RANGER-5331: Test Cases for unixauthclient & unixauthservice Module (#675)

Author: bhaveshamre

unixauthclient/pom.xml

@@ -102,6 +102,18 @@
             <artifactId>libpam4j</artifactId>
             <version>${libpam4j.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <version>${mockito.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-junit-jupiter</artifactId>
+            <version>${mockito.version}</version>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>log4j-over-slf4j</artifactId>

unixauthclient/src/test/java/org/apache/ranger/authentication/unix/jaas/TestConsolePromptCallbackHandler.java

@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.authentication.unix.jaas;
+
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+/**
+ * @generated by Cursor
+ * @description : Unit Test cases for ConsolePromptCallbackHandler
+ */
+
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestConsolePromptCallbackHandler {
+    @Test
+    public void test01_handle_setsNameAndPassword() throws IOException, UnsupportedCallbackException {
+        String input = "alice\nsecret\n";
+        System.setIn(new ByteArrayInputStream(input.getBytes(StandardCharsets.UTF_8)));
+
+        ConsolePromptCallbackHandler handler          = new ConsolePromptCallbackHandler();
+        NameCallback                 nameCallback     = new NameCallback("User: ");
+        PasswordCallback             passwordCallback = new PasswordCallback("Pass: ", false);
+
+        handler.handle(new Callback[] {nameCallback, passwordCallback});
+
+        assertEquals("alice", nameCallback.getName());
+        assertArrayEquals("secret".toCharArray(), passwordCallback.getPassword());
+    }
+
+    @Test
+    public void test02_handle_unknownCallback_doesNotThrow() throws IOException, UnsupportedCallbackException {
+        System.setIn(new ByteArrayInputStream("\n".getBytes(StandardCharsets.UTF_8)));
+        ConsolePromptCallbackHandler handler = new ConsolePromptCallbackHandler();
+        Callback                     unknown = new Callback() {};
+        handler.handle(new Callback[] {unknown});
+    }
+}

unixauthclient/src/test/java/org/apache/ranger/authentication/unix/jaas/TestPamLoginModule.java

