QPID-4042 : [Java Broker] Add SSL Client Auth support

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1346817 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 131 insertions, 15 deletions

diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java
index eecde964a3..9dcd22c088 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/AnonymousAuthenticationManagerTest.java
@@ -79,13 +79,13 @@ public class AnonymousAuthenticationManagerTest extends InternalBrokerBaseCase
 
     public void testCreateSaslServer() throws Exception
     {
-        SaslServer server = _manager.createSaslServer("ANONYMOUS", "example.example.com");
+        SaslServer server = _manager.createSaslServer("ANONYMOUS", "example.example.com", null);
 
         assertEquals("Sasl Server mechanism name is not as expected", "ANONYMOUS", server.getMechanismName());
 
         try
         {
-            server = _manager.createSaslServer("PLAIN", "example.example.com");
+            server = _manager.createSaslServer("PLAIN", "example.example.com", null);
             fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
         }
         catch (SaslException e)
@@ -96,7 +96,7 @@ public class AnonymousAuthenticationManagerTest extends InternalBrokerBaseCase
 
     public void testAuthenticate() throws Exception
     {
-        SaslServer saslServer = _manager.createSaslServer("ANONYMOUS", "example.example.com");
+        SaslServer saslServer = _manager.createSaslServer("ANONYMOUS", "example.example.com", null);
         AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
         assertNotNull(result);
         assertEquals("Expected authentication to be successful",
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
new file mode 100644
index 0000000000..c1a55ef2ad
--- /dev/null
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationManagerTest.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.qpid.server.security.auth.manager;
+
+import javax.security.auth.x500.X500Principal;
+import javax.security.sasl.SaslException;
+import javax.security.sasl.SaslServer;
+import org.apache.commons.configuration.CompositeConfiguration;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
+import org.apache.qpid.server.security.auth.AuthenticationResult;
+import org.apache.qpid.server.security.auth.database.PlainPasswordFilePrincipalDatabase;
+import org.apache.qpid.server.util.InternalBrokerBaseCase;
+
+public class ExternalAuthenticationManagerTest extends InternalBrokerBaseCase
+{
+
+    private AuthenticationManager _manager = null;
+
+    public void setUp() throws Exception
+    {
+        _manager = ExternalAuthenticationManager.INSTANCE;
+    }
+
+
+    public void tearDown() throws Exception
+    {
+        if(_manager != null)
+        {
+            _manager = null;
+        }
+    }
+
+    private ConfigurationPlugin getPlainDatabaseConfig() throws ConfigurationException
+    {
+        final ConfigurationPlugin config = new PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration();
+
+        XMLConfiguration xmlconfig = new XMLConfiguration();
+        xmlconfig.addProperty("pd-auth-manager.principal-database.class", PlainPasswordFilePrincipalDatabase.class.getName());
+
+        // Create a CompositeConfiguration as this is what the broker uses
+        CompositeConfiguration composite = new CompositeConfiguration();
+        composite.addConfiguration(xmlconfig);
+        config.setConfiguration("security", xmlconfig);
+        return config;
+    }
+
+
+    public void testConfiguration() throws Exception
+    {
+        AuthenticationManager authenticationManager =
+                ExternalAuthenticationManager.FACTORY.newInstance(getPlainDatabaseConfig());
+
+        assertNull("ExternalAuthenticationManager unexpectedly created when not in config", authenticationManager);
+    }
+
+    public void testGetMechanisms() throws Exception
+    {
+        assertEquals("EXTERNAL", _manager.getMechanisms());
+    }
+
+    public void testCreateSaslServer() throws Exception
+    {
+        SaslServer server = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
+
+        assertEquals("Sasl Server mechanism name is not as expected", "EXTERNAL", server.getMechanismName());
+
+        try
+        {
+            server = _manager.createSaslServer("PLAIN", "example.example.com", null);
+            fail("Expected creating SaslServer with incorrect mechanism to throw an exception");
+        }
+        catch (SaslException e)
+        {
+            // pass
+        }
+    }
+
+    public void testAuthenticate() throws Exception
+    {
+        X500Principal principal = new X500Principal("CN=person, DC=example, DC=com");
+        SaslServer saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", principal);
+
+        AuthenticationResult result = _manager.authenticate(saslServer, new byte[0]);
+        assertNotNull(result);
+        assertEquals("Expected authentication to be successful",
+                     AuthenticationResult.AuthenticationStatus.SUCCESS,
+                     result.getStatus());
+        assertEquals("Expected principal to be unchanged",
+                             principal,
+                             result.getSubject().getPrincipals().iterator().next());
+
+        saslServer = _manager.createSaslServer("EXTERNAL", "example.example.com", null);
+        result = _manager.authenticate(saslServer, new byte[0]);
+        assertNotNull(result);
+                assertEquals("Expected authentication to be unsuccessful",
+                             AuthenticationResult.AuthenticationStatus.ERROR,
+                             result.getStatus());
+
+    }
+
+
+}
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
index 1a42fe3886..47c189e4fa 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManagerTest.java
@@ -167,7 +167,7 @@ public class PrincipalDatabaseAuthenticationManagerTest extends InternalBrokerBa
      */
     public void testSaslMechanismCreation() throws Exception
     {
-        SaslServer server = _manager.createSaslServer("CRAM-MD5", "localhost");
+        SaslServer server = _manager.createSaslServer("CRAM-MD5", "localhost", null);
         assertNotNull(server);
         // Merely tests the creation of the mechanism. Mechanisms themselves are tested
         // by their own tests.
diff --git a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java
index df3bbb3e8b..f6675e917e 100644
--- a/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java
+++ b/qpid/java/broker/src/test/java/org/apache/qpid/server/security/auth/rmi/RMIPasswordAuthenticatorTest.java
@@ -20,6 +20,7 @@
  */
 package org.apache.qpid.server.security.auth.rmi;
 
