1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.springframework.ws.soap.security.xwss.callback;
18
19 import java.io.InputStream;
20 import java.security.KeyStore;
21 import java.security.cert.X509Certificate;
22 import java.util.Collections;
23
24 import org.springframework.core.io.ClassPathResource;
25 import org.springframework.security.authentication.AuthenticationManager;
26 import org.springframework.security.authentication.BadCredentialsException;
27 import org.springframework.security.authentication.TestingAuthenticationToken;
28 import org.springframework.security.core.GrantedAuthority;
29 import org.springframework.security.core.context.SecurityContextHolder;
30 import org.springframework.ws.soap.security.callback.CleanupCallback;
31 import org.springframework.ws.soap.security.x509.X509AuthenticationToken;
32
33 import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
34 import org.junit.After;
35 import org.junit.Assert;
36 import org.junit.Before;
37 import org.junit.Test;
38
39 import static org.easymock.EasyMock.*;
40
41 public class SpringCertificateValidationCallbackHandlerTest {
42
43 private SpringCertificateValidationCallbackHandler callbackHandler;
44
45 private AuthenticationManager authenticationManager;
46
47 private X509Certificate certificate;
48
49 private CertificateValidationCallback callback;
50
51 @Before
52 public void setUp() throws Exception {
53 callbackHandler = new SpringCertificateValidationCallbackHandler();
54 authenticationManager = createMock(AuthenticationManager.class);
55 callbackHandler.setAuthenticationManager(authenticationManager);
56 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
57 InputStream is = null;
58 try {
59 is = new ClassPathResource("/org/springframework/ws/soap/security/xwss/test-keystore.jks").getInputStream();
60 keyStore.load(is, "password".toCharArray());
61 }
62 finally {
63 if (is != null) {
64 is.close();
65 }
66 }
67 certificate = (X509Certificate) keyStore.getCertificate("alias");
68 callback = new CertificateValidationCallback(certificate);
69 }
70
71 @After
72 public void tearDown() throws Exception {
73 SecurityContextHolder.clearContext();
74 }
75
76 @Test
77 public void testValidateCertificateValid() throws Exception {
78 expect(authenticationManager.authenticate(isA(X509AuthenticationToken.class)))
79 .andReturn(new TestingAuthenticationToken(certificate, null, Collections.<GrantedAuthority>emptyList()));
80
81 replay(authenticationManager);
82
83 callbackHandler.handleInternal(callback);
84 boolean authenticated = callback.getResult();
85 Assert.assertTrue("Not authenticated", authenticated);
86 Assert.assertNotNull("No Authentication created", SecurityContextHolder.getContext().getAuthentication());
87
88 verify(authenticationManager);
89 }
90
91 @Test
92 public void testValidateCertificateInvalid() throws Exception {
93 expect(authenticationManager.authenticate(isA(X509AuthenticationToken.class)))
94 .andThrow(new BadCredentialsException(""));
95
96 replay(authenticationManager);
97
98 callbackHandler.handleInternal(callback);
99 boolean authenticated = callback.getResult();
100 Assert.assertFalse("Authenticated", authenticated);
101 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
102
103 verify(authenticationManager);
104 }
105
106 @Test
107 public void testCleanUp() throws Exception {
108 TestingAuthenticationToken authentication =
109 new TestingAuthenticationToken(new Object(), new Object(), Collections.<GrantedAuthority>emptyList());
110 SecurityContextHolder.getContext().setAuthentication(authentication);
111
112 CleanupCallback cleanupCallback = new CleanupCallback();
113 callbackHandler.handleInternal(cleanupCallback);
114 Assert.assertNull("Authentication created", SecurityContextHolder.getContext().getAuthentication());
115 }
116
117 }