예제 #1
0
public class TestUtils {

  public static final String USER = "******";
  public static final String ADMIN = "admin";
  public static final String TEXT_HTML_CONTENT_TYPE_WITH_UTF_8_CHARSET = "text/html; charset=UTF-8";
  public static final String TEXT_HTML_CONTENT_TYPE_WITH_ISO_8859_1_CHARSET =
      "text/html; charset=ISO-8859-1";
  private static final File TMP_DIR =
      new File(
          System.getProperty("java.io.tmpdir"),
          "ahc-tests-" + UUID.randomUUID().toString().substring(0, 8));
  public static final byte[] PATTERN_BYTES =
      "FooBarBazQixFooBarBazQixFooBarBazQixFooBarBazQixFooBarBazQixFooBarBazQix"
          .getBytes(Charset.forName("UTF-16"));
  public static final File LARGE_IMAGE_FILE;
  public static byte[] LARGE_IMAGE_BYTES;
  public static final File SIMPLE_TEXT_FILE;
  public static final String SIMPLE_TEXT_FILE_STRING;
  private static final LoginService LOGIN_SERVICE =
      new HashLoginService("MyRealm", "src/test/resources/realm.properties");

  static {
    try {
      TMP_DIR.mkdirs();
      TMP_DIR.deleteOnExit();
      LARGE_IMAGE_FILE = new File(TestUtils.class.getClassLoader().getResource("300k.png").toURI());
      LARGE_IMAGE_BYTES = FileUtils.readFileToByteArray(LARGE_IMAGE_FILE);
      SIMPLE_TEXT_FILE =
          new File(TestUtils.class.getClassLoader().getResource("SimpleTextFile.txt").toURI());
      SIMPLE_TEXT_FILE_STRING = FileUtils.readFileToString(SIMPLE_TEXT_FILE, UTF_8);
    } catch (Exception e) {
      throw new ExceptionInInitializerError(e);
    }
  }

  public static synchronized int findFreePort() throws IOException {
    try (ServerSocket socket = new ServerSocket(0)) {
      return socket.getLocalPort();
    }
  }

  public static File createTempFile(int approxSize) throws IOException {
    long repeats = approxSize / TestUtils.PATTERN_BYTES.length + 1;
    File tmpFile = File.createTempFile("tmpfile-", ".data", TMP_DIR);
    tmpFile.deleteOnExit();
    try (FileOutputStream out = new FileOutputStream(tmpFile)) {
      for (int i = 0; i < repeats; i++) {
        out.write(PATTERN_BYTES);
      }

      long expectedFileSize = PATTERN_BYTES.length * repeats;
      assertEquals(tmpFile.length(), expectedFileSize, "Invalid file length");

      return tmpFile;
    }
  }

  public static Server newJettyHttpServer(int port) {
    Server server = new Server();
    addHttpConnector(server, port);
    return server;
  }

  public static void addHttpConnector(Server server, int port) {
    ServerConnector connector = new ServerConnector(server);
    connector.setPort(port);

    server.addConnector(connector);
  }

  public static Server newJettyHttpsServer(int port) throws URISyntaxException {
    Server server = new Server();
    addHttpsConnector(server, port);
    return server;
  }

  public static void addHttpsConnector(Server server, int port) throws URISyntaxException {
    ClassLoader cl = TestUtils.class.getClassLoader();

    URL keystoreUrl = cl.getResource("ssltest-keystore.jks");
    String keyStoreFile = new File(keystoreUrl.toURI()).getAbsolutePath();
    SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile);
    sslContextFactory.setKeyStorePassword("changeit");

    String trustStoreFile =
        new File(cl.getResource("ssltest-cacerts.jks").toURI()).getAbsolutePath();
    sslContextFactory.setTrustStorePath(trustStoreFile);
    sslContextFactory.setTrustStorePassword("changeit");

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.setSecureScheme("https");
    httpsConfig.setSecurePort(port);
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector connector =
        new ServerConnector(
            server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfig));
    connector.setPort(port);

    server.addConnector(connector);
  }

  public static void addBasicAuthHandler(Server server, Handler handler) {
    addAuthHandler(server, Constraint.__BASIC_AUTH, new BasicAuthenticator(), handler);
  }

  public static void addDigestAuthHandler(Server server, Handler handler) {
    addAuthHandler(server, Constraint.__DIGEST_AUTH, new DigestAuthenticator(), handler);
  }

  private static void addAuthHandler(
      Server server, String auth, LoginAuthenticator authenticator, Handler handler) {

    server.addBean(LOGIN_SERVICE);

