@Before public void setUp() { dynamicPlainContext = new Password(PlainLoginModule.class.getName() + " required user=\"plainuser\" password=\"plain-secret\";"); dynamicDigestContext = new Password(TestDigestLoginModule.class.getName() + " required user=\"digestuser\" password=\"digest-secret\";"); TestJaasConfig.createConfiguration("SCRAM-SHA-256", Collections.singletonList("SCRAM-SHA-256")); }
public static Password jaasConfigProperty(String mechanism, Map<String, Object> options) { StringBuilder builder = new StringBuilder(); builder.append(loginModule(mechanism)); builder.append(" required"); for (Map.Entry<String, Object> option : options.entrySet()) { builder.append(' '); builder.append(option.getKey()); builder.append('='); builder.append(option.getValue()); } builder.append(';'); return new Password(builder.toString()); }
public static Password jaasConfigProperty(String mechanism, String username, String password) { return new Password(loginModule(mechanism) + " required username=" + username + " password=" + password + ";"); }
return value; else if (value instanceof String) return new Password(trimmed); else throw new ConfigException(name, value, "Expected value to be a string, but it was a " + value.getClass().getName());
@Test public void testSslPasswords() { ConfigDef def = new ConfigDef(); SslConfigs.addClientSslSupport(def); Properties props = new Properties(); props.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "key_password"); props.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "keystore_password"); props.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "truststore_password"); Map<String, Object> vals = def.parse(props); assertEquals(new Password("key_password"), vals.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG)); assertEquals(Password.HIDDEN, vals.get(SslConfigs.SSL_KEY_PASSWORD_CONFIG).toString()); assertEquals(new Password("keystore_password"), vals.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG)); assertEquals(Password.HIDDEN, vals.get(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG).toString()); assertEquals(new Password("truststore_password"), vals.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG)); assertEquals(Password.HIDDEN, vals.get(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG).toString()); }
private AppConfigurationEntry configurationEntry(JaasContext.Type contextType, String jaasConfigProp) { Password saslJaasConfig = jaasConfigProp == null ? null : new Password(jaasConfigProp); JaasContext context = JaasContext.load(contextType, null, contextType.name(), saslJaasConfig); List<AppConfigurationEntry> entries = context.configurationEntries(); assertEquals(1, entries.size()); return entries.get(0); }
public static Map<String, Object> createSslConfig(boolean useClientCert, boolean trustStore, Mode mode, File trustStoreFile, String certAlias, String cn, CertificateBuilder certBuilder) throws IOException, GeneralSecurityException { Map<String, X509Certificate> certs = new HashMap<>(); File keyStoreFile = null; Password password = mode == Mode.SERVER ? new Password("ServerPassword") : new Password("ClientPassword"); Password trustStorePassword = new Password("TrustStorePassword"); if (mode == Mode.CLIENT && useClientCert) { keyStoreFile = File.createTempFile("clientKS", ".jks"); KeyPair cKP = generateKeyPair("RSA"); X509Certificate cCert = certBuilder.generate("CN=" + cn + ", O=A client", cKP); createKeyStore(keyStoreFile.getPath(), password, "client", cKP.getPrivate(), cCert); certs.put(certAlias, cCert); keyStoreFile.deleteOnExit(); } else if (mode == Mode.SERVER) { keyStoreFile = File.createTempFile("serverKS", ".jks"); KeyPair sKP = generateKeyPair("RSA"); X509Certificate sCert = certBuilder.generate("CN=" + cn + ", O=A server", sKP); createKeyStore(keyStoreFile.getPath(), password, password, "server", sKP.getPrivate(), sCert); certs.put(certAlias, sCert); keyStoreFile.deleteOnExit(); } if (trustStore) { createTrustStore(trustStoreFile.getPath(), trustStorePassword, certs); trustStoreFile.deleteOnExit(); } return createSslConfig(mode, keyStoreFile, password, password, trustStoreFile, trustStorePassword); }
