@Test
public void test_create_new_application() throws IOException {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.CERTIFICATE)
.name("app1")
.certificate(getCertificate())
.enabled(true)
.build();
subjectCredentialsService.save(subjectCredentials);
List<SubjectCredentials> list =
newArrayList(
subjectCredentialsService.getSubjectCredentials(
SubjectCredentials.AuthenticationType.CERTIFICATE));
assertThat(list).hasSize(1);
assertSubjectEquals(subjectCredentials, list.get(0));
SubjectCredentials found =
subjectCredentialsService.getSubjectCredentials(subjectCredentials.getName());
assertSubjectEquals(subjectCredentials, found);
OpalKeyStore keyStore = credentialsKeyStoreService.getKeyStore();
assertThat(keyStore.aliasExists(subjectCredentials.getCertificateAlias())).isTrue();
assertThat(keyStore.getKeyType(subjectCredentials.getCertificateAlias()))
.isEqualTo(OpalKeyStore.KeyType.CERTIFICATE);
}
@Test
public void test_remove_groups_from_user() {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.PASSWORD)
.name("user1")
.password("password")
.groups(Sets.newHashSet("group1", "group2"))
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentials.removeGroup("group1");
subjectCredentialsService.save(subjectCredentials);
SubjectCredentials found =
subjectCredentialsService.getSubjectCredentials(subjectCredentials.getName());
assertSubjectEquals(subjectCredentials, found);
assertThat(subjectCredentialsService.getGroups()).hasSize(2);
Group group1 = subjectCredentialsService.getGroup("group1");
assertThat(group1).isNotNull();
assertThat(group1.getSubjectCredentials()).isEmpty();
Group group2 = subjectCredentialsService.getGroup("group2");
assertThat(group2).isNotNull();
assertThat(group2.getSubjectCredentials()).hasSize(1);
assertThat(group2.getSubjectCredentials()).contains(subjectCredentials.getName());
}
@Test
public void test_update_user() {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.PASSWORD)
.name("user1")
.password("password")
.enabled(true)
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentials.setPassword("new password");
subjectCredentialsService.save(subjectCredentials);
List<SubjectCredentials> list =
newArrayList(
subjectCredentialsService.getSubjectCredentials(
SubjectCredentials.AuthenticationType.PASSWORD));
assertThat(list).hasSize(1);
assertSubjectEquals(subjectCredentials, list.get(0));
SubjectCredentials found =
subjectCredentialsService.getSubjectCredentials(subjectCredentials.getName());
assertSubjectEquals(subjectCredentials, found);
Asserts.assertUpdatedTimestamps(subjectCredentials, found);
}
@Test(expected = PasswordNotChangedException.class)
public void test_change_password_with_password_unchanged() {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.PASSWORD)
.name("user1")
.password(subjectCredentialsService.hashPassword("password"))
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentialsService.changePassword("user1", "password", "password");
}
@Test
public void test_delete_user() {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.PASSWORD)
.name("user1")
.password("password")
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentialsService.delete(subjectCredentials);
assertThat(
subjectCredentialsService.getSubjectCredentials(
SubjectCredentials.AuthenticationType.PASSWORD))
.isEmpty();
}
@Test
public void test_change_password_with_password_changed() {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.PASSWORD)
.name("user1")
.password(subjectCredentialsService.hashPassword("password"))
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentialsService.changePassword("user1", "password", "password1");
SubjectCredentials subjectCredentials1 =
subjectCredentialsService.getSubjectCredentials("user1");
assertThat(
subjectCredentials1
.getPassword()
.equals(subjectCredentialsService.hashPassword("password1")))
.isTrue();
}
@Test
public void test_delete_application() throws IOException {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.CERTIFICATE)
.name("app1")
.certificate(getCertificate())
.enabled(true)
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentialsService.delete(subjectCredentials);
assertThat(
subjectCredentialsService.getSubjectCredentials(
SubjectCredentials.AuthenticationType.CERTIFICATE))
.isEmpty();
OpalKeyStore keyStore = credentialsKeyStoreService.getKeyStore();
assertThat(keyStore.aliasExists(subjectCredentials.getName())).isFalse();
}
@Test
public void test_delete_user_with_groups() {
SubjectCredentials subjectCredentials =
SubjectCredentials.Builder.create()
.authenticationType(SubjectCredentials.AuthenticationType.PASSWORD)
.name("user1")
.password("password")
.groups(Sets.newHashSet("group1", "group2"))
.build();
subjectCredentialsService.save(subjectCredentials);
subjectCredentialsService.delete(subjectCredentials);
assertThat(
subjectCredentialsService.getSubjectCredentials(
SubjectCredentials.AuthenticationType.PASSWORD))
.isEmpty();
Group group1 = subjectCredentialsService.getGroup("group1");
assertThat(group1.getSubjectCredentials()).isEmpty();
Group group2 = subjectCredentialsService.getGroup("group2");
assertThat(group2.getSubjectCredentials()).isEmpty();
}
