just inserted - Certificate privateKeyCertificate = credentialManager.getCertificate(CredentialManager.KeystoreType.KEYSTORE, alias); - assertNotNull(privateKeyCertificate); - assertTrue(privateKeyCertChain[0].equals(privateKeyCertificate)); - - // We should also have some trusted certificates in the Truststore - // Need to get their aliases - ArrayList<String> truststoreAliases = credentialManager.getAliases(CredentialManager.KeystoreType.TRUSTSTORE); - assertTrue(!truststoreAliases.isEmpty()); - // Just get the first one - Certificate trustedCertificate = credentialManager.getCertificate(CredentialManager.KeystoreType.TRUSTSTORE, truststoreAliases.get(0)); - assertNotNull(trustedCertificate); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getKeyPairsCertificateChain(java.lang.String)}. - * @throws CMException - */ - @Test - public void testGetKeyPairCertificateChain() throws CMException { - String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - Certificate[] keyPairCertificateChain = credentialManager.getKeyPairsCertificateChain(alias); - assertNotNull(keyPairCertificateChain); - assertTrue(Arrays.equals(privateKeyCertChain, keyPairCertificateChain)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getKeyPairsPrivateKey(java.lang.String)}. - * @throws CMException - */ - @Test - public void testGetKeyPairsPrivateKey() throws CMException { - String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - Key prvKey = credentialManager.getKeyPairsPrivateKey(alias); - assertNotNull(prvKey); - assertEquals(privateKey, prvKey); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addTrustedCertificate(java.security.cert.X509Certificate)}. - * @throws CMException - */ - @Test - public void testAddTrustedCertificate() throws CMException { - - String alias = credentialManager.addTrustedCertificate(trustedCertficate); - assertTrue(credentialManager.hasTrustedCertificate(trustedCertficate)); - assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias)); - - credentialManager.deleteTrustedCertificate(alias); - assertFalse(credentialManager.hasTrustedCertificate(trustedCertficate)); - assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#createTrustedCertificateAlias(java.security.cert.X509Certificate)}. - * @throws CMException - */ - @Test - public void testGetX509CertificateAlias() throws CMException { - - String alias = credentialManager.createTrustedCertificateAlias(trustedCertficate); - String alias2 = credentialManager.addTrustedCertificate(trustedCertficate); - assertEquals(alias, alias2); - - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteTrustedCertificate(java.lang.String)}. - * @throws CMException - */ - @Test - public void testDeleteTrustedCertificate() throws CMException { - // The Credential Manage's Truststore is empty initially so this should - // have no effect apart from initializing the Keystore/Truststore - credentialManager.deleteTrustedCertificate("somealias"); - - String alias = credentialManager.addTrustedCertificate(trustedCertficate); - assertTrue(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias)); - credentialManager.deleteTrustedCertificate(alias); - assertFalse(credentialManager.hasTrustedCertificate(trustedCertficate)); - assertFalse(credentialManager.hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, alias)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#deleteTrustedCertificate(X509Certificate)}. - * @throws CMException - */ - @Test - public void testDeleteTrustedCertificate2() throws CMException { - - credentialManager.addTrustedCertificate(trustedCertficate); - assertTrue(credentialManager.hasTrustedCertificate(trustedCertficate)); - credentialManager.deleteTrustedCertificate(trustedCertficate); - assertFalse(credentialManager.hasTrustedCertificate(trustedCertficate)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#isKeyEntry(java.lang.String)}. - * @throws CMException - */ - @Test - public void testIsKeyEntry() throws CMException { - // The Credential Manage's Keystore/Truststore is empty initially so this should - // have no effect apart from initializing them - // This should throw an exception - assertFalse(credentialManager.isKeyEntry("somealias")); - - String aliasPassword = credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI); - String aliasKeyPair = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - String aliasTrustedCert = credentialManager.addTrustedCertificate(trustedCertficate); - - assertTrue(credentialManager.isKeyEntry(aliasPassword)); // passwords are saves as symmetric key entries - assertTrue(credentialManager.isKeyEntry(aliasKeyPair)); - assertFalse(credentialManager.isKeyEntry(aliasTrustedCert)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#hasEntryWithAlias(java.lang.String, java.lang.String)}. - * @throws CMException - */ - @Test - public void testHasEntryWithAlias() throws CMException { - - String aliasTrustedCert = credentialManager.createTrustedCertificateAlias(trustedCertficate); - assertFalse(credentialManager.hasEntryWithAlias(KeystoreType.TRUSTSTORE, aliasTrustedCert)); - - String aliasTrustedCert2 = credentialManager.addTrustedCertificate(trustedCertficate); - assertTrue(credentialManager.hasEntryWithAlias(KeystoreType.TRUSTSTORE, aliasTrustedCert2)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getAliases(net.sf.taverna.t2.security.credentialmanager.CredentialManager.KeystoreType)}. - * @throws CMException - */ - @Test - public void testGetAliases() throws CMException { - - ArrayList<String> keystoreAliases = credentialManager.getAliases(KeystoreType.KEYSTORE); - ArrayList<String> truststoreAliases = credentialManager.getAliases(KeystoreType.TRUSTSTORE); - - // Initially Keystore/Truststore is empty - assertTrue(keystoreAliases.isEmpty()); - - String aliasPassword = credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI); - String aliasKeyPair = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - String aliasTrustedCert = credentialManager.addTrustedCertificate(trustedCertficate); - - keystoreAliases = credentialManager.getAliases(KeystoreType.KEYSTORE); - truststoreAliases = credentialManager.getAliases(KeystoreType.TRUSTSTORE); - - assertTrue(keystoreAliases.size() == 2); - assertTrue(truststoreAliases.size() >= 1); // we at least have the one we inserted but could be more copied from Java's defauls truststore - - assertTrue(keystoreAliases.contains(aliasPassword)); - assertTrue(keystoreAliases.contains(aliasKeyPair)); - assertTrue(truststoreAliases.contains(aliasTrustedCert)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getServiceURIsForAllUsernameAndPasswordPairs()}. - * @throws CMException - * @throws URISyntaxException - */ - @Test - public void testGetServiceURIsForAllUsernameAndPasswordPairs() throws CMException, URISyntaxException { - // Initially empty so this - assertTrue(credentialManager.getServiceURIsForAllUsernameAndPasswordPairs().isEmpty()); - - credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI); - - URI serviceURI2 = new URI("http://someservice2";); - UsernamePassword usernamePassword2 = new UsernamePassword("testuser2", "testpasswd2"); - credentialManager.addUsernameAndPasswordForService(usernamePassword2, serviceURI2); - - List<URI> serviceURIs = credentialManager.getServiceURIsForAllUsernameAndPasswordPairs(); - assertTrue(credentialManager.getServiceURIsForAllUsernameAndPasswordPairs().size() == 2); - assertTrue(serviceURIs.contains(serviceURI)); - assertTrue(serviceURIs.contains(serviceURI2)); - - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#loadPKCS12Keystore(java.io.File, java.lang.String)}. - * @throws CMException - * @throws KeyStoreException - * @throws NoSuchAlgorithmException - * @throws UnrecoverableKeyException - */ - @Test - public void testLoadPKCS12Keystore() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { - KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(new File(privateKeyFileURL.getPath()), privateKeyAndPKCS12KeystorePassword); - - Key privateKey2 = null; - Certificate[] privateKeyCertChain2 = null; - - Enumeration<String> aliases = pkcs12Keystore.aliases(); - while (aliases.hasMoreElements()) { - // The test-private-key-cert.p12 file contains only one private key - // and corresponding certificate entry - String alias = aliases.nextElement(); - if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry? - privateKey2 = pkcs12Keystore.getKey(alias, - privateKeyAndPKCS12KeystorePassword.toCharArray()); - privateKeyCertChain2 = pkcs12Keystore.getCertificateChain(alias); - break; - } - } - assertNotNull(privateKey2); - assertNotNull(privateKeyCertChain2); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#addObserver(net.sf.taverna.t2.lang.observer.Observer)}. - */ - @Test - public void testAddObserver() { - - credentialManager.addObserver(keystoreChangedObserver); - assertEquals(keystoreChangedObserver, credentialManager.getObservers().get(0)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getObservers()}. - */ - @Test - public void testGetObservers() { - // Initially there are no observers - assertTrue(credentialManager.getObservers().isEmpty()); - - credentialManager.addObserver(keystoreChangedObserver); - - assertEquals(keystoreChangedObserver, credentialManager.getObservers().get(0)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#removeObserver(net.sf.taverna.t2.lang.observer.Observer)}. - */ - @Test - public void testRemoveObserver() { - credentialManager.addObserver(keystoreChangedObserver); - assertTrue(credentialManager.getObservers().size() == 1); - credentialManager.removeObserver(keystoreChangedObserver); - assertTrue(credentialManager.getObservers().size() == 0); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#confirmMasterPassword(java.lang.String)}. - * @throws CMException - */ - @Test - public void testConfirmMasterPassword() throws CMException { - credentialManager.confirmMasterPassword("uber"); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#changeMasterPassword(java.lang.String)}. - * @throws CMException - */ - @Test - public void testChangeMasterPassword() throws CMException { - // Test the changeMasterPassword() method first to see if - // it will initialize Credential Manager properly - credentialManager.changeMasterPassword("blah"); - credentialManager.confirmMasterPassword("blah"); - - // Add new stuff - key pair and password entries - under the new master password - String keyPairAlias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); - credentialManager.addUsernameAndPasswordForService(usernamePassword, serviceURI); - - // Change the master password again and try to retrieve the private key and password - credentialManager.changeMasterPassword("hlab"); - assertArrayEquals(credentialManager.getUsernameAndPasswordForService(serviceURI, false, "").getPassword(), usernamePassword.getPassword()); - assertEquals(privateKey, credentialManager.getKeyPairsPrivateKey(keyPairAlias)); - assertTrue(Arrays.equals(privateKeyCertChain, credentialManager.getKeyPairsCertificateChain(keyPairAlias))); - - // Load the Credential Manager back from the saved file to see of entries will be picked up properly - CredentialManagerImpl credentialManagerNew = null; - try { - credentialManagerNew = new CredentialManagerImpl(); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - try { - credentialManagerNew - .setConfigurationDirectoryPath(credentialManagerDirectory); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - - // Create the dummy master password provider - masterPasswordProvider = new DummyMasterPasswordProvider(); - masterPasswordProvider.setMasterPassword("hlab"); - List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>(); - masterPasswordProviders.add(masterPasswordProvider); - credentialManager.setMasterPasswordProviders(masterPasswordProviders); - - // Set an empty list for service username and password providers - credentialManagerNew.setServiceUsernameAndPasswordProviders(new ArrayList<ServiceUsernameAndPasswordProvider>()); - - credentialManager.setJavaTruststorePasswordProviders(new ArrayList<JavaTruststorePasswordProvider>()); - - credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>()); - - assertArrayEquals(credentialManager.getUsernameAndPasswordForService(serviceURI, false, "").getPassword(), usernamePassword.getPassword()); - assertEquals(privateKey, credentialManager.getKeyPairsPrivateKey(keyPairAlias)); - assertTrue(Arrays.equals(privateKeyCertChain, credentialManager.getKeyPairsCertificateChain(keyPairAlias))); - - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#initializeSSL()}. - * @throws CMException - */ - @Test - public void testInitializeSSL() throws CMException { - //credentialManager.initializeSSL(); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getTavernaSSLSocketFactory()}. - * @throws