cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r831307 - in /cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https: CertConstraintsTest.java resources/Bethal.jks resources/Gordy.jks resources/cert-constraints.xml
Date Fri, 30 Oct 2009 14:24:38 GMT
Author: dkulp
Date: Fri Oct 30 14:24:37 2009
New Revision: 831307

URL: http://svn.apache.org/viewvc?rev=831307&view=rev
Log:
[CXF-2507] Patch from Colm applied to add unit tests to cert contraints

Added:
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java
  (with props)
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Bethal.jks
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Gordy.jks
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
  (with props)

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java?rev=831307&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java
(added)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java
Fri Oct 30 14:24:37 2009
@@ -0,0 +1,185 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+package org.apache.cxf.transport.https;
+
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.helpers.DOMUtils;
+
+public class CertConstraintsTest extends org.junit.Assert {
+
+    @org.junit.Test
+    public void
+    testCertConstraints() throws Exception {
+        final X509Certificate bethalCert = 
+            loadCertificate("Bethal.jks", "JKS", "password", "bethal");
+        final X509Certificate gordyCert = 
+            loadCertificate("Gordy.jks", "JKS", "password", "gordy");
+        
+        CertConstraints tmp = null;
+        //
+        // bethal matches but gordy doesn't
+        //
+        tmp = loadCertConstraints("subject-CN-bethal");
+        assertTrue(tmp.matches(bethalCert) && !tmp.matches(gordyCert));
+        //
+        // gordy matches but bethal doesn't
+        //
+        tmp = loadCertConstraints("subject-CN-gordy");
+        assertTrue(!tmp.matches(bethalCert) && tmp.matches(gordyCert));
+        
+        //
+        // both are under the ApacheTest organization
+        //
+        tmp = loadCertConstraints("subject-O-apache");
+        assertTrue(tmp.matches(bethalCert) && tmp.matches(gordyCert));
+        
+        //
+        // only bethal is both CN=Bethal and O=ApacheTest
+        //
+        tmp = loadCertConstraints("subject-CN-bethal-O-apache");
+        assertTrue(tmp.matches(bethalCert) && !tmp.matches(gordyCert));
+        
+        //
+        // neither are O=BadApacheTest
+        //
+        tmp = loadCertConstraints("subject-CN-bethal-O-badapache");
+        assertTrue(!tmp.matches(bethalCert) && !tmp.matches(gordyCert));
+        
+        //
+        // both satisfy either CN=Bethal or O=ApacheTest
+        //
+        tmp = loadCertConstraints("subject-CN-bethal-O-apache-ANY");
+        assertTrue(tmp.matches(bethalCert) && tmp.matches(gordyCert));
+        
+        //
+        // only Bethal has "Bethal" as an issuer
+        //
+        tmp = loadCertConstraints("issuer-CN-bethal-O-apache");
+        assertTrue(tmp.matches(bethalCert) && !tmp.matches(gordyCert));
+    }
+
+    //
+    // Private utilities
+    //
+    
+    private static CertConstraints
+    loadCertConstraints(
+        final String id
+    ) throws Exception {
+        CertificateConstraintsType certsConstraintsType = 
+            loadCertificateConstraintsType(id);
+        return CertConstraintsJaxBUtils.createCertConstraints(certsConstraintsType);
+    }
+    
+    private static CertificateConstraintsType
+    loadCertificateConstraintsType(
+        final String id
+    ) throws Exception {
+        return loadGeneratedType(
+            CertificateConstraintsType.class, 
+            "certConstraints", 
+            "resources/cert-constraints.xml", 
+            id
+        );
+    }
+    
+    private static X509Certificate
+    loadCertificate(
+        final String keystoreFilename,
+        final String keystoreType,
+        final String keystorePassword,
+        final String id
+    ) throws Exception {
+        final KeyStore store = KeyStore.getInstance(keystoreType);
+        FileInputStream fis = new FileInputStream(
+                "src/test/java/org/apache/cxf/transport/https/resources/" + keystoreFilename);
+        DataInputStream dis = new DataInputStream(fis);
+        byte[] bytes = new byte[dis.available()];
+        dis.readFully(bytes);
+        ByteArrayInputStream bin = new ByteArrayInputStream(bytes);
+        store.load(bin, keystorePassword.toCharArray());
+        for (java.util.Enumeration<String> aliases = store.aliases(); aliases.hasMoreElements();)
{
+            final String alias = aliases.nextElement();
+            if (id.equals(alias)) {
+                return (X509Certificate) store.getCertificate(alias);
+            }
+        }
+        assert false;
+        throw new RuntimeException("error in test -- keystore " + id + " has no trusted certs");
+    }
+    
+    private static <T> T
+    loadGeneratedType(
+        final Class<T> cls,
+        final String elementName,
+        final String name,
+        final String id
+    ) throws Exception {
+        final org.w3c.dom.Document doc = loadDocument(name);
+        final org.w3c.dom.Element testData = doc.getDocumentElement();
+        final org.w3c.dom.NodeList data = testData.getElementsByTagName("datum");
+        for (int i = 0;  i < data.getLength();  ++i) {
+            final org.w3c.dom.Element datum = (org.w3c.dom.Element) data.item(i);
+            if (datum.getAttribute("id").equals(id)) {
+                final org.w3c.dom.NodeList elts = datum.getElementsByTagNameNS(
+                    "http://cxf.apache.org/configuration/security", elementName
+                );
+                assert elts.getLength() == 1;
+                return unmarshal(cls, (org.w3c.dom.Element) elts.item(0));
+            }
+        }
+        throw new Exception("Bad test!  No test data with id " + id);
+    }
+    
+    
+    private static org.w3c.dom.Document
+    loadDocument(
+        final String name
+    ) throws Exception {
+        final java.io.InputStream inStream = 
+            CertConstraintsTest.class.getResourceAsStream(name);
+        return DOMUtils.readXml(inStream);
+    }
+
+    private static <T> T
+    unmarshal(
+        final Class<T> cls,
+        final org.w3c.dom.Element elt
+    ) throws JAXBException {
+        final JAXBContext ctx = JAXBContext.newInstance(cls.getPackage().getName());
+        final Unmarshaller unmarshaller = ctx.createUnmarshaller();
+        final JAXBElement<T> jaxbElement = 
+            unmarshaller.unmarshal(elt, cls);
+        return jaxbElement.getValue();
+    }
+    
+}