    Constraint constraint = new Constraint();
    constraint.setName(auth);
    constraint.setRoles(new String[] {USER, ADMIN});
    constraint.setAuthenticate(true);

    ConstraintMapping mapping = new ConstraintMapping();
    mapping.setConstraint(constraint);
    mapping.setPathSpec("/*");

    Set<String> knownRoles = new HashSet<>();
    knownRoles.add(USER);
    knownRoles.add(ADMIN);

    List<ConstraintMapping> cm = new ArrayList<>();
    cm.add(mapping);

    ConstraintSecurityHandler security = new ConstraintSecurityHandler();
    security.setConstraintMappings(cm, knownRoles);
    security.setAuthenticator(authenticator);
    security.setLoginService(LOGIN_SERVICE);
    security.setHandler(handler);
    server.setHandler(security);
  }

  private static KeyManager[] createKeyManagers() throws GeneralSecurityException, IOException {
    InputStream keyStoreStream =
        Thread.currentThread().getContextClassLoader().getResourceAsStream("ssltest-cacerts.jks");
    char[] keyStorePassword = "******".toCharArray();
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(keyStoreStream, keyStorePassword);
    assert (ks.size() > 0);

    // Set up key manager factory to use our key store
    char[] certificatePassword = "******".toCharArray();
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, certificatePassword);

    // Initialize the SSLContext to work with our key managers.
    return kmf.getKeyManagers();
  }

  private static TrustManager[] createTrustManagers() throws GeneralSecurityException, IOException {
    InputStream keyStoreStream =
        Thread.currentThread().getContextClassLoader().getResourceAsStream("ssltest-keystore.jks");
    char[] keyStorePassword = "******".toCharArray();
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(keyStoreStream, keyStorePassword);
    assert (ks.size() > 0);

    TrustManagerFactory tmf =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    return tmf.getTrustManagers();
  }

  public static SSLContext createSSLContext(AtomicBoolean trust) {
    try {
      KeyManager[] keyManagers = createKeyManagers();
      TrustManager[] trustManagers =
          new TrustManager[] {
            dummyTrustManager(trust, (X509TrustManager) createTrustManagers()[0])
          };
      SecureRandom secureRandom = new SecureRandom();

      SSLContext sslContext = SSLContext.getInstance("TLS");
      sslContext.init(keyManagers, trustManagers, secureRandom);

      return sslContext;
    } catch (Exception e) {
      throw new Error("Failed to initialize the server-side SSLContext", e);
    }
  }

  public static class DummyTrustManager implements X509TrustManager {

    private final X509TrustManager tm;
    private final AtomicBoolean trust;

    public DummyTrustManager(final AtomicBoolean trust, final X509TrustManager tm) {
      this.trust = trust;
      this.tm = tm;
    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
      tm.checkClientTrusted(chain, authType);
    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
        throws CertificateException {
      if (!trust.get()) {
        throw new CertificateException("Server certificate not trusted.");
      }
      tm.checkServerTrusted(chain, authType);
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
      return tm.getAcceptedIssuers();
    }
  }

  private static TrustManager dummyTrustManager(
      final AtomicBoolean trust, final X509TrustManager tm) {
    return new DummyTrustManager(trust, tm);
  }

  public static File getClasspathFile(String file) throws FileNotFoundException {
    ClassLoader cl = null;
    try {
      cl = Thread.currentThread().getContextClassLoader();
    } catch (Throwable ex) {
    }
    if (cl == null) {
      cl = TestUtils.class.getClassLoader();
    }
    URL resourceUrl = cl.getResource(file);

    try {
      return new File(new URI(resourceUrl.toString()).getSchemeSpecificPart());
    } catch (URISyntaxException e) {
      throw new FileNotFoundException(file);
    }
  }
}
예제 #2
0
  /** A builder for {@link Realm} */
  public static class RealmBuilder {

    private static final ThreadLocal<MessageDigest> DIGEST_TL =
        new ThreadLocal<MessageDigest>() {
          @Override
          protected MessageDigest initialValue() {
            try {
              return MessageDigest.getInstance("MD5");
            } catch (NoSuchAlgorithmException e) {
              throw new RuntimeException(e);
            }
          }
        };