CMException - */ - @Test - public void testGetTavernaSSLSocketFactory() throws CMException { - SSLSocketFactory sslSocketFactory = credentialManager.getTavernaSSLSocketFactory(); - assertNotNull(sslSocketFactory); - - // This should also create Taverna's SSLSocketFactory backed by Credential Manager's Keystore and Truststore - // if not already created - credentialManager.initializeSSL(); - assertEquals(sslSocketFactory, credentialManager.getTavernaSSLSocketFactory()); - - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setMasterPasswordProviders(java.util.List)}. - */ - @Test - public void testSetMasterPasswordProviders() { - - List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>(); - masterPasswordProviders.add(masterPasswordProvider); - - credentialManager.setMasterPasswordProviders(masterPasswordProviders); - - assertTrue(credentialManager.getMasterPasswordProviders().contains(masterPasswordProvider)); - - // Set it to null and see what happens - credentialManager.setMasterPasswordProviders(null); - assertNull(credentialManager.getMasterPasswordProviders()); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getMasterPasswordProviders()}. - */ - @Test - public void testGetMasterPasswordProviders() { - - assertFalse(credentialManager.getMasterPasswordProviders().isEmpty()); - assertTrue(credentialManager.getMasterPasswordProviders().contains(masterPasswordProvider)); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setJavaTruststorePasswordProviders(java.util.List)}. - */ - @Test - public void testSetJavaTruststorePasswordProviders() { - - List<JavaTruststorePasswordProvider> javaTruststorePasswordProviders = new ArrayList<JavaTruststorePasswordProvider>(); - JavaTruststorePasswordProvider javaTruststorePasswordProvider = new DummyJavaTruststorePasswordProvider(); - javaTruststorePasswordProvider.setJavaTruststorePassword("blah"); - javaTruststorePasswordProviders.add(javaTruststorePasswordProvider); - - credentialManager.setJavaTruststorePasswordProviders(javaTruststorePasswordProviders); - - assertTrue(credentialManager.getJavaTruststorePasswordProviders().contains(javaTruststorePasswordProvider)); - - // Set it to null and see what happens - credentialManager.setJavaTruststorePasswordProviders(null); - assertNull(credentialManager.getJavaTruststorePasswordProviders()); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getJavaTruststorePasswordProviders()}. - */ - @Test - public void testGetJavaTruststorePasswordProviders() { - - assertTrue(credentialManager.getJavaTruststorePasswordProviders().isEmpty()); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setServiceUsernameAndPasswordProviders(java.util.List)}. - * @throws URISyntaxException - */ - @Test - public void testSetServiceUsernameAndPasswordProviders() throws URISyntaxException { - - List<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders = new ArrayList<ServiceUsernameAndPasswordProvider>(); - ServiceUsernameAndPasswordProvider serviceUsernameAndPasswordProvider = new DummyServiceUsernameAndPasswordProvider(); - serviceUsernameAndPasswordProvider.setServiceUsernameAndPassword(new URI("http://someservice";), new UsernamePassword("blah", "blah")); - serviceUsernameAndPasswordProviders.add(serviceUsernameAndPasswordProvider); - - credentialManager.setServiceUsernameAndPasswordProviders(serviceUsernameAndPasswordProviders); - - assertTrue(credentialManager.getServiceUsernameAndPasswordProviders().contains(serviceUsernameAndPasswordProvider)); - - // Set it to null and see what happens - credentialManager.setServiceUsernameAndPasswordProviders(null); - assertNull(credentialManager.getServiceUsernameAndPasswordProviders()); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getServiceUsernameAndPasswordProviders()}. - */ - @Test - public void testGetServiceUsernameAndPasswordProviders() { - - assertTrue(credentialManager.getServiceUsernameAndPasswordProviders().isEmpty()); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#setTrustConfirmationProviders(java.util.List)}. - * @throws IOException - */ - @Test - public void testSetTrustConfirmationProviders() throws IOException { - List<TrustConfirmationProvider> trustConfirmationProviders = new ArrayList<TrustConfirmationProvider>(); - TrustConfirmationProvider trustConfirmationProvider = new TrustAlwaysTrustConfirmationProvider(); - trustConfirmationProviders.add(trustConfirmationProvider); - - credentialManager.setTrustConfirmationProviders(trustConfirmationProviders); - - assertTrue(credentialManager.getTrustConfirmationProviders().contains(trustConfirmationProvider)); - - // Set it to null and see what happens - credentialManager.setTrustConfirmationProviders(null); - assertNull(credentialManager.getTrustConfirmationProviders()); - } - - /** - * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#getTrustConfirmationProviders()}. - */ - @Test - public void testGetTrustConfirmationProviders() { - - assertTrue(credentialManager.getTrustConfirmationProviders().isEmpty()); - } -}
http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java deleted file mode 100644 index 6a1b9dc..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyJavaTruststorePasswordProvider.java +++ /dev/null @@ -1,39 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider; - -public class DummyJavaTruststorePasswordProvider implements JavaTruststorePasswordProvider{ - - String javaTruststorePassword; - - @Override - public String getJavaTruststorePassword() { - return javaTruststorePassword; - } - - @Override - public void setJavaTruststorePassword(String password) { - javaTruststorePassword = password; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java deleted file mode 100644 index ddcd7e6..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyMasterPasswordProvider.java +++ /dev/null @@ -1,50 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider; - -public class DummyMasterPasswordProvider implements MasterPasswordProvider{ - - private String masterPassword; - private int priority = 0; - - @Override - public String getMasterPassword(boolean firstTime) { - return masterPassword; - } - - @Override - public int getProviderPriority() { - return priority; - } - - @Override - public void setMasterPassword(String password) { - masterPassword = password; - } - -// @Override -// public void setProviderPriority(int priority) { -// this.priority = priority; -// } - -} http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java deleted file mode 100644 index f2227fc..