/**
* Tests authentication for failure.
*
* @throws Exception if the test fails.
*/
@Test
@Ignore
public void testAuthenticateForFailure() throws Exception {
// no certificate
try {
OpenSSLKey key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.USERKEY_RCE_ENGINEER_PEM));
authService.authenticate(null, key, AuthenticationTestConstants.PASSWORD_RCE_ENEMY);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
// no private key
try {
X509Certificate certificate =
CertUtil.loadCertificate(
getClass()
.getResourceAsStream(AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM));
authService.authenticate(certificate, null, AuthenticationTestConstants.PASSWORD_RCE_ENEMY);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
/** Tests arguments of password and user id for failure. */
@Test
public void testLdapArgumentForFailure() {
String uid = "";
String password = "******";
assertEquals(
LDAPAuthenticationResult.PASSWORD__OR_USERNAME_INVALID,
authService.authenticate(uid, password));
uid = "_";
password = "";
assertEquals(
LDAPAuthenticationResult.PASSWORD__OR_USERNAME_INVALID,
authService.authenticate(uid, password));
}
/**
* Tests getting a proxy certificate for failure.
*
* @throws Exception if the test fails.
*/
@Test
public void testLoadCertificateForFailure() throws Exception {
try {
authService.loadCertificate(null);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
/**
* Tests getting a CertificateUser for success.
*
* @throws Exception if the test fails.
*/
@Test
public void testGetCertificateUserForSuccess() throws Exception {
X509Certificate certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM));
User certificateUser = authService.createUser(certificate, validityInDays);
assertTrue(certificateUser.isValid());
}
/**
* Tests getting a proxy certificate for success.
*
* @throws Exception if the test fails.
*/
@Test
public void testLoadCertificateRevocationListsForSuccess() throws Exception {
OpenSSLKey key =
authService.loadKey(
System.getProperty(AuthenticationTestConstants.USER_DIR)
+ AuthenticationTestConstants.TESTRESOURCES_DIR
+ AuthenticationTestConstants.USERKEY_RCE_ENGINEER_PEM);
assertNotNull(key);
}
/**
* Tests getting a proxy certificate for success.
*
* @throws Exception if the test fails.
*/
@Test
public void testLoadCertificateForSuccess() throws Exception {
X509Certificate certificate =
authService.loadCertificate(
System.getProperty(AuthenticationTestConstants.USER_DIR)
+ AuthenticationTestConstants.TESTRESOURCES_DIR
+ AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM);
assertNotNull(certificate);
}
/**
* Tests getting a proxy certificate for failure.
*
* @throws Exception if the test fails.
*/
@Test
public void testGetProxyCertificateForFailure() throws Exception {
// no certificate
try {
authService.createUser((X509Certificate) null, validityInDays);
fail();
} catch (IllegalArgumentException e) {
assertTrue(true);
}
}
/**
* Tests authentication at LDAP for success.
*
* <p>Test server available. For data see:
* rce-closed-source/development/testing/unittests/servers/ldap.txt
*/
@Test
@Ignore // as data must be manually substituted before execution, this test is ignored during
// automated testing
public void testLdapAuthenticationForSuccess() {
String uid = "username";
String password = "******";
// if the intra-net is not available, don't perform the test
try {
InetAddress.getByName("server");
} catch (UnknownHostException e) {
return;
}
assertEquals(LDAPAuthenticationResult.AUTHENTICATED, authService.authenticate(uid, password));
}
/**
* Tests authentication for success.
*
* <p>Tests fail due to expired test certificates. As the code is currently not used and probably
* won't be used in the future, the tests are ignored to reduce the maintenance effort. The
* related methods in are deprecated.
*
* @throws Exception in error
*/
@Test
@Ignore
public void testAuthenticateForSuccess() throws Exception {
X509Certificate certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM));
OpenSSLKey key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.USERKEY_RCE_ENGINEER_PEM));
X509AuthenticationResult result =
authService.authenticate(
certificate, key, AuthenticationTestConstants.PASSWORD_RCE_ENGINEER);
assertEquals(X509AuthenticationResult.AUTHENTICATED, result);
}
/**
* Tests authentication for failure.
*
* <p>Tests fail due to expired test certificates. As the code is currently not used and probably
* won't be used in the future, the tests are ignored to reduce the maintenance effort. The
* related methods in are deprecated.
*
* @throws Exception on error
*/
@Test
@Ignore
public void testAuthenticateForSanity() throws Exception {
// incorrect password
X509Certificate certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM));
OpenSSLKey key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.USERKEY_RCE_ENGINEER_PEM));
X509AuthenticationResult result =
authService.authenticate(certificate, key, AuthenticationTestConstants.PASSWORD_RCE_ENEMY);
assertEquals(X509AuthenticationResult.PASSWORD_INCORRECT, result);
// private and public key do not belong together
certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM));
key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.KEY_RCE_ENEMY_PEM));
result =
authService.authenticate(certificate, key, AuthenticationTestConstants.PASSWORD_RCE_ENEMY);
assertEquals(X509AuthenticationResult.PRIVATE_KEY_NOT_BELONGS_TO_PUBLIC_KEY, result);
// not signed by trusted CA
certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.CERT_UNKNOWN_USER_PEM));
key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.KEY_UNKNOWN_USER_PEM));
result =
authService.authenticate(
certificate, key, AuthenticationTestConstants.PASSWORD_UNKNOWN_USER);
assertEquals(X509AuthenticationResult.NOT_SIGNED_BY_TRUSTED_CA, result);
// revoked
certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.CERT_RCE_ENEMY_PEM));
key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.KEY_RCE_ENEMY_PEM));
result =
authService.authenticate(certificate, key, AuthenticationTestConstants.PASSWORD_RCE_ENEMY);
assertEquals(X509AuthenticationResult.CERTIFICATE_REVOKED, result);
// no password, but encrypted key
certificate =
CertUtil.loadCertificate(
getClass().getResourceAsStream(AuthenticationTestConstants.USERCERT_RCE_ENGINEER_PEM));
key =
new BouncyCastleOpenSSLKey(
getClass().getResourceAsStream(AuthenticationTestConstants.USERKEY_RCE_ENGINEER_PEM));
result = authService.authenticate(certificate, key, null);
assertEquals(X509AuthenticationResult.PASSWORD_REQUIRED, result);
}
/** Set up test environment. */
@Before
public void setUp() {
authService = new AuthenticationServiceImpl();
authService.bindConfigurationService(AuthenticationMockFactory.getConfigurationService());
authService.activate(AuthenticationMockFactory.getBundleContextMock());
}
/** Tests authentication at LDAP for success. */
@Test
public void testCreateUser() {
User user = authService.createUser(4);
assertEquals(4, user.getValidityInDays());
}
/**
* Tests getting an LDAPUser for success.
*
* @throws Exception if the test fails.
*/
@Test
public void testGetLdapUserForSuccess() throws Exception {
User ldapUser = authService.createUser("testUser", validityInDays);
assertTrue(ldapUser.isValid());
}