    private String principal;
    private String password;
    private AuthScheme scheme;
    private String realmName;
    private String nonce;
    private String algorithm;
    private String response;
    private String opaque;
    private String qop;
    private String nc = DEFAULT_NC;
    private String cnonce;
    private Uri uri;
    private String methodName = "GET";
    private boolean usePreemptive;
    private String ntlmDomain = System.getProperty("http.auth.ntlm.domain");
    private Charset charset = UTF_8;
    private String ntlmHost = "localhost";
    private boolean useAbsoluteURI = false;
    private boolean omitQuery;

    public RealmBuilder ntlmDomain(String ntlmDomain) {
      this.ntlmDomain = ntlmDomain;
      return this;
    }

    public RealmBuilder ntlmHost(String host) {
      this.ntlmHost = host;
      return this;
    }

    public RealmBuilder principal(String principal) {
      this.principal = principal;
      return this;
    }

    public RealmBuilder password(String password) {
      this.password = password;
      return this;
    }

    public RealmBuilder scheme(AuthScheme scheme) {
      this.scheme = scheme;
      return this;
    }

    public RealmBuilder realmName(String realmName) {
      this.realmName = realmName;
      return this;
    }

    public RealmBuilder nonce(String nonce) {
      this.nonce = nonce;
      return this;
    }

    public RealmBuilder algorithm(String algorithm) {
      this.algorithm = algorithm;
      return this;
    }

    public RealmBuilder response(String response) {
      this.response = response;
      return this;
    }

    public RealmBuilder opaque(String opaque) {
      this.opaque = opaque;
      return this;
    }

    public RealmBuilder qop(String qop) {
      if (isNonEmpty(qop)) {
        this.qop = qop;
      }
      return this;
    }

    public RealmBuilder nc(String nc) {
      this.nc = nc;
      return this;
    }

    public RealmBuilder uri(Uri uri) {
      this.uri = uri;
      return this;
    }

    public RealmBuilder methodName(String methodName) {
      this.methodName = methodName;
      return this;
    }

    public RealmBuilder usePreemptiveAuth(boolean usePreemptiveAuth) {
      this.usePreemptive = usePreemptiveAuth;
      return this;
    }

    public RealmBuilder useAbsoluteURI(boolean useAbsoluteURI) {
      this.useAbsoluteURI = useAbsoluteURI;
      return this;
    }

    public RealmBuilder omitQuery(boolean omitQuery) {
      this.omitQuery = omitQuery;
      return this;
    }

    public RealmBuilder charset(Charset charset) {
      this.charset = charset;
      return this;
    }

    private String parseRawQop(String rawQop) {
      String[] rawServerSupportedQops = rawQop.split(",");
      String[] serverSupportedQops = new String[rawServerSupportedQops.length];
      for (int i = 0; i < rawServerSupportedQops.length; i++) {
        serverSupportedQops[i] = rawServerSupportedQops[i].trim();
      }

      // prefer auth over auth-int
      for (String rawServerSupportedQop : serverSupportedQops) {
        if (rawServerSupportedQop.equals("auth")) return rawServerSupportedQop;
      }

      for (String rawServerSupportedQop : serverSupportedQops) {
        if (rawServerSupportedQop.equals("auth-int")) return rawServerSupportedQop;
      }

      return null;
    }

    public RealmBuilder parseWWWAuthenticateHeader(String headerLine) {
      realmName(match(headerLine, "realm")) //
          .nonce(match(headerLine, "nonce")) //
          .opaque(match(headerLine, "opaque")) //
          .scheme(isNonEmpty(nonce) ? AuthScheme.DIGEST : AuthScheme.BASIC);
      String algorithm = match(headerLine, "algorithm");
      if (isNonEmpty(algorithm)) {
        algorithm(algorithm);
      }

      // FIXME qop is different with proxy?
      String rawQop = match(headerLine, "qop");
      if (rawQop != null) {
        qop(parseRawQop(rawQop));
      }

      return this;
    }

    public RealmBuilder parseProxyAuthenticateHeader(String headerLine) {
      realmName(match(headerLine, "realm")) //
          .nonce(match(headerLine, "nonce")) //
          .opaque(match(headerLine, "opaque")) //
          .scheme(isNonEmpty(nonce) ? AuthScheme.DIGEST : AuthScheme.BASIC);
      String algorithm = match(headerLine, "algorithm");
      if (isNonEmpty(algorithm)) {
        algorithm(algorithm);
      }
      // FIXME qop is different with proxy?
      qop(match(headerLine, "qop"));

      return this;
    }

    private void newCnonce(MessageDigest md) {
      byte[] b = new byte[8];
      ThreadLocalRandom.current().nextBytes(b);
      b = md.digest(b);
      cnonce = toHexString(b);
    }