@@ -0,0 +1,281 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.authentication.unix.jaas;
+
+import org.junit.jupiter.api.MethodOrderer;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestMethodOrder;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.jvnet.libpam.PAM;
+import org.jvnet.libpam.UnixUser;
+import org.mockito.Mockito;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * @generated by Cursor
+ * @description : Unit Test cases for PamLoginModule
+ */
+
+@ExtendWith(MockitoExtension.class)
+@TestMethodOrder(MethodOrderer.MethodName.class)
+public class TestPamLoginModule {
+    @Test
+    public void test01_initialize_withoutService_throwsOnLogin() throws Exception {
+        PamLoginModule      m       = new PamLoginModule();
+        Subject             subject = new Subject();
+        Map<String, Object> opts    = new HashMap<>();
+        m.initialize(subject, creds("alice", "secret"), new HashMap<>(), opts);
+        setField(m, "options", new HashMap<>());
+        assertThrows(LoginException.class, m::login);
+    }
+
+    @Test
+    public void test02_commit_addsPrincipal_and_logout_clears_without_realPam() throws Exception {
+        PamLoginModule m       = new PamLoginModule();
+        Subject        subject = new Subject();
+        UnixUser       user    = Mockito.mock(UnixUser.class);
+        Mockito.when(user.getUserName()).thenReturn("alice");
+        Mockito.when(user.getGecos()).thenReturn("");
+        Mockito.when(user.getDir()).thenReturn("");
+        Mockito.when(user.getShell()).thenReturn("");
+        Mockito.when(user.getUID()).thenReturn(0);
+        Mockito.when(user.getGID()).thenReturn(0);
+        Mockito.when(user.getGroups()).thenReturn(Collections.emptySet());
+
+        setField(m, "subject", subject);
+        setField(m, "authSucceeded", true);
+        setField(m, "principal", new PamPrincipal(user));
+        setField(m, "pam", Mockito.mock(PAM.class));
+        setField(m, "passwordChar", new char[] {'x'});
+
+        assertTrue(m.commit());
+        Set<Principal> principals = subject.getPrincipals();
+        assertTrue(principals.stream().anyMatch(p -> p instanceof PamPrincipal && p.getName().equals("alice")));
+
+        assertTrue(m.logout());
+        assertTrue(subject.getPrincipals().isEmpty());
+    }
+
+    @Test
+    public void test03_login_throwsLoginException_withRealPam() throws Exception {
+        PamLoginModule      m       = new PamLoginModule();
+        Subject             subject = new Subject();
+        Map<String, Object> opts    = new HashMap<>();
+        opts.put(PamLoginModule.SERVICE_KEY, "sshd");
+        CallbackHandler cb = creds("alice", "bad");
+        m.initialize(subject, cb, new HashMap<>(), opts);
+        setField(m, "options", opts);
+        setField(m, "callbackHandler", cb);
+        assertThrows(LoginException.class, m::login);
+    }
+
+    @Test
+    public void test04_abort_withoutAuth_returnsFalse() throws Exception {
+        PamLoginModule      m       = new PamLoginModule();
+        Subject             subject = new Subject();
+        Map<String, Object> opts    = new HashMap<>();
+        opts.put(PamLoginModule.SERVICE_KEY, "sshd");
+        CallbackHandler cb = creds("u", "p");
+        m.initialize(subject, cb, new HashMap<>(), opts);
+        setField(m, "options", opts);
+        setField(m, "subject", subject);
+        setField(m, "callbackHandler", cb);
+        assertFalse(m.abort());
+    }
+
+    @Test
+    public void test05_abort_afterSuccess_cleansUpAndReturnsTrue() throws Exception {
+        PamLoginModule m = new PamLoginModule();
+        setField(m, "authSucceeded", true);
+        PAM pam = Mockito.mock(PAM.class);
+        setField(m, "pam", pam);
+        setField(m, "passwordChar", new char[] {'x'});
+        assertTrue(m.abort());
+    }
+
+    @Test
+    public void test06_commit_returnsFalse_whenAuthNotSucceeded() throws Exception {
+        PamLoginModule m = new PamLoginModule();
+        setField(m, "authSucceeded", false);
+        setField(m, "subject", new Subject());
+        assertFalse(m.commit());
+    }
+
+    @Test
+    public void test07_commit_readOnlySubject_throws_and_cleansUp() throws Exception {
+        PamLoginModule m       = new PamLoginModule();
+        Subject        subject = new Subject();
+        subject.setReadOnly();
+        setField(m, "subject", subject);
+        setField(m, "authSucceeded", true);
+        setField(m, "principal", new PamPrincipal(Mockito.mock(UnixUser.class)));
+        PAM pam = Mockito.mock(PAM.class);
+        setField(m, "pam", pam);
+        setField(m, "passwordChar", new char[] {'p'});
+        assertThrows(LoginException.class, m::commit);
+        Mockito.verify(pam).dispose();
+    }
+
+    @Test
+    public void test08_obtainUserAndPassword_noCallbackHandler_throws() throws Exception {
+        PamLoginModule m = new PamLoginModule();
+        setField(m, "callbackHandler", null);