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/DummyServiceUsernameAndPasswordProvider.java +++ /dev/null @@ -1,50 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import java.net.URI; - -import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.UsernamePassword; - -public class DummyServiceUsernameAndPasswordProvider implements ServiceUsernameAndPasswordProvider{ - - private UsernamePassword usernamePassword; - private URI serviceURI; - private String requestingMessage; - - @Override - public UsernamePassword getServiceUsernameAndPassword(URI serviceURI, - String requestingMessage) { - this.requestingMessage = requestingMessage; - this.serviceURI = serviceURI; - return usernamePassword; - } - - @Override - public void setServiceUsernameAndPassword(URI serviceURI, - UsernamePassword usernamePassword) { - - //this.serviceURI = serviceURI; - this.usernamePassword = usernamePassword; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java deleted file mode 100644 index 18068db..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorIT.java +++ /dev/null @@ -1,535 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -import java.io.File; -import java.io.IOException; -import java.net.Authenticator; -import java.net.PasswordAuthentication; -import java.net.URL; -import java.net.URLConnection; -import java.util.ArrayList; -import java.util.List; -import java.util.Random; - -import net.sf.taverna.t2.security.credentialmanager.CMException; -import net.sf.taverna.t2.security.credentialmanager.CredentialManager; -import net.sf.taverna.t2.security.credentialmanager.JavaTruststorePasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider; -import net.sf.taverna.t2.security.credentialmanager.UsernamePassword; - -import org.apache.commons.io.FileUtils; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.mortbay.jetty.Connector; -import org.mortbay.jetty.Handler; -import org.mortbay.jetty.Server; -import org.mortbay.jetty.handler.DefaultHandler; -import org.mortbay.jetty.handler.HandlerCollection; -import org.mortbay.jetty.nio.SelectChannelConnector; -import org.mortbay.jetty.security.Constraint; -import org.mortbay.jetty.security.ConstraintMapping; -import org.mortbay.jetty.security.HashUserRealm; -import org.mortbay.jetty.security.SecurityHandler; -import org.mortbay.jetty.webapp.WebAppContext; - -/** - * - * Based on net.sf.tavenra.security.credentialmanager.FixedPasswordProvider from the - * Taverna 2 codebase. - * - * @author Stian Soiland-Reyes - * @author Alex Nenadic - * - */ -public class HTTPAuthenticatorIT { - - protected static final String WRONG_PASSWORD = "wrongOne"; - protected final static String PASSWORD = "basicPassword"; - protected static final String PASSWORD2 = "password2"; - protected static final String PASSWORD3 = "password3"; - protected static final String PASSWORD4 = "password4"; - protected static final String REALM = "realm1"; - protected static final String REALM2 = "realm2"; - protected final static String USERNAME = "basicUser"; - - protected static final int PORT = 9638; - - private final class CountingAuthenticator extends - CredentialManagerAuthenticator { - - public CountingAuthenticator(CredentialManager credManager) { - super(credManager); - } - - private int calls; - - @Override - protected PasswordAuthentication getPasswordAuthentication() { - calls++; - return super.getPasswordAuthentication(); - } - } - - public class NullAuthenticator extends Authenticator { - } - - protected static final String ROLE_NAME = "user"; - protected static final String HTML = "/html/"; - protected static Server server; - protected static HashUserRealm userRealm; - private static SecurityHandler sh; - - private static CredentialManagerImpl credentialManager; - private static File credentialManagerDirectory; - private static DummyMasterPasswordProvider masterPasswordProvider; - private static HTTPAuthenticatorServiceUsernameAndPasswordProvider httpAuthProvider; - - @BeforeClass - public static void startCredentialManager() throws CMException, IOException { - - try { - credentialManager = new CredentialManagerImpl(); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - Random randomGenerator = new Random(); - String credentialManagerDirectoryPath = System - .getProperty("java.io.tmpdir") - + System.getProperty("file.separator") - + "taverna-security-" - + randomGenerator.nextInt(1000000); - System.out.println("Credential Manager's directory path: " - + credentialManagerDirectoryPath); - credentialManagerDirectory = new File(credentialManagerDirectoryPath); - try { - credentialManager - .setConfigurationDirectoryPath(credentialManagerDirectory); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - - // Create the dummy master password provider - masterPasswordProvider = new DummyMasterPasswordProvider(); - /* Short password to avoid issues with key sizes and Java strong crypto policy*/ - masterPasswordProvider.setMasterPassword("uber"); - List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>(); - masterPasswordProviders.add(masterPasswordProvider); - credentialManager.setMasterPasswordProviders(masterPasswordProviders); - - // Put our HTTP authenticator in the list of service username and password providers - httpAuthProvider = new HTTPAuthenticatorServiceUsernameAndPasswordProvider(); - ArrayList<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders = new ArrayList<ServiceUsernameAndPasswordProvider>(); - serviceUsernameAndPasswordProviders.add(httpAuthProvider); - credentialManager.setServiceUsernameAndPasswordProviders(serviceUsernameAndPasswordProviders); - - // These can be empty - credentialManager.setJavaTruststorePasswordProviders(new ArrayList<JavaTruststorePasswordProvider>()); - credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>()); - } - - @AfterClass - // Clean up the credentialManagerDirectory we created for testing - public static void cleanUp(){ - - if (credentialManagerDirectory.exists()){ - try { - FileUtils.deleteDirectory(credentialManagerDirectory); - System.out.println("Deleting Credential Manager's directory: " - + credentialManagerDirectory.getAbsolutePath()); - } catch (IOException e) { - System.out.println(e.getStackTrace()); - } - } - } - - @BeforeClass - public static void jettyServer() throws Exception { - - server = new Server(); - - Connector connector = new SelectChannelConnector(); - connector.setPort(PORT); - server.setConnectors(new Connector[] { connector }); - ConstraintMapping cm = new ConstraintMapping(); - Constraint constraint = new Constraint(); - constraint.setName(Constraint.