From 121fbde63d72d3d5b88b1086ff5dff992f14c1b1 Mon Sep 17 00:00:00 2001 From: Pedro Hos Date: Mon, 2 Sep 2024 15:06:15 -0300 Subject: [PATCH] WFCORE-6937 - Testing of write-attribute calls is low for the Elytron subsystem https://issues.redhat.com/browse/WFCORE-6937 --- .../elytron/AuthenticationClientTestCase.java | 231 +++++++++++++++++- .../CertificateAuthoritiesTestCase.java | 121 ++++++++- .../elytron/CredentialStoreTestCase.java | 25 ++ .../extension/elytron/DomainTestCase.java | 12 + .../extension/elytron/KeyStoresTestCase.java | 16 ++ .../extension/elytron/LdapTestCase.java | 81 +++--- 6 files changed, 443 insertions(+), 43 deletions(-) diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/AuthenticationClientTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/AuthenticationClientTestCase.java index fb9751aae7e..131d89088bb 100644 --- a/elytron/src/test/java/org/wildfly/extension/elytron/AuthenticationClientTestCase.java +++ b/elytron/src/test/java/org/wildfly/extension/elytron/AuthenticationClientTestCase.java @@ -5,7 +5,19 @@ package org.wildfly.extension.elytron; +import static org.jboss.as.controller.client.helpers.ClientConstants.WRITE_ATTRIBUTE_OPERATION; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; +import static org.junit.Assert.assertEquals; + +import java.util.Map; + +import org.jboss.as.controller.PathAddress; import org.jboss.as.controller.client.helpers.ClientConstants; +import org.jboss.as.controller.operations.common.Util; +import org.jboss.as.controller.security.CredentialReference; import org.jboss.as.subsystem.test.AbstractSubsystemTest; import org.jboss.as.subsystem.test.KernelServices; import org.jboss.dmr.ModelNode; @@ -13,12 +25,10 @@ import org.junit.Before; import org.junit.Test; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; -import static org.junit.Assert.assertEquals; - public class AuthenticationClientTestCase extends AbstractSubsystemTest { + private static final String AUTH_CONFIG_NAME = "myAuthConfig"; + private static final PathAddress ROOT_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME); + private static final PathAddress AUTH_CONFIG_ADDRESS = ROOT_ADDRESS.append(ElytronDescriptionConstants.AUTHENTICATION_CONFIGURATION, AUTH_CONFIG_NAME); private KernelServices services = null; public AuthenticationClientTestCase() { @@ -56,6 +66,217 @@ private ModelNode assertFailed(ModelNode response) { return response; } + private void testWriteAnonymousAuthConfig(boolean anonymous) { + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.ANONYMOUS); + operation.get(ElytronDescriptionConstants.VALUE).set(anonymous); + assertSuccess(services.executeOperation(operation)); + } + + private void addAndTestKerberosSecurityFactory(String kerberosName) { + PathAddress kbrAddress = ROOT_ADDRESS.append(ElytronDescriptionConstants.KERBEROS_SECURITY_FACTORY, kerberosName); + Map parameters = Map.of(ElytronDescriptionConstants.PATH, ModelNode.fromString("\"/test-server.keytab\""), + ElytronDescriptionConstants.PRINCIPAL, ModelNode.fromString("\"HTTP/test-server.elytron.org@ELYTRON.ORG\"")); + + ModelNode kerberos = Util.createAddOperation(kbrAddress, parameters); + assertSuccess(services.executeOperation(kerberos)); + } + + @Test + public void testWriteAnonymousTrueOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + testWriteAnonymousAuthConfig(true); + } + + @Test + public void testWriteAnonymousFalseOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + testWriteAnonymousAuthConfig(false); + } + + @Test + public void testWriteMechanismPropertiesOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.MECHANISM_PROPERTIES); + operation.get(ElytronDescriptionConstants.VALUE).set("key1", "value1"); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteCredentialReferenceClearTextOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + + ModelNode credentialReference = new