+import java.security.Principal;
 import junit.framework.TestCase;
 
 import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
@@ -29,7 +30,6 @@ import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
 
 import javax.management.remote.JMXPrincipal;
 import javax.security.auth.Subject;
-import javax.security.auth.callback.CallbackHandler;
 import javax.security.sasl.SaslException;
 import javax.security.sasl.SaslServer;
 import java.util.Collections;
@@ -71,14 +71,14 @@ public class RMIPasswordAuthenticatorTest extends TestCase
                 newSubject.equals(expectedSubject));
 
     }
-    
+
     /**
      * Tests a unsuccessful authentication.
      */
     public void testUsernameOrPasswordInvalid()
     {
         _rmipa.setAuthenticationManager(createTestAuthenticationManager(false, null));
-        
+
         try
         {
             _rmipa.authenticate(_credentials);
@@ -166,7 +166,7 @@ public class RMIPasswordAuthenticatorTest extends TestCase
             assertEquals("Unexpected exception message",
                     RMIPasswordAuthenticator.SHOULD_HAVE_2_ELEMENTS, se.getMessage());
         }
-        
+
         // Test handling of null credentials
         try
         {
@@ -180,7 +180,7 @@ public class RMIPasswordAuthenticatorTest extends TestCase
             assertEquals("Unexpected exception message",
                     RMIPasswordAuthenticator.CREDENTIALS_REQUIRED, se.getMessage());
         }
-        
+
         try
         {
             //send a null password
@@ -193,7 +193,7 @@ public class RMIPasswordAuthenticatorTest extends TestCase
             assertEquals("Unexpected exception message",
                     RMIPasswordAuthenticator.SHOULD_BE_NON_NULL, se.getMessage());
         }
-        
+
         try
         {
             //send a null username
@@ -232,7 +232,7 @@ public class RMIPasswordAuthenticatorTest extends TestCase
                 throw new UnsupportedOperationException();
             }
 
-            public SaslServer createSaslServer(String mechanism, String localFQDN) throws SaslException
+            public SaslServer createSaslServer(String mechanism, String localFQDN, Principal externalPrincipal) throws SaslException
             {
                 throw new UnsupportedOperationException();
             }
@@ -257,10 +257,6 @@ public class RMIPasswordAuthenticatorTest extends TestCase
                 }
             }
 
-            public CallbackHandler getHandler(String mechanism)
-            {
-                return null;
-            }
         };
     }
 }