/** Test challenge post. */
@Test
public void testChallengePOST() {
final String securityPackage = "Negotiate";
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
final SimpleHttpRequest request = new SimpleHttpRequest();
request.setMethod("POST");
request.setContentLength(0);
final String clientToken = BaseEncoding.base64().encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
final SimpleHttpResponse response = new SimpleHttpResponse();
this.authenticator.authenticate(request, response);
Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
Assert.assertEquals("keep-alive", response.getHeader("Connection"));
Assert.assertEquals(2, response.getHeaderNames().size());
Assert.assertEquals(401, response.getStatus());
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}
@Test
public void testNegotiate() throws IOException {
String securityPackage = "Negotiate";
// client credentials handle
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
// negotiate
boolean authenticated = false;
SimpleHttpRequest request = new SimpleHttpRequest();
request.setQueryString("j_negotiate_check");
while (true) {
String clientToken = Base64.encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
authenticated = _authenticator.authenticate(request, response);
if (authenticated) {
assertTrue(response.getHeaderNames().size() >= 0);
break;
}
assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
assertEquals("keep-alive", response.getHeader("Connection"));
assertEquals(2, response.getHeaderNames().size());
assertEquals(401, response.getStatus());
String continueToken =
response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
byte[] continueTokenBytes = Base64.decode(continueToken);
assertTrue(continueTokenBytes.length > 0);
SecBufferDesc continueTokenBuffer =
new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
clientContext.initialize(
clientContext.getHandle(),
continueTokenBuffer,
WindowsAccountImpl.getCurrentUsername());
}
assertTrue(authenticated);
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}
public void testProgrammaticSecurity() throws ServletException {
_authenticator.setAuth(new MockWindowsAuthProvider());
SimpleHttpRequest request = new SimpleHttpRequest();
request.setContext((Context) _authenticator.getContainer());
request.login(WindowsAccountImpl.getCurrentUsername(), "");
assertEquals(WindowsAccountImpl.getCurrentUsername(), request.getRemoteUser());
assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal);
GenericWindowsPrincipal windowsPrincipal = (GenericWindowsPrincipal) request.getUserPrincipal();
assertTrue(windowsPrincipal.getSidString().startsWith("S-"));
}
@Test
public void testSecurityCheckParameters() {
_authenticator.setAuth(new MockWindowsAuthProvider());
SimpleHttpRequest request = new SimpleHttpRequest();
request.addParameter("j_security_check", "");
request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername());
request.addParameter("j_password", "");
SimpleHttpResponse response = new SimpleHttpResponse();
assertTrue(_authenticator.authenticate(request, response));
}
@Test
public void testAuthenticate() {
MockWindowsIdentity mockIdentity =
new MockWindowsIdentity(WindowsAccountImpl.getCurrentUsername(), new ArrayList<String>());
WindowsPrincipal principal = new WindowsPrincipal(mockIdentity);
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(principal, "password");
Authentication authenticated = _provider.authenticate(authentication);
assertNotNull(authenticated);
assertTrue(authenticated.isAuthenticated());
Collection<? extends GrantedAuthority> authorities = authenticated.getAuthorities();
Iterator<? extends GrantedAuthority> authoritiesIterator = authorities.iterator();
assertEquals(3, authorities.size());
assertEquals("ROLE_USER", authoritiesIterator.next().getAuthority());
assertEquals("ROLE_USERS", authoritiesIterator.next().getAuthority());
assertEquals("ROLE_EVERYONE", authoritiesIterator.next().getAuthority());
assertTrue(authenticated.getPrincipal() instanceof WindowsPrincipal);
}
@Test
public void testAuthenticateWithCustomGrantedAuthorityFactory() {
_provider.setDefaultGrantedAuthority(null);
_provider.setGrantedAuthorityFactory(new FqnGrantedAuthorityFactory(null, false));
MockWindowsIdentity mockIdentity =
new MockWindowsIdentity(WindowsAccountImpl.getCurrentUsername(), new ArrayList<String>());
WindowsPrincipal principal = new WindowsPrincipal(mockIdentity);
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(principal, "password");
Authentication authenticated = _provider.authenticate(authentication);
assertNotNull(authenticated);
assertTrue(authenticated.isAuthenticated());
Collection<? extends GrantedAuthority> authorities = authenticated.getAuthorities();
Iterator<? extends GrantedAuthority> authoritiesIterator = authorities.iterator();
assertEquals(2, authorities.size());
assertEquals("Users", authoritiesIterator.next().getAuthority());
assertEquals("Everyone", authoritiesIterator.next().getAuthority());
assertTrue(authenticated.getPrincipal() instanceof WindowsPrincipal);
}
@Test
public void testWaffleInfo() throws ParserConfigurationException {
WaffleInfo helper = new WaffleInfo();
Document info = helper.getWaffleInfo();
// Make sure JNA Version is properly noted
assertEquals(
Platform.class.getPackage().getImplementationVersion(),
info.getDocumentElement().getAttribute("jna"));
Node node =
info.getDocumentElement() // waffle
.getFirstChild() // auth
.getFirstChild() // currentUser
.getNextSibling(); // computer
assertEquals("computer", node.getNodeName());
IWindowsAuthProvider auth = new WindowsAuthProviderImpl();
IWindowsComputer computer = auth.getCurrentComputer();
NodeList nodes = node.getChildNodes();
assertEquals(computer.getComputerName(), nodes.item(0).getTextContent());