@Test public void shouldResolvePasswordToPassword() { assertThat(RESOLVED_PASSWORD.parseValue("Sensitive"), is(new Password("Sensitive"))); }
/** * Tests that client connections cannot be created to a server * if key password is invalid */ @Test public void testInvalidKeyPassword() throws Exception { String node = "0"; sslServerConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, new Password("invalid")); server = createEchoServer(SecurityProtocol.SSL); createSelector(sslClientConfigs); InetSocketAddress addr = new InetSocketAddress("localhost", server.port()); selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE); NetworkTestUtils.waitForChannelClose(selector, node, ChannelState.State.AUTHENTICATION_FAILED); server.verifyAuthenticationMetrics(0, 1); }
assertEquals(false, vals.get("h")); assertEquals(true, vals.get("i")); assertEquals(new Password("password"), vals.get("j")); assertEquals(Password.HIDDEN, vals.get("j").toString());
@Test public void testValuesWithSecondaryPrefix() { String prefix = "listener.name.listener1."; Password saslJaasConfig1 = new Password("test.myLoginModule1 required;"); Password saslJaasConfig2 = new Password("test.myLoginModule2 required;"); Password saslJaasConfig3 = new Password("test.myLoginModule3 required;"); Properties props = new Properties(); props.put("listener.name.listener1.test-mechanism.sasl.jaas.config", saslJaasConfig1.value());
saslClientConfigs.put(SaslConfigs.SASL_JAAS_CONFIG, new Password(module1 + " " + module2)); try { createClientConnection(securityProtocol, "1");
@Test public void testConvertValueToStringPassword() { assertEquals(Password.HIDDEN, ConfigDef.convertToString(new Password("foobar"), Type.PASSWORD)); assertEquals("foobar", ConfigDef.convertToString("foobar", Type.PASSWORD)); assertNull(ConfigDef.convertToString(null, Type.PASSWORD)); }
missingStoreConfigs.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "PKCS12"); missingStoreConfigs.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, "some.truststore.path"); missingStoreConfigs.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, new Password("some.truststore.password")); verifyInvalidReconfigure(reconfigurableBuilder, missingStoreConfigs, "truststore not found");
missingStoreConfigs.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "PKCS12"); missingStoreConfigs.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, "some.keystore.path"); missingStoreConfigs.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, new Password("some.keystore.password")); missingStoreConfigs.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, new Password("some.key.password")); verifyInvalidReconfigure(reconfigurableBuilder, missingStoreConfigs, "keystore not found");
public static Map<String, Object> createSslConfig(boolean useClientCert, boolean trustStore, Mode mode, File trustStoreFile, String certAlias, String host) throws IOException, GeneralSecurityException { Map<String, X509Certificate> certs = new HashMap<>(); File keyStoreFile = null; Password password = mode == Mode.SERVER ? new Password("ServerPassword") : new Password("ClientPassword"); Password trustStorePassword = new Password("TrustStorePassword"); if (mode == Mode.CLIENT && useClientCert) { keyStoreFile = File.createTempFile("clientKS", ".jks"); KeyPair cKP = generateKeyPair("RSA"); X509Certificate cCert = generateCertificate("CN=" + host + ", O=A client", cKP, 30, "SHA1withRSA"); createKeyStore(keyStoreFile.getPath(), password, "client", cKP.getPrivate(), cCert); certs.put(certAlias, cCert); keyStoreFile.deleteOnExit(); } else if (mode == Mode.SERVER) { keyStoreFile = File.createTempFile("serverKS", ".jks"); KeyPair sKP = generateKeyPair("RSA"); X509Certificate sCert = generateCertificate("CN=" + host + ", O=A server", sKP, 30, "SHA1withRSA"); createKeyStore(keyStoreFile.getPath(), password, password, "server", sKP.getPrivate(), sCert); certs.put(certAlias, sCert); keyStoreFile.deleteOnExit(); } if (trustStore) { createTrustStore(trustStoreFile.getPath(), trustStorePassword, certs); trustStoreFile.deleteOnExit(); } return createSslConfig(mode, keyStoreFile, password, password, trustStoreFile, trustStorePassword); }