From c8348d60e1c075778d375d96c28fb110af9dbcaf Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Mon, 21 Jul 2014 15:09:30 -0500 Subject: [PATCH] SEC-2602: Add test support for x509 certificate --- .../SecurityMockMvcRequestPostProcessors.java | 52 +++++++++++++++ ...RequestPostProcessorsCertificateTests.java | 60 ++++++++++++++++++ test/src/test/resources/rod.cer | Bin 0 -> 731 bytes 3 files changed, 112 insertions(+) create mode 100644 test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java create mode 100644 test/src/test/resources/rod.cer diff --git a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java index a0649b8674..3c5617462e 100644 --- a/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java +++ b/test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java @@ -15,7 +15,12 @@ */ package org.springframework.security.test.web.servlet.request; +import java.io.IOException; +import java.io.InputStream; import java.io.UnsupportedEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -24,6 +29,9 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.core.io.DefaultResourceLoader; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -55,6 +63,32 @@ import org.springframework.util.Assert; */ public final class SecurityMockMvcRequestPostProcessors { + /** + * Populates the provided X509Certificate instances on the request. + * @param certificates the X509Certificate instances to pouplate + * @return the {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use. + */ + public static RequestPostProcessor x509(X509Certificate... certificates) { + return new X509RequestPostProcessor(certificates); + } + + /** + * Finds an X509Cetificate using a resoureName and populates it on the request. + * + * @param resourceName the name of the X509Certificate resource + * @return the {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use. + * @throws IOException + * @throws CertificateException + */ + public static RequestPostProcessor x509(String resourceName) throws IOException, CertificateException { + ResourceLoader loader = new DefaultResourceLoader(); + Resource resource = loader.getResource(resourceName); + InputStream inputStream = resource.getInputStream(); + CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(inputStream); + return x509(certificate); + } + /** * Creates a {@link RequestPostProcessor} that will automatically populate a * valid {@link CsrfToken} in the request. @@ -142,6 +176,24 @@ public final class SecurityMockMvcRequestPostProcessors { return new HttpBasicRequestPostProcessor(username, password); } + /** + * Populates the X509Certificate instances onto the request + */ + private static class X509RequestPostProcessor implements RequestPostProcessor { + private final X509Certificate[] certificates; + + private X509RequestPostProcessor(X509Certificate... certificates) { + Assert.notNull("X509Certificate cannot be null"); + this.certificates = certificates; + } + + @Override + public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) { + request.setAttribute("javax.servlet.request.X509Certificate", certificates); + return request; + } + } + /** * Populates a valid {@link CsrfToken} into the request. * diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java new file mode 100644 index 0000000000..9b51e03aa6 --- /dev/null +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java @@ -0,0 +1,60 @@ +/* + * Copyright 2002-2014 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.springframework.security.test.web.servlet.request; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.runners.MockitoJUnitRunner; +import org.springframework.mock.web.MockHttpServletRequest; + +import java.security.cert.X509Certificate; + +import static org.fest.assertions.Assertions.assertThat; +import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509; + +@RunWith(MockitoJUnitRunner.class) +public class SecurityMockMvcRequestPostProcessorsCertificateTests { + @Mock + private X509Certificate certificate; + + private MockHttpServletRequest request; + + @Before + public void setup() { + request = new MockHttpServletRequest(); + } + + @Test + public void x509SingleCertificate() { + MockHttpServletRequest postProcessedRequest = x509(certificate).postProcessRequest(request); + + X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest.getAttribute("javax.servlet.request.X509Certificate"); + + assertThat(certificates).containsOnly(certificate); + } + + @Test + public void x509ResourceName() throws Exception { + MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(request); + + X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest.getAttribute("javax.servlet.request.X509Certificate"); + + assertThat(certificates.length).isEqualTo(1); + assertThat(certificates[0].getSubjectDN().getName()).isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework"); + } +} diff --git a/test/src/test/resources/rod.cer b/test/src/test/resources/rod.cer new file mode 100644 index 0000000000000000000000000000000000000000..c897d370a15f275334883eb9c7acb7e477da9e2b GIT binary patch literal 731 zcmXqLV!Ce7#JGO}GZP~d6N|zB4c82K**LY@JlekVGBUEVG8i;=8gd(OvN4CUun9A{ zI~fWZ@PjxU!W_ZL`6W4tc`1eh27DkPc42n+oW$bv{BlD{196ZDm#{!^K~ZL2x`JC# zVs2`Aeo?legn<}Hid&c;DixfXTw0V_Qfa7QAP16R78Xa7Q3y#bE>UoHG>{YLHLx%+ zG%^Ju10$m-ab80UAZ=;@22lpixq}HeMV++%Zd#LB^gzLJ(w|zd*X7SC*FT6@{%+V7HE;ws80 zQ&ha@yG1b5jM zDUQ~B_{2>8)C7;U?EwOvg{p04v29X%Q`RWh{(bK=ug}J2t7cT)CuTVlhi4WN+k<1W zq^EWF=UqN@LL^>_?_NKzfNUP`{gqWL<~lEK?w$5L(lzK}y4S6LT;*xqFC-$)uZ*;D z{V~_!Nr&eZ=dZ^b*K_uCFI{$SZjjo>MTvRks%HY`-+xtG-nDzf