ModelNode(); + credentialReference.get(CredentialReference.CLEAR_TEXT).set("StorePassword"); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(CredentialReference.CREDENTIAL_REFERENCE); + operation.get(ElytronDescriptionConstants.VALUE).set(credentialReference); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteWebservicesAuthConfigOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + + ModelNode webservices = new ModelNode(); + webservices.get(ElytronDescriptionConstants.HTTP_MECHANISM).set("BASIC"); + webservices.get(ElytronDescriptionConstants.WS_SECURITY_TYPE).set("UsernameToken"); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.WEBSERVICES); + operation.get(ElytronDescriptionConstants.VALUE).set(webservices); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteAttributeWithRealmOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.REALM); + operation.get(ElytronDescriptionConstants.VALUE).set("testRealm"); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteAttributeWithExtendsOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + + String authConfigName2 = "myAuthConfig2"; + assertSuccess(services.executeOperation(Util.createAddOperation(ROOT_ADDRESS.append(ElytronDescriptionConstants.AUTHENTICATION_CONFIGURATION, authConfigName2)))); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.EXTENDS); + operation.get(ElytronDescriptionConstants.VALUE).set(authConfigName2); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteAuthenticationNameOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.AUTHENTICATION_NAME); + operation.get(ElytronDescriptionConstants.VALUE).set("foo"); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteAuthorizationNameOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.AUTHORIZATION_NAME); + operation.get(ElytronDescriptionConstants.VALUE).set("foo"); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWritePort() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.PORT); + operation.get(ElytronDescriptionConstants.VALUE).set(8787); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteProtocol() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.PROTOCOL); + operation.get(ElytronDescriptionConstants.VALUE).set(ElytronDescriptionConstants.HTTP); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteHost() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.HOST); + operation.get(ElytronDescriptionConstants.VALUE).set("myhost.com"); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteSecuritDomain() { + String securityDomainName = "ApplicationDomain"; + PathAddress securityDomainAddress = ROOT_ADDRESS.append(ElytronDescriptionConstants.SECURITY_DOMAIN, securityDomainName); + + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + assertSuccess(services.executeOperation(Util.createAddOperation(securityDomainAddress))); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.SECURITY_DOMAIN); + operation.get(ElytronDescriptionConstants.VALUE).set(securityDomainName); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testInvalidWritePort() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.PORT); + operation.get(ElytronDescriptionConstants.VALUE).set("invalid"); + assertFailed(services.executeOperation(operation)); + } + + @Test + public void testWriteFowardingModeAuthorization() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.FORWARDING_MODE); + operation.get(ElytronDescriptionConstants.VALUE).set(ElytronDescriptionConstants.AUTHORIZATION); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testInvalidWriteFowardingMode() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.FORWARDING_MODE); + operation.get(ElytronDescriptionConstants.VALUE).set("foo"); + assertFailed(services.executeOperation(operation)); + } + + @Test + public void testWriteSaslMechanismSelectorOnly() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.SASL_MECHANISM_SELECTOR); + operation.get(ElytronDescriptionConstants.VALUE).set("sasl-test"); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testWriteKerberosSecurityFactory() { + assertSuccess(services.executeOperation(Util.createAddOperation(AUTH_CONFIG_ADDRESS))); + + String kerberosName = "kbTest"; + addAndTestKerberosSecurityFactory(kerberosName); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.KERBEROS_SECURITY_FACTORY); + operation.get(ElytronDescriptionConstants.VALUE).set(kerberosName); + assertSuccess(services.executeOperation(operation)); + } + + @Test + public void testInvalidWriteAuthenticationNameWithKerberosSecurityFactory() { + String kerberosName = "kbTest"; + + addAndTestKerberosSecurityFactory(kerberosName); + + ModelNode operation = Util.createAddOperation(AUTH_CONFIG_ADDRESS, Map.of(ElytronDescriptionConstants.KERBEROS_SECURITY_FACTORY, ModelNode.fromString("\"" + kerberosName + "\""))); + assertSuccess(services.executeOperation(operation)); + + operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, AUTH_CONFIG_ADDRESS); + operation.get(ElytronDescriptionConstants.NAME).set(ElytronDescriptionConstants.AUTHENTICATION_NAME); + operation.get(ElytronDescriptionConstants.VALUE).set("foo"); + assertFailed(services.executeOperation(operation)); + } + @Test public void testAddWebservicesAuthConfig() { ModelNode webservices = new ModelNode(); diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/CertificateAuthoritiesTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/CertificateAuthoritiesTestCase.java index d822cc55016..011071d4d41 100644 --- a/elytron/src/test/java/org/wildfly/extension/elytron/CertificateAuthoritiesTestCase.java +++ b/elytron/src/test/java/org/wildfly/extension/elytron/CertificateAuthoritiesTestCase.java @@ -4,12 +4,15 @@ */ package org.wildfly.extension.elytron; +import static org.jboss.as.controller.client.helpers.ClientConstants.WRITE_ATTRIBUTE_OPERATION; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILURE_DESCRIPTION; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; @@ -26,7 +29,9 @@ import javax.security.auth.x500.X500Principal; +import org.jboss.as.controller.PathAddress; import org.jboss.as.controller.client.helpers.ClientConstants; +import org.jboss.as.controller.operations.common.Util; import org.jboss.as.controller.security.CredentialReference; import org.jboss.as.subsystem.test.AbstractSubsystemTest; import org.jboss.as.subsystem.test.KernelServices; @@ -41,7 +46,6 @@ import org.mockserver.integration.ClientAndServer; import org.wildfly.security.WildFlyElytronProvider; import org.wildfly.security.x500.cert.acme.AcmeAccount; - import org.wildfly.security.x500.cert.acme.CertificateAuthority; @@ -59,6 +63,9 @@ public class CertificateAuthoritiesTestCase extends AbstractSubsystemTest { private static final String CERTIFICATE_AUTHORITY_TEST_URL = "http://www.test.com"; private static final String ACCOUNTS_KEYSTORE_NAME = "AccountsKeyStore"; private static final String KEYSTORE_PASSWORD = "elytron"; + private static final PathAddress ROOT_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME); + private static final PathAddress CERT_AUTHORITY_ACCOUNT_ADDRESS = ROOT_ADDRESS.append(ElytronDescriptionConstants.CERTIFICATE_AUTHORITY_ACCOUNT, CERTIFICATE_AUTHORITY_ACCOUNT_NAME); + private static ClientAndServer server; // used to simulate a Let's Encrypt server instance @@ -127,6 +134,92 @@ public void init() throws Exception { } } + @Test + public void testWriteAttributeAliasOnly() throws Exception { + addKeyStore(ACCOUNTS_KEYSTORE_NAME); + addCertificateAuthorityAccount("alias"); + checkCertificateAuthorityIs(CertificateAuthority.LETS_ENCRYPT.getName()); + addCertificateAuthorityWithoutStagingUrl(); + try { + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, CERT_AUTHORITY_ACCOUNT_ADDRESS); + operation.get(ClientConstants.NAME).set(ElytronDescriptionConstants.ALIAS); + operation.get(ClientConstants.VALUE).set("new-alias"); + assertSuccess(services.executeOperation(operation)); + + checkCertificateAuthorityAttributeIs(ElytronDescriptionConstants.ALIAS, "new-alias"); + checkCertificateAuthorityAttributeIsNot(ElytronDescriptionConstants.ALIAS, "alias"); + + } finally { + removeCertificateAuthorityAccount(); + removeCertificateAuthority(); + } + } + + @Test + public void testWriteAttributeContactUrlsOnly() throws Exception { + addKeyStore(ACCOUNTS_KEYSTORE_NAME); + addCertificateAuthorityAccount("alias"); + checkCertificateAuthorityIs(CertificateAuthority.LETS_ENCRYPT.getName()); + addCertificateAuthorityWithoutStagingUrl(); + try { + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, CERT_AUTHORITY_ACCOUNT_ADDRESS); + operation.get(ClientConstants.NAME).set(ElytronDescriptionConstants.CONTACT_URLS); + operation.get(ClientConstants.VALUE).add("mailto:superadmin@anexample.com"); + assertSuccess(services.executeOperation(operation)); + checkCertificateAuthorityAttributeIs(ElytronDescriptionConstants.CONTACT_URLS, "[\"mailto:superadmin@anexample.com\"]"); + checkCertificateAuthorityAttributeIsNot(ElytronDescriptionConstants.CONTACT_URLS, "[\"mailto:admin@anexample.com\"]"); + } finally { + removeCertificateAuthorityAccount(); + removeCertificateAuthority(); + } + } + + @Test + public void testWriteAttributeCredentialReferenceOnly() throws Exception { + addKeyStore(ACCOUNTS_KEYSTORE_NAME); + addCertificateAuthorityAccount("alias"); + checkCertificateAuthorityIs(CertificateAuthority.LETS_ENCRYPT.getName()); + addCertificateAuthorityWithoutStagingUrl(); + try { + + ModelNode credentialReference = new ModelNode(); + credentialReference.get(CredentialReference.CLEAR_TEXT).set("StorePassword"); + + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, CERT_AUTHORITY_ACCOUNT_ADDRESS); + operation.get(ClientConstants.NAME).set(CredentialReference.CREDENTIAL_REFERENCE); + operation.get(ClientConstants.VALUE).set(credentialReference); + assertSuccess(services.executeOperation(operation)); + checkCertificateAuthorityAttributeIs(CredentialReference.CREDENTIAL_REFERENCE, "{\"clear-text\" => \"StorePassword\"}"); + checkCertificateAuthorityAttributeIsNot(CredentialReference.CREDENTIAL_REFERENCE, "{\"clear-text\" => \""+ KEYSTORE_PASSWORD +"\"}"); + } finally { + removeCertificateAuthorityAccount(); + removeCertificateAuthority(); + } + } + + @Test + public void testChangeKeystoreAttributeOnly() throws Exception { + addKeyStore(ACCOUNTS_KEYSTORE_NAME); + addCertificateAuthorityAccount("alias"); + checkCertificateAuthorityIs(CertificateAuthority.LETS_ENCRYPT.getName()); + addCertificateAuthorityWithoutStagingUrl(); + try { + + addKeyStore("AccountsKeyStore2"); + ModelNode operation = Util.createEmptyOperation(WRITE_ATTRIBUTE_OPERATION, CERT_AUTHORITY_ACCOUNT_ADDRESS); + operation.get(ClientConstants.NAME).set(ElytronDescriptionConstants.KEY_STORE); + operation.get(ClientConstants.VALUE).set("AccountsKeyStore2"); + assertSuccess(services.executeOperation(operation)); + checkCertificateAuthorityAttributeIs(ElytronDescriptionConstants.KEY_STORE, "AccountsKeyStore2"); + checkCertificateAuthorityAttributeIsNot(ElytronDescriptionConstants.KEY_STORE, ACCOUNTS_KEYSTORE_NAME); + + } finally { + removeCertificateAuthorityAccount(); + removeCertificateAuthority(); + } + } + @Test public void testCreateAccount() throws Exception { addKeyStore(ACCOUNTS_KEYSTORE_NAME); @@ -489,13 +582,13 @@ public void testRemoveCertificateAuthorityUsedByCertificateAuthorityAccount() th } @Test - public void testChangeCertificateAuthorityInCertificateAuthorityAccount() throws Exception { + public void testWriteCertificateAuthorityInCertificateAuthorityAccount() throws Exception { addKeyStore(ACCOUNTS_KEYSTORE_NAME); addCertificateAuthorityAccount("alias"); checkCertificateAuthorityIs(CertificateAuthority.LETS_ENCRYPT.getName()); addCertificateAuthorityWithoutStagingUrl(); try { - changeCertificateAuthorityInCertificateAuthorityAccount(); + writeAttributeCertificateAuthorityInCertificateAuthorityAccount(); checkCertificateAuthorityIs(CERTIFICATE_AUTHORITY_NAME); } finally { removeCertificateAuthorityAccount(); @@ -503,7 +596,7 @@ public void testChangeCertificateAuthorityInCertificateAuthorityAccount() throws } } - private void changeCertificateAuthorityInCertificateAuthorityAccount() { + private void writeAttributeCertificateAuthorityInCertificateAuthorityAccount() { ModelNode operation = new ModelNode(); operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("certificate-authority-account", CERTIFICATE_AUTHORITY_ACCOUNT_NAME); operation.get(ClientConstants.OP).set(ClientConstants.WRITE_ATTRIBUTE_OPERATION); @@ -537,9 +630,25 @@ private void removeCertificateAuthority() { assertSuccess(services.executeOperation(operation)); } + private void checkCertificateAuthorityAttributeIs(String attribute, String expected) { + ModelNode result = readResourceNode(); + assertEquals(expected, result.get(attribute).asString()); + } + + private void checkCertificateAuthorityAttributeIsNot(String attribute, String expected) { + ModelNode result = readResourceNode(); + assertNotEquals(expected, result.get(attribute).asString()); + } + + private ModelNode readResourceNode() { + ModelNode operation = new ModelNode(); + operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("certificate-authority-account", CERTIFICATE_AUTHORITY_ACCOUNT_NAME); + operation.get(ClientConstants.OP).set(ClientConstants.READ_RESOURCE_OPERATION); + return assertSuccess(services.executeOperation(operation)).get(ClientConstants.RESULT); + } + private void checkCertificateAuthorityIs(String certificateAuthorityName) { - ModelNode operation; - operation = new ModelNode(); + ModelNode operation = new ModelNode(); operation.get(ClientConstants.OP_ADDR).add("subsystem", "elytron").add("certificate-authority-account", CERTIFICATE_AUTHORITY_ACCOUNT_NAME); operation.get(ClientConstants.OP).set(ClientConstants.READ_RESOURCE_OPERATION); ModelNode result = assertSuccess(services.executeOperation(operation)).get(ClientConstants.RESULT); diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/CredentialStoreTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/CredentialStoreTestCase.java index e863b09bd0b..9be78e15799 100644 --- a/elytron/src/test/java/org/wildfly/extension/elytron/CredentialStoreTestCase.java +++ b/elytron/src/test/java/org/wildfly/extension/elytron/CredentialStoreTestCase.java @@ -9,6 +9,7 @@ import static org.hamcrest.MatcherAssert.assertThat; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.FAILED; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -28,7 +29,9 @@ import javax.crypto.SecretKey; +import org.jboss.as.controller.PathAddress; import org.jboss.as.controller.client.helpers.ClientConstants; +import org.jboss.as.controller.operations.common.Util; import org.jboss.as.subsystem.test.AbstractSubsystemTest; import org.jboss.as.subsystem.test.KernelServices; import org.jboss.dmr.ModelNode; @@ -53,6 +56,10 @@ public class CredentialStoreTestCase extends AbstractSubsystemTest { private static final String CLEAR_TEXT = "Lorem ipsum dolor sit amet"; private static final String CONFIGURATION = "credential-store.xml"; + private static final PathAddress ROOT_ADDRESS = PathAddress.pathAddress(SUBSYSTEM, ElytronExtension.SUBSYSTEM_NAME); + private static final PathAddress CRED_STORE_ADDRESS = ROOT_ADDRESS.append(ElytronDescriptionConstants.CREDENTIAL_STORE, "test"); + private static final PathAddress SECRET_KEY_CRED_STORE_128 = ROOT_ADDRESS.append(ElytronDescriptionConstants.SECRET_KEY_CREDENTIAL_STORE, "test128"); + private KernelServices services = null; public CredentialStoreTestCase() { @@ -91,6 +98,24 @@ public Void run() { }); } + @Test + public void testWriteAttributeCreateCredentialStoreToFalse() { + ModelNode operation = Util.getWriteAttributeOperation(CRED_STORE_ADDRESS, ElytronDescriptionConstants.CREATE, false); + assertSuccess(services.executeOperation(operation)); + assertEquals(false, readResource(CRED_STORE_ADDRESS).get(ElytronDescriptionConstants.CREATE).asBoolean()); + } + + @Test + public void testWriteAttributeKeySizeSecretKeyCredStoreTo192() { + ModelNode operation = Util.getWriteAttributeOperation(SECRET_KEY_CRED_STORE_128, ElytronDescriptionConstants.KEY_SIZE, 192); + assertSuccess(services.executeOperation(operation)); + assertEquals(192, readResource(SECRET_KEY_CRED_STORE_128).get(ElytronDescriptionConstants.KEY_SIZE).asInt()); + } + + private ModelNode readResource(PathAddress address) { + return assertSuccess(services.executeOperation(Util.getReadResourceOperation(address))).get(ClientConstants.RESULT); + } + // Test Contents