    /** TODO: A Pattern/Matcher may be better. */
    private String match(String headerLine, String token) {
      if (headerLine == null) {
        return null;
      }

      int match = headerLine.indexOf(token);
      if (match <= 0) return null;

      // = to skip
      match += token.length() + 1;
      int trailingComa = headerLine.indexOf(",", match);
      String value =
          headerLine.substring(match, trailingComa > 0 ? trailingComa : headerLine.length());
      value =
          value.length() > 0 && value.charAt(value.length() - 1) == '"'
              ? value.substring(0, value.length() - 1)
              : value;
      return value.charAt(0) == '"' ? value.substring(1) : value;
    }

    private byte[] md5FromRecycledStringBuilder(StringBuilder sb, MessageDigest md) {
      md.update(StringUtils.charSequence2ByteBuffer(sb, ISO_8859_1));
      sb.setLength(0);
      return md.digest();
    }

    private byte[] secretDigest(StringBuilder sb, MessageDigest md) {

      sb.append(principal).append(':').append(realmName).append(':').append(password);
      byte[] ha1 = md5FromRecycledStringBuilder(sb, md);

      if (algorithm == null || algorithm.equals("MD5")) {
        return ha1;
      } else if ("MD5-sess".equals(algorithm)) {
        appendBase16(sb, ha1);
        sb.append(':').append(nonce).append(':').append(cnonce);
        return md5FromRecycledStringBuilder(sb, md);
      }

      throw new UnsupportedOperationException("Digest algorithm not supported: " + algorithm);
    }

    private byte[] dataDigest(StringBuilder sb, String digestUri, MessageDigest md) {

      sb.append(methodName).append(':').append(digestUri);
      if ("auth-int".equals(qop)) {
        sb.append(':').append(EMPTY_ENTITY_MD5);

      } else if (qop != null && !qop.equals("auth")) {
        throw new UnsupportedOperationException("Digest qop not supported: " + qop);
      }

      return md5FromRecycledStringBuilder(sb, md);
    }

    private void appendDataBase(StringBuilder sb) {
      sb.append(':').append(nonce).append(':');
      if ("auth".equals(qop) || "auth-int".equals(qop)) {
        sb.append(nc).append(':').append(cnonce).append(':').append(qop).append(':');
      }
    }

    private void newResponse(MessageDigest md) {
      // BEWARE: compute first as it used the cached StringBuilder
      String digestUri = AuthenticatorUtils.computeRealmURI(uri, useAbsoluteURI, omitQuery);

      StringBuilder sb = StringUtils.stringBuilder();

      // WARNING: DON'T MOVE, BUFFER IS RECYCLED!!!!
      byte[] secretDigest = secretDigest(sb, md);
      byte[] dataDigest = dataDigest(sb, digestUri, md);

      appendBase16(sb, secretDigest);
      appendDataBase(sb);
      appendBase16(sb, dataDigest);

      byte[] responseDigest = md5FromRecycledStringBuilder(sb, md);
      response = toHexString(responseDigest);
    }

    private static String toHexString(byte[] data) {
      StringBuilder buffer = StringUtils.stringBuilder();
      for (int i = 0; i < data.length; i++) {
        buffer.append(Integer.toHexString((data[i] & 0xf0) >>> 4));
        buffer.append(Integer.toHexString(data[i] & 0x0f));
      }
      return buffer.toString();
    }

    private static void appendBase16(StringBuilder buf, byte[] bytes) {
      int base = 16;
      for (byte b : bytes) {
        int bi = 0xff & b;
        int c = '0' + (bi / base) % base;
        if (c > '9') c = 'a' + (c - '0' - 10);
        buf.append((char) c);
        c = '0' + bi % base;
        if (c > '9') c = 'a' + (c - '0' - 10);
        buf.append((char) c);
      }
    }

    /**
     * Build a {@link Realm}
     *
     * @return a {@link Realm}
     */
    public Realm build() {

      // Avoid generating
      if (isNonEmpty(nonce)) {
        MessageDigest md = DIGEST_TL.get();
        newCnonce(md);
        newResponse(md);
      }

      return new Realm(
          scheme,
          principal,
          password,
          realmName,
          nonce,
          algorithm,
          response,
          qop,
          nc,
          cnonce,
          uri,
          methodName,
          usePreemptive,
          ntlmDomain,
          charset,
          ntlmHost,
          opaque,
          useAbsoluteURI,
          omitQuery);
    }
  }