+        Method method = PamLoginModule.class.getDeclaredMethod("obtainUserAndPassword");
+        method.setAccessible(true);
+        assertThrows(LoginException.class, () -> invokeAndRethrowLoginException(m, method));
+    }
+
+    @Test
+    public void test09_obtainUserAndPassword_errorInCallbacks_throws() throws Exception {
+        PamLoginModule m = new PamLoginModule();
+        CallbackHandler cb = new CallbackHandler() {
+            @Override
+            public void handle(Callback[] callbacks) throws java.io.IOException {
+                throw new java.io.IOException("boom");
+            }
+        };
+        setField(m, "callbackHandler", cb);
+        Method method = PamLoginModule.class.getDeclaredMethod("obtainUserAndPassword");
+        method.setAccessible(true);
+        assertThrows(LoginException.class, () -> invokeAndRethrowLoginException(m, method));
+    }
+
+    @Test
+    public void test10_performLogin_withNullPassword_throwsFailedLogin() throws Exception {
+        PamLoginModule m = new PamLoginModule();
+        setField(m, "username", "alice");
+        setField(m, "pam", Mockito.mock(PAM.class));
+        Method method = PamLoginModule.class.getDeclaredMethod("performLogin");
+        method.setAccessible(true);
+        assertThrows(FailedLoginException.class, () -> invokeAndRethrowLoginException(m, method));
+    }
+
+    @Test
+    public void test11_performLogin_success_setsPrincipalAndAuthSucceeded() throws Exception {
+        PamLoginModule m = new PamLoginModule();
+        setField(m, "username", "alice");
+        setField(m, "passwordChar", new char[] {'s'});
+        PAM      pam  = Mockito.mock(PAM.class);
+        UnixUser user = Mockito.mock(UnixUser.class);
+        Mockito.when(user.getUserName()).thenReturn("alice");
+        Mockito.when(pam.authenticate("alice", "s")).thenReturn(user);
+        setField(m, "pam", pam);
+
+        Method method = PamLoginModule.class.getDeclaredMethod("performLogin");
+        method.setAccessible(true);
+        assertTrue(invokeAndReturnBoolean(m, method));
+        Object principal = getField(m, "principal");
+        assertNotNull(principal);
+        assertTrue(principal instanceof PamPrincipal);
+        assertEquals("alice", ((PamPrincipal) principal).getName());
+        assertTrue((Boolean) getField(m, "authSucceeded"));
+    }
+
+    @Test
+    public void test12_logout_readOnlySubject_throws_and_cleansUp() throws Exception {
+        PamLoginModule m       = new PamLoginModule();
+        Subject        subject = new Subject();
+        subject.setReadOnly();
+        setField(m, "subject", subject);
+        setField(m, "principal", new PamPrincipal(Mockito.mock(UnixUser.class)));
+        PAM pam = Mockito.mock(PAM.class);
+        setField(m, "pam", pam);
+        setField(m, "passwordChar", new char[] {'p'});
+        assertThrows(LoginException.class, m::logout);
+        Mockito.verify(pam).dispose();
+    }
+
+    private static void setField(Object target, String name, Object value) throws Exception {
+        Field f = target.getClass().getDeclaredField(name);
+        f.setAccessible(true);
+        f.set(target, value);
+    }
+
+    private static Object getField(Object target, String name) throws Exception {
+        Field f = target.getClass().getDeclaredField(name);
+        f.setAccessible(true);
+        return f.get(target);
+    }
+
+    private static void invokeAndRethrowLoginException(Object target, Method method) throws LoginException {
+        try {
+            method.invoke(target);
+        } catch (InvocationTargetException e) {
+            Throwable cause = e.getCause();
+            if (cause instanceof LoginException) {
+                throw (LoginException) cause;
+            }
+            throw new RuntimeException(cause);
+        } catch (IllegalAccessException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static boolean invokeAndReturnBoolean(Object target, Method method) throws Exception {
+        try {
+            Object ret = method.invoke(target);
+            return (Boolean) ret;
+        } catch (InvocationTargetException e) {
+            Throwable cause = e.getCause();
+            if (cause instanceof Exception) {
+                throw (Exception) cause;
+            }
+            throw new RuntimeException(cause);
+        }
+    }
+
+    private static CallbackHandler creds(String user, String pass) {
+        return new CallbackHandler() {
+            @Override
+            public void handle(Callback[] callbacks) {
+                for (Callback c : callbacks) {
+                    if (c instanceof NameCallback) {
+                        ((NameCallback) c).setName(user);
+                    }
+                    if (c instanceof PasswordCallback) {
+                        ((PasswordCallback) c).setPassword(pass != null ? pass.toCharArray() : null);
+                    }
+                }
+            }
+        };
+    }
+}