of dynamically initialised credential stores @Test diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/DomainTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/DomainTestCase.java index 0b999eb3525..0539f597849 100644 --- a/elytron/src/test/java/org/wildfly/extension/elytron/DomainTestCase.java +++ b/elytron/src/test/java/org/wildfly/extension/elytron/DomainTestCase.java @@ -6,6 +6,7 @@ import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; +import static org.junit.Assert.assertTrue; import static org.wildfly.security.authz.RoleDecoder.KEY_SOURCE_ADDRESS; import java.io.FilePermission; @@ -511,6 +512,17 @@ public void testSourceAddressRoleDecoderWithMismatch() throws Exception { Assert.assertTrue(sac.authorize()); } + @Test + public void testWriteAttributeInvalidSecurityEventListerner() throws Exception { + init(); + PathAddress secutiryDomainAddress = PathAddress.pathAddress("subsystem", "elytron").append(ElytronDescriptionConstants.SECURITY_DOMAIN, "MyDomain"); + ModelNode operation = Util.getWriteAttributeOperation(secutiryDomainAddress, ElytronDescriptionConstants.SECURITY_EVENT_LISTENER, "invalid"); + ModelNode result = services.executeOperation(operation); + + assertFail(result); + assertTrue(result.get(ClientConstants.FAILURE_DESCRIPTION).asString().contains("WFLYCTL0369:")); + } + public static class MyPermissionMapper implements PermissionMapper { @Override public PermissionVerifier mapPermissions(PermissionMappable permissionMappable, Roles roles) { diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/KeyStoresTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/KeyStoresTestCase.java index 9bc846534a8..86a7495eb39 100644 --- a/elytron/src/test/java/org/wildfly/extension/elytron/KeyStoresTestCase.java +++ b/elytron/src/test/java/org/wildfly/extension/elytron/KeyStoresTestCase.java @@ -47,7 +47,9 @@ import javax.security.auth.x500.X500Principal; +import org.jboss.as.controller.PathAddress; import org.jboss.as.controller.client.helpers.ClientConstants; +import org.jboss.as.controller.operations.common.Util; import org.jboss.as.controller.security.CredentialReference; import org.jboss.as.subsystem.test.AbstractSubsystemTest; import org.jboss.as.subsystem.test.KernelServices; @@ -382,6 +384,20 @@ public void testKeystoreService() throws Exception { assertEquals("ca", keyStore.getCertificateAlias(certCa)); } + @Test + public void testChangeCredentialReferenceToClearText() { + PathAddress keystoreAddress = PathAddress.pathAddress("subsystem", "elytron").append(ElytronDescriptionConstants.KEY_STORE, "LocalhostKeystore"); + + ModelNode credentialReference = new ModelNode(); + credentialReference.get(CredentialReference.CLEAR_TEXT).set("StorePassword"); + + ModelNode operation = Util.getWriteAttributeOperation(keystoreAddress, CredentialReference.CREDENTIAL_REFERENCE, credentialReference); + assertSuccess(services.executeOperation(operation)); + + ModelNode resource = services.executeOperation(Util.getReadResourceOperation(keystoreAddress)).get(ClientConstants.RESULT); + assertEquals("StorePassword", resource.get(CredentialReference.CREDENTIAL_REFERENCE).get(CredentialReference.CLEAR_TEXT).asString()); + } + @Test public void testKeystoreCli() throws Exception { Path resources = Paths.get(KeyStoresTestCase.class.getResource(".").toURI()); diff --git a/elytron/src/test/java/org/wildfly/extension/elytron/LdapTestCase.java b/elytron/src/test/java/org/wildfly/extension/elytron/LdapTestCase.java index b08f28e1441..8d21a2ea151 100644 --- a/elytron/src/test/java/org/wildfly/extension/elytron/LdapTestCase.java +++ b/elytron/src/test/java/org/wildfly/extension/elytron/LdapTestCase.java @@ -4,36 +4,9 @@ */ package org.wildfly.extension.elytron; -import org.jboss.as.controller.client.helpers.ClientConstants; -import org.jboss.as.subsystem.test.AbstractSubsystemTest; -import org.jboss.as.subsystem.test.KernelServices; -import org.jboss.dmr.ModelNode; -import org.jboss.msc.service.ServiceController; -import org.jboss.msc.service.ServiceName; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.wildfly.common.function.ExceptionSupplier; -import