Package org.jasig.cas.adaptors.x509.authentication.principal

Examples of org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSNAndIssuerDNPrincipalResolverTests


        idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator());


        final AuthenticationManagerImpl authenticationManager = new AuthenticationManagerImpl();

        final X509CredentialsAuthenticationHandler a = new X509CredentialsAuthenticationHandler();
        a.setTrustedIssuerDnPattern("CN=\\w+,DC=jasig,DC=org");
       
        authenticationManager.setAuthenticationHandlers(Arrays.asList(new AuthenticationHandler[] {a}));
        authenticationManager.setCredentialsToPrincipalResolvers(Arrays.asList(new CredentialsToPrincipalResolver[] {new X509CertificateCredentialsToSerialNumberPrincipalResolver()}));
       
        centralAuthenticationService.setTicketGrantingTicketUniqueTicketIdGenerator(new DefaultUniqueTicketIdGenerator());
View Full Code Here


    @Parameters
    public static Collection<Object[]> getTestParameters() throws Exception
    {
      final Collection<Object[]> params = new ArrayList<Object[]>();
     
      X509CredentialsAuthenticationHandler handler;
     
      // Test case #1
      // Unsupported credentials type
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new UsernamePasswordCredentials(),
          false,
          false,
      });
     
      // Test case #2
      // Valid certificate
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          true,
      });
     
      // Test case #3
      // Expired certificate
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-expired.crt")),
          true,
          false,
      });
     
      // Test case #4
      // Untrusted issuer
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("snake-oil.crt")),
          true,
          false,
      });
     
      // Test case #5
      // Disallowed subject
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setSubjectDnPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("snake-oil.crt")),
          true,
          false,
      });
     
      // Test case #6
      // Check key usage on a cert without keyUsage extension
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          true,
      });
     
      // Test case #7
      // Require key usage on a cert without keyUsage extension
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      handler.setRequireKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          false,
      });
     
      // Test case #8
      // Require key usage on a cert with acceptable keyUsage extension values
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      handler.setRequireKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid-keyUsage.crt")),
          true,
          true,
      });
     
      // Test case #9
      // Require key usage on a cert with unacceptable keyUsage extension values
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      handler.setRequireKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-invalid-keyUsage.crt")),
          true,
          false,
      });
     
      //===================================
      // Revocation tests
      //===================================
      ResourceCRLRevocationChecker checker;

      // Test case #10
      // Valid certificate with CRL checking
      handler = new X509CredentialsAuthenticationHandler();
      checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
      checker.afterPropertiesSet();
      handler.setRevocationChecker(checker);
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          true,
      });

      // Test case #11
      // Revoked end user certificate
      handler = new X509CredentialsAuthenticationHandler();
      checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
      checker.afterPropertiesSet();
      handler.setRevocationChecker(checker);
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-revoked.crt")),
          true,
          false,
      });
     
      // Test case #12
      // Valid certificate on expired CRL data
      final ThresholdExpiredCRLRevocationPolicy zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy();
      zeroThresholdPolicy.setThreshold(0);
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"));
      checker.setExpiredCRLPolicy(zeroThresholdPolicy);
      checker.afterPropertiesSet();
      handler.setRevocationChecker(checker);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          false,
View Full Code Here

   }

   protected final boolean doAuthentication(final Credentials credentials)
       throws AuthenticationException {

       final X509CertificateCredentials x509Credentials = (X509CertificateCredentials) credentials;
       final X509Certificate[] certificates = x509Credentials.getCertificates();

       X509Certificate clientCert = null;
       boolean valid = true;
       boolean hasTrustedIssuer = false;
       for (int i = certificates.length - 1; i >= 0; i--) {
           final X509Certificate certificate = certificates[i];
           try {
               if (this.log.isDebugEnabled()) {
                   this.log.debug("Evaluating " + CertUtils.toString(certificate));
               }
              
               validate(certificate);
              
               if (!hasTrustedIssuer) {
                   hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate);
               }
              
               // getBasicConstraints returns pathLenContraint which is
               // >=0 when this is a CA cert and -1 when it's not
               int pathLength = certificate.getBasicConstraints();
               if (pathLength < 0) {
                   this.log.debug("Found valid client certificate");
                   clientCert = certificate;
               } else {
                   this.log.debug("Found valid CA certificate");
               }
           } catch (final GeneralSecurityException e) {
               this.log.warn("Failed to validate " + CertUtils.toString(certificate), e);
               valid = false;
           }
       }
       if (valid && hasTrustedIssuer && clientCert != null) {
         x509Credentials.setCertificate(clientCert);
         this.log.info("Successfully authenticated " + credentials);
         return true;
       }
       this.log.info("Failed to authenticate " + credentials);
       return false;
View Full Code Here

      // Valid certificate
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          true,
      });
     
      // Test case #3
      // Expired certificate
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-expired.crt")),
          true,
          false,
      });
     
