moved tests from internaql code; made CertificateDAO configurable via...

        {

            try

            {

                logger.debug("lookup datasource: " + dataSourceName);

                return DBUtil.getDataSource(dataSourceName);

            }

            catch(NamingException ex)

                            "Cannot parse trusted principal from servlet config: "

                                    + principalStr);

                }

                LOGGER.debug("Adding trusted principal: " + principal

                        + " , max days valid: " + maxDaysValid);

                LOGGER.info("trusted: " + principal + " , max days valid: " + maxDaysValid);

                trustedPrincipals.put(new X500Principal(principal), maxDaysValid);

            }

        }

        this.database = config.getInitParameter(CATALOG);

        this.schema = config.getInitParameter(SCHEMA);

        LOGGER.debug("Init complete.");

        LOGGER.info("persistence: " + dataSourceName + " " + database + " " + schema);

    }

    /**

/*

 ************************************************************************

 ****  C A N A D I A N   A S T R O N O M Y   D A T A   C E N T R E  *****

 *

 * (c) 2011.                            (c) 2011.

 * National Research Council            Conseil national de recherches

 * Ottawa, Canada, K1A 0R6              Ottawa, Canada, K1A 0R6

 * All rights reserved                  Tous droits reserves

 *

 * NRC disclaims any warranties         Le CNRC denie toute garantie

 * expressed, implied, or statu-        enoncee, implicite ou legale,

 * tory, of any kind with respect       de quelque nature que se soit,

 * to the software, including           concernant le logiciel, y com-

 * without limitation any war-          pris sans restriction toute

 * ranty of merchantability or          garantie de valeur marchande

 * fitness for a particular pur-        ou de pertinence pour un usage

 * pose.  NRC shall not be liable       particulier.  Le CNRC ne

 * in any event for any damages,        pourra en aucun cas etre tenu

 * whether direct or indirect,          responsable de tout dommage,

 * special or general, consequen-       direct ou indirect, particul-

 * tial or incidental, arising          ier ou general, accessoire ou

 * from the use of the software.        fortuit, resultant de l'utili-

 *                                      sation du logiciel.

 *

 *

 * @author adriand

 * 

 * @version $Revision: $

 * 

 * 

 ****  C A N A D I A N   A S T R O N O M Y   D A T A   C E N T R E  *****

 ************************************************************************

 */

package ca.nrc.cadc.cred.server;

import static org.easymock.EasyMock.createMock;

import static org.easymock.EasyMock.expect;

import static org.easymock.EasyMock.replay;

import static org.junit.Assert.assertEquals;

import java.util.Map;

import javax.security.auth.x500.X500Principal;

import javax.servlet.ServletConfig;

import org.junit.Test;

/**

 * Mock test of the ProxyServlet

 * @author pdowler

 */

public class ProxyServletTest

{

    @Test

    public void testInit() throws Exception

    {

        ProxyServlet testServlet = new ProxyServlet();

        ServletConfig configMock = createMock(ServletConfig.class);

        String expectedDN1 = "cn=test1,ou=hia.nrc.ca,o=grid,c=ca";

        Float expectedDaysValid1 = new Float(Float.MAX_VALUE);

        String expectedDN2 = "cn=test2,ou=hia.nrc.ca,o=grid,c=ca";

        Float expectedDaysValid2 = new Float(0.5);

        expect(configMock.getInitParameter(ProxyServlet.TRUSTED_PRINCIPALS_PARAM))

                .andReturn((expectedDN1 + '\n' + expectedDN2 + ": " + expectedDaysValid2));

        expect(configMock.getInitParameter(ProxyServlet.DSNAME)).andReturn("jdbc/foo");

        expect(configMock.getInitParameter(ProxyServlet.CATALOG)).andReturn("foo");

        expect(configMock.getInitParameter(ProxyServlet.SCHEMA)).andReturn("bar");

        replay(configMock);

        testServlet.init(configMock);

        Map<X500Principal, Float> trustedDNs = testServlet

                .getTrustedPrincipals();

        assertEquals(expectedDaysValid1, trustedDNs

                .get(new X500Principal(expectedDN1)));

        assertEquals(expectedDaysValid2, trustedDNs

                .get(new X500Principal(expectedDN2)));

    }

    @Test(expected = IllegalArgumentException.class)

    public void testFailInit() throws Exception

    {

        ProxyServlet testServlet = new ProxyServlet();

        ServletConfig configMock = createMock(ServletConfig.class);

        String expectedDN1 = "cn=test1,ou=hia.nrc.ca,o=grid,c=ca";

        Float expectedDaysValid1 = new Float(-0.5);

        expect(

                configMock

                        .getInitParameter(ProxyServlet.TRUSTED_PRINCIPALS_PARAM))