org.wildfly.common.iteration.ByteIterator; -import org.wildfly.common.iteration.CodePointIterator; -import org.wildfly.extension.elytron.capabilities._private.DirContextSupplier; -import org.wildfly.security.auth.principal.NamePrincipal; -import org.wildfly.security.auth.server.ModifiableRealmIdentity; -import org.wildfly.security.auth.server.ModifiableSecurityRealm; -import org.wildfly.security.auth.server.RealmIdentity; -import org.wildfly.security.evidence.PasswordGuessEvidence; -import org.wildfly.security.evidence.X509PeerCertificateChainEvidence; -import org.wildfly.security.authz.Attributes; -import org.wildfly.security.x500.cert.BasicConstraintsExtension; -import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey; -import org.wildfly.security.x500.cert.X509CertificateBuilder; - -import javax.naming.NamingException; -import javax.naming.directory.DirContext; -import javax.net.ssl.KeyManager; -import javax.security.auth.x500.X500Principal; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; +import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; +import static org.junit.Assert.assertEquals; import java.io.File; import java.io.InputStream; @@ -61,8 +34,38 @@ import java.util.Set; import java.util.regex.Pattern; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OUTCOME; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUCCESS; +import javax.naming.NamingException; +import javax.naming.directory.DirContext; +import javax.net.ssl.KeyManager; +import javax.security.auth.x500.X500Principal; + +import org.jboss.as.controller.PathAddress; +import org.jboss.as.controller.client.helpers.ClientConstants; +import org.jboss.as.controller.operations.common.Util; +import org.jboss.as.subsystem.test.AbstractSubsystemTest; +import org.jboss.as.subsystem.test.KernelServices; +import org.jboss.dmr.ModelNode; +import org.jboss.msc.service.ServiceController; +import org.jboss.msc.service.ServiceName; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.wildfly.common.function.ExceptionSupplier; +import org.wildfly.common.iteration.ByteIterator; +import org.wildfly.common.iteration.CodePointIterator; +import org.wildfly.extension.elytron.capabilities._private.DirContextSupplier; +import org.wildfly.security.auth.principal.NamePrincipal; +import org.wildfly.security.auth.server.ModifiableRealmIdentity; +import org.wildfly.security.auth.server.ModifiableSecurityRealm; +import org.wildfly.security.auth.server.RealmIdentity; +import org.wildfly.security.authz.Attributes; +import org.wildfly.security.evidence.PasswordGuessEvidence; +import org.wildfly.security.evidence.X509PeerCertificateChainEvidence; +import org.wildfly.security.x500.cert.BasicConstraintsExtension; +import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey; +import org.wildfly.security.x500.cert.X509CertificateBuilder; /** * Tests of LDAP related components (excluded from their natural TestCases to prevent repeated LDAP starting) @@ -166,6 +169,20 @@ public void initializeSubsystem() throws Exception { } } + @Test + public void testWriteAttributeRDNIdentifier() { + PathAddress ldapAddress = PathAddress.pathAddress("subsystem", "elytron").append(ElytronDescriptionConstants.LDAP_REALM, "LdapRealm"); + + ModelNode identityMapping = new ModelNode(); + identityMapping.get(ElytronDescriptionConstants.RDN_IDENTIFIER).set("cn"); + + ModelNode operation = Util.getWriteAttributeOperation(ldapAddress, ElytronDescriptionConstants.IDENTITY_MAPPING, identityMapping); + assertSuccess(services.executeOperation(operation)); + + ModelNode resource = services.executeOperation(Util.getReadResourceOperation(ldapAddress)).get(ClientConstants.RESULT); + assertEquals("cn", resource.get(ElytronDescriptionConstants.IDENTITY_MAPPING).get(ElytronDescriptionConstants.RDN_IDENTIFIER).asString()); + } + @Test public void testDirContextInsecure() throws Exception { ServiceName serviceNameDirContext = Capabilities.DIR_CONTEXT_RUNTIME_CAPABILITY.getCapabilityServiceName("DirContextInsecure");