__BASIC_AUTH); - constraint.setRoles(new String[] { ROLE_NAME }); - constraint.setAuthenticate(true); - cm.setConstraint(constraint); - cm.setPathSpec("/*"); - - sh = new SecurityHandler(); - userRealm = new HashUserRealm(REALM); - userRealm.put(USERNAME, PASSWORD); - userRealm.addUserToRole(USERNAME, ROLE_NAME); - sh.setUserRealm(userRealm); - sh.setConstraintMappings(new ConstraintMapping[] { cm }); - - WebAppContext webappcontext = new WebAppContext(); - webappcontext.setContextPath("/"); - - URL htmlRoot = HTTPAuthenticatorIT.class.getResource(HTML); - assertNotNull("Could not find " + HTML, htmlRoot); - webappcontext.setWar(htmlRoot.toExternalForm()); - - webappcontext.addHandler(sh); - - HandlerCollection handlers = new HandlerCollection(); - handlers.setHandlers(new Handler[] { webappcontext, - new DefaultHandler() }); - - server.setHandler(handlers); - server.start(); - } - - - @AfterClass - public static void shutdownJetty() throws Exception { - server.stop(); - } - - @Before - @After - public void resetAuthenticator() throws CMException { - Authenticator.setDefault(new NullAuthenticator()); - HTTPAuthenticatorServiceUsernameAndPasswordProvider.resetCalls(); - } - - @Before - public void resetAuthCache() throws CMException { - credentialManager.resetAuthCache(); - } - - @Before - public void resetUserRealmPassword() { - userRealm.put(USERNAME, PASSWORD); - userRealm.setName(REALM); - } - - @Test() - public void failsWithoutAuthenticator() throws Exception { - URL url = new URL("http://localhost:"; + PORT + "/test.html"); - URLConnection c = url.openConnection(); - assertEquals("HTTP/1.1 401 Unauthorized", c.getHeaderField(0)); - } - - @Test() - public void withAuthenticator() throws Exception { - assertEquals("Unexpected calls to password provider", 0, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - // Set the authenticator to our Credential Manager-backed one that also - // counts calls to itself - CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager); - assertEquals("Unexpected calls to authenticator", 0, - authenticator.calls); - Authenticator.setDefault(authenticator); -// FixedPasswordProvider.setUsernamePassword(new UsernamePassword( -// USERNAME, PASSWORD)); - - URL url = new URL("http://localhost:"; + PORT + "/test.html"); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword( - USERNAME, PASSWORD)); - URLConnection c = url.openConnection(); - - c.connect(); - try { - c.getContent(); - } catch (Exception ex) { - } - System.out.println(c.getHeaderField(0)); - assertEquals("Did not invoke authenticator", 1, authenticator.calls); - assertEquals("Did not invoke our password provider", 1, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - assertEquals("HTTP/1.1 200 OK", c.getHeaderField(0)); - - - assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider.getRequestMessage()); - assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider - .getServiceURI().toASCIIString()); - - // And test Java's cache: - URLConnection c2 = url.openConnection(); - c2.connect(); - assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0)); - assertEquals("JVM invoked our authenticator again instead of caching", 1, - authenticator.calls); - assertEquals("Invoked our password provider again instead of caching", - 1, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - } - - @Test() - public void withAuthenticatorResetJava() throws Exception { - assertTrue("Could not reset JVMs authCache, ignore on non-Sun JVM", - credentialManager.resetAuthCache()); - - assertEquals("Unexpected calls to password provider", 0, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager); - assertEquals("Unexpected calls to authenticator", 0, - authenticator.calls); - Authenticator.setDefault(authenticator); -// FixedPasswordProvider.setUsernamePassword(new UsernamePassword( -// USERNAME, PASSWORD)); - - URL url = new URL("http://localhost:"; + PORT + "/test.html"); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword( - USERNAME, PASSWORD)); - URLConnection c = url.openConnection(); - - c.connect(); - try { - c.getContent(); - } catch (Exception ex) { - } - - assertEquals("HTTP/1.1 200 OK", c.getHeaderField(0)); - - assertEquals("Did not invoke authenticator", 1, authenticator.calls); - assertEquals("Did not invoke our password provider", 1, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider.getRequestMessage()); - assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider - .getServiceURI().toASCIIString()); - - - - // And without Java's cache: - assertTrue("Could not reset VMs authCache, ignore on non-Sun VM", - credentialManager.resetAuthCache()); - - URLConnection c2 = url.openConnection(); - c2.connect(); - assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0)); - assertEquals("Did not invoke our authenticator again", 2, - authenticator.calls); - assertEquals("Did not invoke our password provider again", - 2, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - } - - - @Test() - public void differentRealm() throws Exception { - - assertEquals("Unexpected calls to password provider", 0, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager); - assertEquals("Unexpected calls to authenticator", 0, - authenticator.calls); - Authenticator.setDefault(authenticator); - // Different password in case resetAuthCache() did not run - UsernamePassword userPassword = new UsernamePassword( - USERNAME, PASSWORD4); - userRealm.put(USERNAME, PASSWORD4); -// userPassword.setShouldSave(true); - //FixedPasswordProvider.setUsernamePassword(userPassword); - - URL url = new URL("http://localhost:"; + PORT + "/test.html"); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), userPassword); - URLConnection c = url.openConnection(); - - c.connect(); - try { - c.getContent(); - } catch (Exception ex) { - } - - assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider.getRequestMessage()); - assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider - .getServiceURI().toASCIIString()); - - assertEquals("HTTP/1.1 200 OK", c.getHeaderField(0)); - - assertEquals("Did not invoke authenticator", 1, authenticator.calls); - assertEquals("Did