                .andReturn((expectedDN1 + ":" + expectedDaysValid1));

        replay(configMock);

        testServlet.init(configMock);

    }

    @Test(expected = IllegalArgumentException.class)

    public void testFailInit2() throws Exception

    {

        ProxyServlet testServlet = new ProxyServlet();

        ServletConfig configMock = createMock(ServletConfig.class);

        String expectedDN1 = "cn=test1,ou=hia.nrc.ca,o=grid,c=ca: WRONG FLOAT";

        expect(

                configMock

                        .getInitParameter(ProxyServlet.TRUSTED_PRINCIPALS_PARAM))

                .andReturn((expectedDN1));

        replay(configMock);

        testServlet.init(configMock);

    }

}

package ca.nrc.cadc.cred.server.actions;

import ca.nrc.cadc.auth.AuthenticationUtil;

import ca.nrc.cadc.cred.server.ResourceNotFoundException;

import static org.easymock.EasyMock.createMock;

import static org.easymock.EasyMock.expect;

import static org.easymock.EasyMock.replay;

import static org.junit.Assert.assertEquals;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.x500.X500Principal;

import javax.servlet.http.HttpServletRequest;

import org.junit.Test;

import org.junit.Assert;

import static org.junit.Assert.assertNull;

import static org.junit.Assert.assertTrue;

public class DelegationActionFactoryTest

{

    static Map<X500Principal, Float> trustedPrincipals = new HashMap<X500Principal, Float>();

    static X500Principal TEST_X500 = new X500Principal("cn=testacct,ou=cadc,o=nrc,c=ca");

    static

    {

        trustedPrincipals.put(new X500Principal("cn=test,o=cadc,o=nrc,c=ca"), Float.MAX_VALUE);

    }

    private class TestDelegationActionFactory extends DelegationActionFactory

    {

        public TestDelegationActionFactory(HttpServletRequest request, Map<X500Principal, Float> trustedPrincipals)

        {

            super(request, trustedPrincipals, "DSNAME", "DATABASE", "SCHEMA");

        }

        @Override

        protected X500Principal getX500FromUserID(String userid) 

            throws ResourceNotFoundException

        {

            return TEST_X500;

        }

    }

    @Test

    public void testGetNotFoundAction() throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        expect(mockRequest.getParameter("daysValid")).andReturn(null);

        expect(mockRequest.getPathInfo()).andReturn("/unknown/path/info");

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        DelegationAction action = factory.getDelegationAction();

        assertEquals("Wrong action type",

                DelegationActionFactory.NotFoundAction.class, action.getClass());

    }

    @Test

    public void testGetGetProxyCertByDNAction() throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        expect(mockRequest.getParameter("daysValid")).andReturn(null);

        expect(mockRequest.getPathInfo()).andReturn("/dn/"+TEST_X500.getName());

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        DelegationAction action = factory.getDelegationAction();

        assertEquals("Wrong action type", GetProxyCertByDN.class, action.getClass());

        assertTrue("wrong target principal", AuthenticationUtil.equals(TEST_X500, action.name));

    }

    @Test

    public void testGetGetProxyCertByDNWithDaysValidAction()

            throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        float daysValid = (float) 33.33;

        expect(mockRequest.getParameter("daysValid")).andReturn("33.33");

        expect(mockRequest.getPathInfo()).andReturn("/dn/"+TEST_X500.getName());

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        DelegationAction action = factory.getDelegationAction();

        assertEquals("Wrong action type", GetProxyCertByDN.class, action.getClass());

        assertTrue("wrong target principal", AuthenticationUtil.equals(TEST_X500, action.name));

        assertEquals(daysValid, action.daysValid, 0.000001);

    }

    @Test

    public void testGetGetProxyCertByDNWithMaxDaysValidAction()

            throws Exception

    {

        // not days specified, so default is 0 for now.

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        expect(mockRequest.getParameter("daysValid")).andReturn(null);

        expect(mockRequest.getPathInfo()).andReturn("/dn/"+TEST_X500.getName());

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        DelegationAction action = factory.getDelegationAction();

        assertEquals("Wrong action type", GetProxyCertByDN.class, action.getClass());

        assertTrue("wrong target principal", AuthenticationUtil.equals(TEST_X500, action.name));

        assertNull(action.daysValid);

    }

    @Test

    public void testGetGetProxyCertByUseridAction() throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        expect(mockRequest.getParameter("daysValid")).andReturn(null);

        expect(mockRequest.getPathInfo()).andReturn("/userid/userid");

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        DelegationAction action = factory.getDelegationAction();

        assertEquals("Wrong action type", GetProxyCertByDN.class, action.getClass());

        assertTrue("wrong target principal", AuthenticationUtil.equals(TEST_X500, action.name));