assertEquals(computer.getMemberOf(), nodes.item(1).getTextContent());
assertEquals(computer.getJoinStatus(), nodes.item(2).getTextContent());
// Add Lookup Info for Various accounts
String lookup = WindowsAccountImpl.getCurrentUsername();
IWindowsAccount account = new WindowsAccountImpl(lookup);
Element elem = helper.getLookupInfo(info, lookup);
assertEquals(lookup, elem.getAttribute("name"));
assertEquals(account.getName(), elem.getFirstChild().getTextContent());
// Report an error when unknown name
lookup = "__UNKNOWN_ACCOUNT_NAME___";
elem = helper.getLookupInfo(info, lookup);
assertEquals(lookup, elem.getAttribute("name"));
assertEquals("exception", elem.getFirstChild().getNodeName());
}
@Test
public void testNegotiate() throws IOException, ServletException {
String securityPackage = "Negotiate";
SimpleFilterChain filterChain = new SimpleFilterChain();
SimpleHttpRequest request = new SimpleHttpRequest();
String clientToken =
BaseEncoding.base64().encode(WindowsAccountImpl.getCurrentUsername().getBytes());
request.addHeader("Authorization", securityPackage + " " + clientToken);
SimpleHttpResponse response = new SimpleHttpResponse();
this.filter.doFilter(request, response, filterChain);
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
assertNotNull(auth);
GrantedAuthority[] authorities = auth.getAuthorities();
assertNotNull(authorities);
assertEquals(3, authorities.length);
assertEquals("ROLE_USER", authorities[0].getAuthority());
assertEquals("ROLE_USERS", authorities[1].getAuthority());
assertEquals("ROLE_EVERYONE", authorities[2].getAuthority());
assertEquals(0, response.getHeaderNamesSize());
}
/** Test post empty. */
@Test
public void testPOSTEmpty() {
final String securityPackage = "Negotiate";
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
// negotiate
boolean authenticated = false;
final SimpleHttpRequest request = new SimpleHttpRequest();
request.setMethod("POST");
request.setContentLength(0);
String clientToken;
String continueToken;
byte[] continueTokenBytes;
SimpleHttpResponse response;
SecBufferDesc continueTokenBuffer;
while (true) {
clientToken = BaseEncoding.base64().encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
response = new SimpleHttpResponse();
try {
authenticated = this.authenticator.authenticate(request, response);
} catch (final Exception e) {
NegotiateAuthenticatorTests.LOGGER.error("{}", e);
return;
}
if (authenticated) {
Assertions.assertThat(response.getHeaderNames().size()).isGreaterThanOrEqualTo(0);
break;
}
if (response.getHeader("WWW-Authenticate").startsWith(securityPackage + ",")) {
Assert.assertEquals("close", response.getHeader("Connection"));
Assert.assertEquals(2, response.getHeaderNames().size());
Assert.assertEquals(401, response.getStatus());
return;
}
Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
Assert.assertEquals("keep-alive", response.getHeader("Connection"));
Assert.assertEquals(2, response.getHeaderNames().size());
Assert.assertEquals(401, response.getStatus());
continueToken =
response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
continueTokenBytes = BaseEncoding.base64().decode(continueToken);
Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0);
continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
clientContext.initialize(
clientContext.getHandle(),
continueTokenBuffer,
WindowsAccountImpl.getCurrentUsername());
}
Assert.assertTrue(authenticated);
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}
/** Test negotiate. */
@Test
public void testNegotiate() {
final String securityPackage = "Negotiate";
IWindowsCredentialsHandle clientCredentials = null;
WindowsSecurityContextImpl clientContext = null;
try {
// client credentials handle
clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage);
clientCredentials.initialize();
// initial client security context
clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
clientContext.setCredentialsHandle(clientCredentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername());
// negotiate
boolean authenticated = false;
final SimpleHttpRequest request = new SimpleHttpRequest();
while (true) {
final String clientToken = BaseEncoding.base64().encode(clientContext.getToken());
request.addHeader("Authorization", securityPackage + " " + clientToken);
final SimpleHttpResponse response = new SimpleHttpResponse();
authenticated = this.authenticator.authenticate(request, response);
if (authenticated) {
Assert.assertNotNull(request.getUserPrincipal());
Assert.assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal);
final GenericWindowsPrincipal windowsPrincipal =
(GenericWindowsPrincipal) request.getUserPrincipal();
Assert.assertTrue(windowsPrincipal.getSidString().startsWith("S-"));
Assertions.assertThat(windowsPrincipal.getSid().length).isGreaterThan(0);
Assert.assertTrue(windowsPrincipal.getGroups().containsKey("Everyone"));
Assertions.assertThat(response.getHeaderNames().size()).isLessThanOrEqualTo(1);
break;
}
Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
Assert.assertEquals("keep-alive", response.getHeader("Connection"));
Assert.assertEquals(2, response.getHeaderNames().size());
Assert.assertEquals(401, response.getStatus());
final String continueToken =
response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1);
final byte[] continueTokenBytes = BaseEncoding.base64().decode(continueToken);
Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0);
final SecBufferDesc continueTokenBuffer =
new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes);
clientContext.initialize(
clientContext.getHandle(),
continueTokenBuffer,
WindowsAccountImpl.getCurrentUsername());
}
Assert.assertTrue(authenticated);
} finally {
if (clientContext != null) {
clientContext.dispose();
}
if (clientCredentials != null) {
clientCredentials.dispose();
}
}
}