not invoke our password provider", 1, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - - // different realm should be treated as a second connection, and not even use saved credentials - - credentialManager.resetAuthCache(); - userRealm.setName(REALM2); - - URLConnection c2 = url.openConnection(); - c2.connect(); - try { - c.getContent(); - } catch (Exception ex) { - } - - assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0)); - - assertEquals("Did not invoke authenticator again", 2, - authenticator.calls); - assertEquals("Did not invoke provider again", - 2, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - assertEquals("Unexpected prompt/realm", REALM2, httpAuthProvider - .getRequestMessage()); - assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM2, HTTPAuthenticatorServiceUsernameAndPasswordProvider - .getServiceURI().toASCIIString()); - } - - - @Test() - public void wrongPasswordDontSave() throws Exception { - assertEquals("Unexpected calls to password provider", 0, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager); - assertEquals("Unexpected calls to authenticator", 0, - authenticator.calls); - Authenticator.setDefault(authenticator); - - // Make the server expect different password so our cache is no longer - // valid - userRealm.put(USERNAME, PASSWORD2); - // But we'll try with the old one, which we'll this time ask to save in - // DB - UsernamePassword usernamePassword = new UsernamePassword(USERNAME, - PASSWORD); - assertFalse("Should not be set to save by default", usernamePassword - .isShouldSave()); - //FixedPasswordProvider.setUsernamePassword(usernamePassword); - - URL url = new URL("http://localhost:"; + PORT + "/test.html"); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), usernamePassword); - URLConnection c = url.openConnection(); - try { - c.getContent(); - } catch (Exception ex) { - } - - assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider - .getRequestMessage()); - assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider - .getServiceURI().toASCIIString()); - - assertEquals("HTTP/1.1 401 Unauthorized", c.getHeaderField(0)); - - assertTrue("Did not invoke authenticator enough times", - authenticator.calls > 1); - assertEquals("Should have asked provider as much as authenticator", - authenticator.calls, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - - // Update provider to now provide the right one -// HTTPAuthenticatorServiceUsernameAndPasswordProvider.setUsernamePassword(new UsernamePassword( -// USERNAME, PASSWORD2)); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword( - USERNAME, PASSWORD2)); - HTTPAuthenticatorServiceUsernameAndPasswordProvider.resetCalls(); - authenticator.calls = 0; - - URLConnection c2 = url.openConnection(); - try { - c2.getContent(); - } catch (Exception ex) { - } - assertEquals("Did not call authenticator again with cache pw invalid", - 1, authenticator.calls); - assertEquals( - "id not called our password provider once", - 1, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0)); - } - - @Test() - public void saveToDatabase() throws Exception { - assertEquals("Unexpected calls to password provider", 0, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - CountingAuthenticator authenticator = new CountingAuthenticator(credentialManager); - assertEquals("Unexpected calls to authenticator", 0, - authenticator.calls); - Authenticator.setDefault(authenticator); - - // Make the server expect different password so our cache is no longer - // valid (In case CredManager.resetAuthCache() did not succeed on non-Sun VMs) - userRealm.put(USERNAME, PASSWORD3); - // But we'll try with the old one, which we'll this time ask to save in - // DB - UsernamePassword usernamePassword = new UsernamePassword(USERNAME, - PASSWORD2); - usernamePassword.setShouldSave(true); - //HTTPAuthenticatorServiceUsernameAndPasswordProvider.setUsernamePassword(usernamePassword); - - URL url = new URL("http://localhost:"; + PORT + "/test.html"); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), usernamePassword); - URLConnection c = url.openConnection(); - try { - c.getContent(); - } catch (Exception ex) { - } - - assertEquals("Unexpected prompt/realm", REALM, httpAuthProvider - .getRequestMessage()); - assertEquals("Unexpected URI", url.toURI().toASCIIString() + "#" + REALM, HTTPAuthenticatorServiceUsernameAndPasswordProvider - .getServiceURI().toASCIIString()); - - assertEquals("HTTP/1.1 401 Unauthorized", c.getHeaderField(0)); - - assertTrue("Did not invoke authenticator enough times", - authenticator.calls > 1); - assertEquals( - "Asked our provider more than once, not saved in credMan?", 1, - HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - - - - // Expect the old one again - userRealm.put(USERNAME, PASSWORD2); - // We'll now set our provider to give an invalid password, but we should - // not be asked - // as the old one (now correct agian) is stored in DB -// HTTPAuthenticatorServiceUsernameAndPasswordProvider.setUsernamePassword(new UsernamePassword( -// USERNAME, WRONG_PASSWORD)); - httpAuthProvider.setServiceUsernameAndPassword(url.toURI(), new UsernamePassword( - USERNAME, WRONG_PASSWORD)); - - HTTPAuthenticatorServiceUsernameAndPasswordProvider.resetCalls(); - authenticator.calls = 0; - - URLConnection c2 = url.openConnection(); - try { - c2.getContent(); - } catch (Exception ex) { - } - assertEquals("Did not call authenticator again with cache pw invalid", - 1, authenticator.calls); - assertEquals( - "Called our password provider instead of using credMan saved one", - 0, HTTPAuthenticatorServiceUsernameAndPasswordProvider.getCalls()); - assertEquals("HTTP/1.1 200 OK", c2.getHeaderField(0)); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java deleted file mode 100644 index 5d3d6f2..