      // Test case #4
      // Untrusted issuer
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("snake-oil.crt")),
          true,
          false,
      });
     
      // Test case #5
      // Disallowed subject
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setSubjectDnPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("snake-oil.crt")),
          true,
          false,
      });
     
      // Test case #6
      // Check key usage on a cert without keyUsage extension
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          true,
      });
     
      // Test case #7
      // Require key usage on a cert without keyUsage extension
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      handler.setRequireKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          false,
      });
     
      // Test case #8
      // Require key usage on a cert with acceptable keyUsage extension values
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      handler.setRequireKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid-keyUsage.crt")),
          true,
          true,
      });
     
      // Test case #9
      // Require key usage on a cert with unacceptable keyUsage extension values
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      handler.setCheckKeyUsage(true);
      handler.setRequireKeyUsage(true);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-invalid-keyUsage.crt")),
          true,
          false,
      });
     
      //===================================
      // Revocation tests
      //===================================
      ResourceCRLRevocationChecker checker;

      // Test case #10
      // Valid certificate with CRL checking
      handler = new X509CredentialsAuthenticationHandler();
      checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
      checker.afterPropertiesSet();
      handler.setRevocationChecker(checker);
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          true,
      });

      // Test case #11
      // Revoked end user certificate
      handler = new X509CredentialsAuthenticationHandler();
      checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
      checker.afterPropertiesSet();
      handler.setRevocationChecker(checker);
      handler.setTrustedIssuerDnPattern(".*");
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-revoked.crt")),
          true,
          false,
      });
     
      // Test case #12
      // Valid certificate on expired CRL data
      final ThresholdExpiredCRLRevocationPolicy zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy();
      zeroThresholdPolicy.setThreshold(0);
      handler = new X509CredentialsAuthenticationHandler();
      handler.setTrustedIssuerDnPattern(".*");
      checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"));
      checker.setExpiredCRLPolicy(zeroThresholdPolicy);
      checker.afterPropertiesSet();
      handler.setRevocationChecker(checker);
      params.add(new Object[] {
          handler,
          new X509CertificateCredentials(createCertificates("user-valid.crt")),
          true,
          false,
      });
     
      return params;
View Full Code Here

        c.setCertificate(VALID_CERTIFICATE);       
        assertEquals(VALID_CERTIFICATE.getSubjectDN().getName(), this.resolver.resolvePrincipal(c).getId());
    }
   
    public void testSupport() {
        final X509CertificateCredentials c = new X509CertificateCredentials(new X509Certificate[] {VALID_CERTIFICATE});
        assertTrue(this.resolver.supports(c));
    }
View Full Code Here

    extends AbstractX509CertificateTests {
   
    private X509CertificateCredentialsToSerialNumberAndIssuerDNPrincipalResolver resolver = new X509CertificateCredentialsToSerialNumberAndIssuerDNPrincipalResolver();
   
    public void testResolvePrincipalInternal() {
        final X509CertificateCredentials c = new X509CertificateCredentials(new X509Certificate[] {VALID_CERTIFICATE});
        c.setCertificate(VALID_CERTIFICATE);
       
       
        final String value = "SERIALNUMBER=" + VALID_CERTIFICATE.getSerialNumber().toString() + ", " + VALID_CERTIFICATE.getIssuerDN().getName();
       
        assertEquals(value, this.resolver.resolvePrincipal(c).getId());
View Full Code Here

       
        assertEquals(value, this.resolver.resolvePrincipal(c).getId());
    }
   
    public void testSupport() {
        final X509CertificateCredentials c = new X509CertificateCredentials(new X509Certificate[] {VALID_CERTIFICATE});
        assertTrue(this.resolver.supports(c));
    }
View Full Code Here

        }

        if (logger.isDebugEnabled()) {
            logger.debug("Certificate found in request.");
        }
        return new X509CertificateCredentials(certificates);
    }
View Full Code Here

    extends AbstractX509CertificateTests {

    private X509CertificateCredentialsToSerialNumberPrincipalResolver resolver = new X509CertificateCredentialsToSerialNumberPrincipalResolver();
   
    public void testResolvePrincipalInternal() {
        final X509CertificateCredentials c = new X509CertificateCredentials(new X509Certificate[] {VALID_CERTIFICATE});
        c.setCertificate(VALID_CERTIFICATE);
       
        assertEquals(VALID_CERTIFICATE.getSerialNumber().toString(), this.resolver.resolvePrincipal(c).getId());
    }
View Full Code Here

       
        assertEquals(VALID_CERTIFICATE.getSerialNumber().toString(), this.resolver.resolvePrincipal(c).getId());
    }

    public void testSupport() {
        final X509CertificateCredentials c = new X509CertificateCredentials(new X509Certificate[] {VALID_CERTIFICATE});
        assertTrue(this.resolver.supports(c));
    }
View Full Code Here

TOP

Related Classes of org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentialsToSNAndIssuerDNPrincipalResolverTests

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.