    }

    @Test

    public void testGetGetProxyCertByUseridWithDaysValidAction()

            throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        float daysValid = (float) 33.33;

        expect(mockRequest.getParameter("daysValid")).andReturn("33.33");

        expect(mockRequest.getPathInfo()).andReturn("/userid/userid");

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        DelegationAction action = factory.getDelegationAction();

        assertEquals("Wrong action type", GetProxyCertByDN.class, action.getClass());

        assertEquals(daysValid, action.daysValid, 0.000001);

    }

    @Test

    public void testGetGetProxyCertByDNWithWrongDaysValidAction()

            throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        float daysValid = (float) -33.33;

        expect(mockRequest.getParameter("daysValid")).andReturn("-33.33");

        expect(mockRequest.getPathInfo()).andReturn("/dn/"+TEST_X500.getName());

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        try

        {

            DelegationAction action = factory.getDelegationAction();

            Assert.fail("expected IllegalArgumentException, got: " + action.getClass().getName());

        }

        catch(IllegalArgumentException expected)

        {

        }

    }

    @Test

    public void testGetGetProxyCertByDNWithWrongDays2ValidAction()

            throws Exception

    {

        HttpServletRequest mockRequest = createMock(HttpServletRequest.class);

        expect(mockRequest.getParameter("daysValid")).andReturn("WRONGNUMBER");

        expect(mockRequest.getPathInfo()).andReturn("/dn/"+TEST_X500.getName());

        replay(mockRequest);

        DelegationActionFactory factory = new TestDelegationActionFactory(

                mockRequest, trustedPrincipals);

        try

        {

            DelegationAction action = factory.getDelegationAction();

            Assert.fail("expected IllegalArgumentException, got: " + action.getClass().getName());

        }

        catch(IllegalArgumentException expected)

        {

        }

    }

}

package ca.nrc.cadc.cred.server.actions;

import static org.junit.Assert.assertTrue;

import java.io.File;

import java.security.AccessControlException;

import java.util.HashMap;

import java.util.Map;

import javax.security.auth.Subject;

import javax.security.auth.x500.X500Principal;

import org.junit.Test;

import ca.nrc.cadc.auth.SSLUtil;

import ca.nrc.cadc.auth.X509CertificateChain;

import ca.nrc.cadc.cred.server.CertificateDAO;

import ca.nrc.cadc.util.Log4jInit;

import org.apache.log4j.Level;

public class DelegationActionTest

{

    static File cadcRegtest1CertFile;

    static

    {

        Log4jInit.setLevel("ca.nrc.cadc.cred", Level.DEBUG);

        cadcRegtest1CertFile = new File("build/test/class/proxy.pem");

    }

    @Test

    public void testTrustedPrincipals() throws Exception

    {

        X500Principal target = new X500Principal("cn=foo,ou=cadc.o=hia,c=ca");

        X500Principal principal = new X500Principal("cn=cadcregtest1_b5d,ou=cadc,o=hia,c=ca");

        Map<X500Principal, Float> trustedPrincipals = new HashMap<X500Principal, Float>();

        trustedPrincipals.put(principal, Float.MAX_VALUE);

        Subject subject = SSLUtil.createSubject(cadcRegtest1CertFile);

        DelegationAction delegationAction = new DelegationStub(target, 0.1f, trustedPrincipals);

        Subject.doAs(subject, delegationAction);

    }

    @Test

    public void testUntrustedPrincipals() throws Exception

    {

        X500Principal target = new X500Principal("cn=foo,ou=cadc.o=hia,c=ca");

        X500Principal principal = new X500Principal("cn=cadcauthtest1,ou=hia.nrc.ca,o=grid,c=ca");

        Map<X500Principal, Float> trustedPrincipals = new HashMap<X500Principal, Float>();

        trustedPrincipals.put(principal, new Float(0.0));

        Subject subject = SSLUtil.createSubject(cadcRegtest1CertFile);

        DelegationAction delegationAction = new DelegationStub(target, 0.1f, trustedPrincipals);

        try

        {

            Subject.doAs(subject, delegationAction);

            assertTrue("Expected exception not thrown.", false);

        }

        catch (AccessControlException expected)

        {

        }

    }

}

class TestConfig extends CertificateDAO.CertificateSchema

{

    TestConfig() { super("DSNAME", "DATABASE", "SCHEMA"); }

}

class DelegationStub extends DelegationAction

{

    public DelegationStub(X500Principal name, float daysActive,

            Map<X500Principal, Float> trustedPrincipals)

    {

        super(name, daysActive, trustedPrincipals, new CertificateDAO(new TestConfig()));

    }

    @Override

    public X509CertificateChain getCertificate(X500Principal name)

            throws Exception

    {

        return null;

    }

}