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPAuthenticatorServiceUsernameAndPasswordProvider.java +++ /dev/null @@ -1,73 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import java.net.URI; - -import net.sf.taverna.t2.security.credentialmanager.ServiceUsernameAndPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.UsernamePassword; - -/** - * - * @author Stian Soiland-Reyes - * @author Alex Nenadic - * - */ -public class HTTPAuthenticatorServiceUsernameAndPasswordProvider implements ServiceUsernameAndPasswordProvider { - - private static UsernamePassword usernamePassword; - private static URI serviceURI; - private static String requestMessage; - private static long calls = 0; - - public static long getCalls() { - return calls; - } - - - public static void resetCalls() { - calls = 0; - } - - @Override - public UsernamePassword getServiceUsernameAndPassword(URI serviceURI, - String requestMessage) { - HTTPAuthenticatorServiceUsernameAndPasswordProvider.serviceURI = serviceURI; - HTTPAuthenticatorServiceUsernameAndPasswordProvider.requestMessage = requestMessage; - calls++; - return usernamePassword.clone(); - } - - @Override - public void setServiceUsernameAndPassword(URI serviceURI, - UsernamePassword usernamePassword) { - HTTPAuthenticatorServiceUsernameAndPasswordProvider.serviceURI = serviceURI; - HTTPAuthenticatorServiceUsernameAndPasswordProvider.usernamePassword = usernamePassword; - } - - public static URI getServiceURI() { - return serviceURI; - } - - public String getRequestMessage() { - return requestMessage; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-taverna-engine/blob/3ecb1291/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java ---------------------------------------------------------------------- diff --git a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java b/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java deleted file mode 100644 index a9211b1..0000000 --- a/taverna-credential-manager-impl/src/test/java/net/sf/taverna/t2/security/credentialmanager/impl/HTTPSConnectionAndTrustConfirmationIT.java +++ /dev/null @@ -1,336 +0,0 @@ -/******************************************************************************* - * Copyright (C) 2008-2010 The University of Manchester - * - * Modifications to the initial code base are copyright of their - * respective authors, or their employers as appropriate. - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 - ******************************************************************************/ -package net.sf.taverna.t2.security.credentialmanager.impl; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.fail; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.URL; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.SecureRandom; -import java.security.Security; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.List; -import java.util.Random; - -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLHandshakeException; -import javax.net.ssl.TrustManagerFactory; - -import net.sf.taverna.t2.security.credentialmanager.CMException; -import net.sf.taverna.t2.security.credentialmanager.MasterPasswordProvider; -import net.sf.taverna.t2.security.credentialmanager.TrustConfirmationProvider; - -import org.apache.commons.io.FileUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -//import org.apache.log4j.Logger; -import org.junit.After; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -public class HTTPSConnectionAndTrustConfirmationIT { - - - private static CredentialManagerImpl credentialManager; - private static DummyMasterPasswordProvider masterPasswordProvider; - private static File credentialManagerDirectory; - //private static URL trustedCertficateFileURL = HTTPSConnectionAndTrustConfirmationIT.class.getResource("/security/tomcat_heater_certificate.pem"); - - // Log4J Logger - //private static Logger logger = Logger.getLogger(HTTPSConnectionAndTrustConfirmationIT.class); - -// public static void main(String[] args){ -// -// try { -// CredentialManagerOld.initialiseSSL(); -// //CredentialManager.getInstance(); -// //HttpsURLConnection.setDefaultSSLSocketFactory(CredentialManager.createTavernaSSLSocketFactory()); -// URL url = new URL ("https://rpc103.cs.man.ac.uk:8443/wsrf/services/cagrid/SecureHelloWorld?wsdl";); -// HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection(); -// // user should be asked automatically if they want to trust the connection -// httpsConnection.connect(); -// -// } catch (CMException e) { -// logger.error("", e); -// } catch (MalformedURLException e) { -// logger.error("", e); -// } catch (IOException e) { -// logger.error("", e); -// } -// catch(Exception ex){ // anything we did not expect -// logger.error("", ex); -// } -// -// } - - /** - * @throws java.lang.Exception - */ - @BeforeClass - public static void setUpBeforeClass() throws Exception { - - // Just in case, add the BouncyCastle provider - // It gets added from the CredentialManagerImpl constructor as well - // but we may need some crypto operations before we invoke the Cred. Manager - Security.addProvider(new BouncyCastleProvider()); - } - - /** - * @throws java.lang.Exception - */ - @Before - public void setUp() throws Exception { - - try { - credentialManager = new CredentialManagerImpl(); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - Random randomGenerator = new Random(); - String credentialManagerDirectoryPath = System - .getProperty("java.io.tmpdir") - + System.getProperty("file.separator") - + "taverna-security-" - + randomGenerator.nextInt(1000000); - System.out.println("Credential Manager's directory path: " - + credentialManagerDirectoryPath); - credentialManagerDirectory = new File(credentialManagerDirectoryPath); - try { - credentialManager - .setConfigurationDirectoryPath(credentialManagerDirectory); - } catch (CMException e) { - System.out.println(e.getStackTrace()); - } - - // Create the dummy master password provider - masterPasswordProvider = new DummyMasterPasswordProvider(); - masterPasswordProvider.setMasterPassword("uber"); - List<MasterPasswordProvider> masterPasswordProviders = new ArrayList<MasterPasswordProvider>(); - masterPasswordProviders.add(masterPasswordProvider); - credentialManager.setMasterPasswordProviders(masterPasswordProviders); - - // Set an empty list for trust confirmation providers - credentialManager.setTrustConfirmationProviders(new ArrayList<TrustConfirmationProvider>()); - } - - @After - // Clean up the credentialManagerDirectory we created for testing - public void cleanUp() throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException, KeyStoreException, UnrecoverableKeyException, CertificateException, IOException{ -// assertTrue(credentialManagerDirectory.exists()); -// assertFalse(credentialManagerDirectory.listFiles().length == 0); // something was created there - - if (credentialManagerDirectory.exists()){ - try { - FileUtils.deleteDirectory(credentialManagerDirectory); - System.out.println("Deleting Credential Manager's