Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java?rev=1167444&view=auto ============================================================================== --- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java (added) +++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/server/TestPseudoAuthenticationHandler.java Sat Sep 10 02:57:10 2011 @@ -0,0 +1,113 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.server; + +import org.apache.hadoop.security.authentication.client.AuthenticationException; +import junit.framework.TestCase; +import org.apache.hadoop.security.authentication.client.PseudoAuthenticator; +import org.mockito.Mockito; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Properties; + +public class TestPseudoAuthenticationHandler extends TestCase { + + public void testInit() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); + handler.init(props); + assertEquals(false, handler.getAcceptAnonymous()); + } finally { + handler.destroy(); + } + } + + public void testType() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + assertEquals(PseudoAuthenticationHandler.TYPE, handler.getType()); + } + + public void testAnonymousOn() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "true"); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + AuthenticationToken token = handler.authenticate(request, response); + + assertEquals(AuthenticationToken.ANONYMOUS, token); + } finally { + handler.destroy(); + } + } + + public void testAnonymousOff() throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, "false"); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + + handler.authenticate(request, response); + fail(); + } catch (AuthenticationException ex) { + // Expected + } catch (Exception ex) { + fail(); + } finally { + handler.destroy(); + } + } + + private void _testUserName(boolean anonymous) throws Exception { + PseudoAuthenticationHandler handler = new PseudoAuthenticationHandler(); + try { + Properties props = new Properties(); + props.setProperty(PseudoAuthenticationHandler.ANONYMOUS_ALLOWED, Boolean.toString(anonymous)); + handler.init(props); + + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + HttpServletResponse response = Mockito.mock(HttpServletResponse.class); + Mockito.when(request.getParameter(PseudoAuthenticator.USER_NAME)).thenReturn("user"); + + AuthenticationToken token = handler.authenticate(request, response); + + assertNotNull(token); + assertEquals("user", token.getUserName()); + assertEquals("user", token.getName()); + assertEquals(PseudoAuthenticationHandler.TYPE, token.getType()); + } finally { + handler.destroy(); + } + } + + public void testUserNameAnonymousOff() throws Exception { + _testUserName(false); + } + + public void testUserNameAnonymousOn() throws Exception { + _testUserName(true); + } + +}
Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java?rev=1167444&view=auto ============================================================================== --- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java (added) +++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestKerberosName.java Sat Sep 10 02:57:10 2011 @@ -0,0 +1,88 @@ +package org.apache.hadoop.security.authentication.util; + +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import java.io.IOException; + +import org.apache.hadoop.security.authentication.KerberosTestUtils; +import org.junit.Before; +import org.junit.Test; +import static org.junit.Assert.*; + +public class TestKerberosName { + + @Before + public void setUp() throws Exception { + String rules = + "RULE:[1:$1@$0](.*@YAHOO\\.COM)s/@.*//\n" + + "RULE:[2:$1](johndoe)s/^.*$/guest/\n" + + "RULE:[2:$1;$2](^.*;admin$)s/;admin$//\n" + + "RULE:[2:$2](root)\n" + + "DEFAULT"; + KerberosName.setRules(rules); + KerberosName.printRules(); + } + + private void checkTranslation(String from, String to) throws Exception { + System.out.println("Translate " + from); + KerberosName nm = new KerberosName(from); + String simple = nm.getShortName(); + System.out.println("to " + simple); + assertEquals("short name incorrect", to, simple); + } + + @Test + public void testRules() throws Exception { + checkTranslation("omalley@" + KerberosTestUtils.getRealm(), "omalley"); + checkTranslation("hdfs/10.0.0.1@" + KerberosTestUtils.getRealm(), "hdfs"); + checkTranslation("o...@yahoo.com", "oom"); + checkTranslation("johndoe/z...@foo.com", "guest"); + checkTranslation("joe/ad...@foo.com", "joe"); + checkTranslation("joe/r...@foo.com", "root"); + } + + private void checkBadName(String name) { + System.out.println("Checking " + name + " to ensure it is bad."); + try { + new KerberosName(name); + fail("didn't get exception for " + name); + } catch (IllegalArgumentException iae) { + // PASS + } + } + + private void checkBadTranslation(String from) { + System.out.println("Checking bad translation for " + from); + KerberosName nm = new KerberosName(from); + try { + nm.getShortName(); + fail("didn't get exception for " + from); + } catch (IOException ie) { + // PASS + } + } + + @Test + public void testAntiPatterns() throws Exception { + checkBadName("owen/owen/o...@foo.com"); + checkBadName("owen@foo/bar.com"); + checkBadTranslation("f...@acme.com"); + checkBadTranslation("root/j...@foo.com"); + } +} Added: hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java?rev=1167444&view=auto ============================================================================== --- hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java (added) +++ hadoop/common/branches/branch-0.20-security/src/test/org/apache/hadoop/security/authentication/util/TestSigner.java Sat Sep 10 02:57:10 2011 @@ -0,0 +1,93 @@ +/** + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. See accompanying LICENSE file. + */ +package org.apache.hadoop.security.authentication.util; + +import junit.framework.TestCase; + +public class TestSigner extends TestCase { + + public void testNoSecret() throws Exception { + try { + new Signer(null); + fail(); + } + catch (IllegalArgumentException ex) { + } + } + + public void testNullAndEmptyString() throws Exception { + Signer signer = new Signer("secret".getBytes()); + try { + signer.sign(null); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + try { + signer.sign(""); + fail(); + } catch (IllegalArgumentException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + } + + public void testSignature() throws Exception { + Signer signer = new Signer("secret".getBytes()); + String s1 = signer.sign("ok"); + String s2 = signer.sign("ok"); + String s3 = signer.sign("wrong"); + assertEquals(s1, s2); + assertNotSame(s1, s3); + } + + public void testVerify() throws Exception { + Signer signer = new Signer("secret".getBytes()); + String t = "test"; + String s = signer.sign(t); + String e = signer.verifyAndExtract(s); + assertEquals(t, e); + } + + public void testInvalidSignedText() throws Exception { + Signer signer = new Signer("secret".getBytes()); + try { + signer.verifyAndExtract("test"); + fail(); + } catch (SignerException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + } + + public void testTampering() throws Exception { + Signer signer = new Signer("secret".getBytes()); + String t = "test"; + String s = signer.sign(t); + s += "x"; + try { + signer.verifyAndExtract(s); + fail(); + } catch (SignerException ex) { + // Expected + } catch (Throwable ex) { + fail(); + } + } + +}