1   /* Copyright 2004, 2005 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.x509.populator;
17  
18  import java.security.cert.X509Certificate;
19  
20  import junit.framework.TestCase;
21  
22  import org.acegisecurity.BadCredentialsException;
23  import org.acegisecurity.GrantedAuthority;
24  import org.acegisecurity.GrantedAuthorityImpl;
25  import org.acegisecurity.providers.x509.X509TestUtils;
26  import org.acegisecurity.userdetails.User;
27  import org.acegisecurity.userdetails.UserDetails;
28  import org.acegisecurity.userdetails.UserDetailsService;
29  import org.acegisecurity.userdetails.UsernameNotFoundException;
30  import org.springframework.dao.DataAccessException;
31  
32  
33  /***
34   * DOCUMENT ME!
35   *
36   * @author Luke Taylor
37   */
38  public class DaoX509AuthoritiesPopulatorTests extends TestCase {
39      //~ Constructors ===========================================================
40  
41      public DaoX509AuthoritiesPopulatorTests() {
42          super();
43      }
44  
45      public DaoX509AuthoritiesPopulatorTests(String arg0) {
46          super(arg0);
47      }
48  
49      //~ Methods ================================================================
50  
51      public final void setUp() throws Exception {
52          super.setUp();
53      }
54  
55      public void testDefaultCNPatternMatch() throws Exception {
56          X509Certificate cert = X509TestUtils.buildTestCertificate();
57          DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator();
58  
59          populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail());
60          populator.afterPropertiesSet();
61          populator.getUserDetails(cert);
62      }
63  
64      public void testEmailPatternMatch() throws Exception {
65          X509Certificate cert = X509TestUtils.buildTestCertificate();
66          DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator();
67  
68          populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail());
69          populator.setSubjectDNRegex("emailAddress=(.*?),");
70          populator.afterPropertiesSet();
71          populator.getUserDetails(cert);
72      }
73  
74      public void testInvalidRegexFails() throws Exception {
75          DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator();
76          populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail());
77          populator.setSubjectDNRegex("CN=(.*?,"); // missing closing bracket on group
78  
79          try {
80              populator.afterPropertiesSet();
81              fail("Should have thrown IllegalArgumentException");
82          } catch (IllegalArgumentException failed) {
83              // ignored
84          }
85      }
86  
87      public void testMatchOnShoeSizeFieldInDNFails() throws Exception {
88          X509Certificate cert = X509TestUtils.buildTestCertificate();
89          DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator();
90  
91          populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail());
92          populator.setSubjectDNRegex("shoeSize=(.*?),");
93          populator.afterPropertiesSet();
94  
95          try {
96              populator.getUserDetails(cert);
97              fail("Should have thrown BadCredentialsException.");
98          } catch (BadCredentialsException failed) {
99              // ignored
100         }
101     }
102 
103     public void testPatternWithNoGroupFails() throws Exception {
104         X509Certificate cert = X509TestUtils.buildTestCertificate();
105         DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator();
106 
107         populator.setUserDetailsService(new MockAuthenticationDaoMatchesNameOrEmail());
108         populator.setSubjectDNRegex("CN=.*?,");
109         populator.afterPropertiesSet();
110 
111         try {
112             populator.getUserDetails(cert);
113             fail(
114                 "Should have thrown IllegalArgumentException for regexp without group");
115         } catch (IllegalArgumentException e) {
116             // ignored
117         }
118     }
119 
120     public void testRequiresDao() throws Exception {
121         DaoX509AuthoritiesPopulator populator = new DaoX509AuthoritiesPopulator();
122 
123         try {
124             populator.afterPropertiesSet();
125             fail("Should have thrown IllegalArgumentException");
126         } catch (IllegalArgumentException failed) {
127             // ignored
128         }
129     }
130 
131     //~ Inner Classes ==========================================================
132 
133     private class MockAuthenticationDaoMatchesNameOrEmail
134         implements UserDetailsService {
135         public UserDetails loadUserByUsername(String username)
136             throws UsernameNotFoundException, DataAccessException {
137             if ("Luke Taylor".equals(username)
138                 || "luke@monkeymachine".equals(username)) {
139                 return new User("luke", "monkey", true, true, true, true,
140                     new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE")});
141             } else {
142                 throw new UsernameNotFoundException("Could not find: "
143                     + username);
144             }
145         }
146     }
147 }