directory: " - + credentialManagerDirectory.getAbsolutePath()); - } catch (IOException e) { - System.out.println(e.getStackTrace()); - } - } - - // Reset the SSLSocketFactory in JVM so we always have a clean start - SSLContext sc = null; - sc = SSLContext.getInstance("SSLv3"); - - // Create a "default" JSSE X509KeyManager. - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", - "SunJSSE"); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, null); - kmf.init(ks, "blah".toCharArray()); - - // Create a "default" JSSE X509TrustManager. - TrustManagerFactory tmf = TrustManagerFactory.getInstance( - "SunX509", "SunJSSE"); - KeyStore ts = KeyStore.getInstance("JKS"); - ts.load(null, null); - tmf.init(ts); - - sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); - SSLContext.setDefault(sc); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - } - - @Test - public void testTrustConfirmationProvidersTrustAlways() throws IOException, CMException { - // Initially trust provider list is empty, we only verify by what is in - // Credential Manager's Truststore (and it does not contains the certificate for https://heater.cs.man.ac.uk:7443/) - - // Do not forget to initialise Taverna's/Credential Manager's SSLSocketFactory - credentialManager.initializeSSL(); - - URL url = new URL("https://heater.cs.man.ac.uk:7443/";); - HttpsURLConnection conn; - conn = (HttpsURLConnection) url.openConnection(); - try{ - // This should fail - conn.connect(); - fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point."); - } - catch(SSLHandshakeException sslex){ - // expected to fail so all is good - System.out.println(sslex.getStackTrace()); - } - finally{ - conn.disconnect(); - } - - // Add the trust confirmation provider that trusts everyone - List<TrustConfirmationProvider> trustProviders = new ArrayList<TrustConfirmationProvider>(); - trustProviders.add(new TrustAlwaysTrustConfirmationProvider()); - credentialManager.setTrustConfirmationProviders(trustProviders); - - HttpsURLConnection conn2 = (HttpsURLConnection) url.openConnection(); - // This should work now - conn2.connect(); - System.out.println("Status header: "+ conn2.getHeaderField(0)); - - assertEquals("HTTP/1.1 200 OK", conn2.getHeaderField(0)); - conn2.disconnect(); - } - - @Test - public void testTrustConfirmationProvidersTrustNever() throws IOException, CMException { - // Initially trust provider list is empty, we only verify by what is in - // Credential Manager's Truststore (and it does not contains the certificate for https://heater.cs.man.ac.uk:7443/) - - // Do not forget to initialise Taverna's/Credential Manager's SSLSocketFactory - credentialManager.initializeSSL(); - - URL url = new URL("https://heater.cs.man.ac.uk:7443/";); - HttpsURLConnection conn; - conn = (HttpsURLConnection) url.openConnection(); - try{ - // This should fail - conn.connect(); - fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point."); - } - catch(SSLHandshakeException sslex){ - // expected to fail so all is good - } - finally{ - conn.disconnect(); - } - - // Add the trust confirmation provider that trusts no one - List<TrustConfirmationProvider> trustProviders = new ArrayList<TrustConfirmationProvider>(); - credentialManager.setTrustConfirmationProviders(trustProviders); - trustProviders = new ArrayList<TrustConfirmationProvider>(); - trustProviders.add(new TrustNeverTrustConfimationProvider()); - credentialManager.setTrustConfirmationProviders(trustProviders); - - HttpsURLConnection conn2 = (HttpsURLConnection) url.openConnection(); - try{ - // This should still fail as our trust providers are not trusting anyone - // and we have not added heater's certificate to Credential Manager's Truststore - conn2.connect(); - fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point."); - } - catch(SSLHandshakeException sslex){ - // expected to fail so all is good - } - finally{ - conn2.disconnect(); - } - } - - @Test - public void testTrustConfirmationAddDeleteCertificateDirectly() throws CMException, IOException, CertificateException{ - // Initially trust provider list is empty, we only verify by what is in - // Credential Manager's Truststore (and it does not contains the certificate for https://heater.cs.man.ac.uk:7443/) - - // Do not forget to initialise Taverna's/Credential Manager's SSLSocketFactory - credentialManager.initializeSSL(); - - URL url = new URL("https://heater.cs.man.ac.uk:7443/";); - HttpsURLConnection conn; - conn = (HttpsURLConnection) url.openConnection(); - try{ - // This should fail - conn.connect(); - fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point."); - } - catch(SSLHandshakeException sslex){ - // expected to fail so all is good - } - finally{ - conn.disconnect(); - } - - // Add heater's certificate directly to Credential Manager's Truststore - - // Load the test trusted certificate (belonging to heater.cs.man.ac.uk) - X509Certificate trustedCertficate; - URL trustedCertficateFileURL = getClass().getResource("/security/tomcat_heater_certificate.pem"); - System.out.println("testTrustConfirmationAddDeleteCertificateDirectly: trusted certficate file URL " + trustedCertficateFileURL); - File trustedCertFile = new File(trustedCertficateFileURL.getPath()); - FileInputStream inStream = new FileInputStream(trustedCertFile); - //InputStream inStream = getClass().getClassLoader().getResourceAsStream("security/tomcat_heater_certificate.pem"); - CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); - trustedCertficate = (X509Certificate) certFactory.generateCertificate(inStream); - try{ - inStream.close(); - } - catch (Exception e) { - // Ignore - } - String alias = credentialManager.addTrustedCertificate(trustedCertficate); - - HttpsURLConnection conn2 = (HttpsURLConnection) url.openConnection(); - // This should work now - conn2.connect(); - //System.out.println(conn2.getHeaderField(0)); - - assertEquals("HTTP/1.1 200 OK", conn2.getHeaderField(0)); - conn2.disconnect(); - - // Now remove certificate and see if the "trust" changes - credentialManager.deleteTrustedCertificate(alias); - HttpsURLConnection conn3; - conn3 = (HttpsURLConnection) url.openConnection(); - try{ - // This should fail - conn3.connect(); - fail("Connection to https://heater.cs.man.ac.uk:7443/ should be untrusted at this point."); - } - catch(SSLHandshakeException sslex){ - // expected to fail so all is good - } - finally{ - conn3.disconnect(); - } - } -}