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/CertConstraintsTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Bethal.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Bethal.jks?rev=831307&view=auto
==============================================================================
Files cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Bethal.jks
(added) and cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Bethal.jks
Fri Oct 30 14:24:37 2009 differ

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Gordy.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Gordy.jks?rev=831307&view=auto
==============================================================================
Files cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Gordy.jks
(added) and cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/Gordy.jks
Fri Oct 30 14:24:37 2009 differ

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml?rev=831307&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
(added)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
Fri Oct 30 14:24:37 2009
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<test-data xmlns:sec="http://cxf.apache.org/configuration/security">
+    <datum id="subject-CN-bethal">
+        <sec:certConstraints>
+	        <sec:SubjectDNConstraints>
+	            <sec:RegularExpression>.*CN=Bethal.*</sec:RegularExpression>
+	        </sec:SubjectDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    <datum id="subject-CN-gordy">
+        <sec:certConstraints>
+	        <sec:SubjectDNConstraints>
+	            <sec:RegularExpression>.*CN=Gordy.*</sec:RegularExpression>
+	        </sec:SubjectDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    <datum id="subject-O-apache">
+        <sec:certConstraints>
+            <sec:SubjectDNConstraints>
+                <sec:RegularExpression>.*O=ApacheTest.*</sec:RegularExpression>
+            </sec:SubjectDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    <datum id="subject-CN-bethal-O-apache">
+        <sec:certConstraints>
+            <sec:SubjectDNConstraints>
+                <sec:RegularExpression>.*CN=Bethal.*</sec:RegularExpression>
+                <sec:RegularExpression>.*O=ApacheTest.*</sec:RegularExpression>
+            </sec:SubjectDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    <datum id="subject-CN-bethal-O-badapache">
+        <sec:certConstraints>
+            <sec:SubjectDNConstraints>
+                <sec:RegularExpression>.*CN=Bethal.*</sec:RegularExpression>
+                <sec:RegularExpression>.*O=BadApacheTest.*</sec:RegularExpression>
+            </sec:SubjectDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    <datum id="subject-CN-bethal-O-apache-ANY">
+        <sec:certConstraints>
+            <sec:SubjectDNConstraints combinator="ANY">
+                <sec:RegularExpression>.*CN=Bethal.*</sec:RegularExpression>
+                <sec:RegularExpression>.*O=ApacheTest.*</sec:RegularExpression>
+            </sec:SubjectDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    <datum id="issuer-CN-bethal-O-apache">
+        <sec:certConstraints>
+            <sec:IssuerDNConstraints>
+                <sec:RegularExpression>.*CN=Bethal.*</sec:RegularExpression>
+                <sec:RegularExpression>.*O=ApacheTest.*</sec:RegularExpression>
+            </sec:IssuerDNConstraints>
+        </sec:certConstraints>
+    </datum>
+    
+</test-data>

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/cert-constraints.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message