Startsida Utforska Hjälp
Registrera dig Logga in
github
/
spring-security
spegling av https://github.com/spring-projects/spring-security
2
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

SEC-2602: Add test support for x509 certificate

Rob Winch 11 år sedan
förälder
ecb4296540
incheckning
c8348d60e1
3 ändrade filer med 112 tillägg och 0 borttagningar
Delad Vy Visa Diff Statistik
  1. 52 0
      test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
  2. 60 0
      test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
  3. BIN
      test/src/test/resources/rod.cer

+ 52 - 0
test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java
Visa fil 

@@ -15,7 +15,12 @@
 
  */
 
 package org.springframework.security.test.web.servlet.request;
 
 
+import java.io.IOException;
 
+import java.io.InputStream;
 
 import java.io.UnsupportedEncodingException;
 
+import java.security.cert.CertificateException;
 
+import java.security.cert.CertificateFactory;
 
+import java.security.cert.X509Certificate;
 
 import java.util.ArrayList;
 
 import java.util.Arrays;
 
 import java.util.Collection;
 
@@ -24,6 +29,9 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
 import javax.servlet.http.HttpServletResponse;
 
 
+import org.springframework.core.io.DefaultResourceLoader;
 
+import org.springframework.core.io.Resource;
 
+import org.springframework.core.io.ResourceLoader;
 
 import org.springframework.mock.web.MockHttpServletRequest;
 
 import org.springframework.mock.web.MockHttpServletResponse;
 
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 
@@ -55,6 +63,32 @@ import org.springframework.util.Assert;
 
  */
 
 public final class SecurityMockMvcRequestPostProcessors {
 
 
+    /**
 
+     * Populates the provided X509Certificate instances on the request.
 
+     * @param certificates the X509Certificate instances to pouplate
 
+     * @return the {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
 
+     */
 
+    public static RequestPostProcessor x509(X509Certificate... certificates) {
 
+        return new X509RequestPostProcessor(certificates);
 
+    }
 
+
 
+    /**
 
+     * Finds an X509Cetificate using a resoureName and populates it on the request.
 
+     *
 
+     * @param resourceName the name of the X509Certificate resource
 
+     * @return the {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
 
+     * @throws IOException
 
+     * @throws CertificateException
 
+     */
 
+    public static RequestPostProcessor x509(String resourceName) throws IOException, CertificateException {
 
+        ResourceLoader loader = new DefaultResourceLoader();
 
+        Resource resource = loader.getResource(resourceName);
 
+        InputStream inputStream = resource.getInputStream();
 
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
 
+        X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(inputStream);
 
+        return x509(certificate);
 
+    }
 
+
 
     /**
 
      * Creates a {@link RequestPostProcessor} that will automatically populate a
 
      * valid {@link CsrfToken} in the request.
 
@@ -142,6 +176,24 @@ public final class SecurityMockMvcRequestPostProcessors {
 
         return new HttpBasicRequestPostProcessor(username, password);
 
     }
 
 
+    /**
 
+     * Populates the X509Certificate instances onto the request
 
+     */
 
+    private static class X509RequestPostProcessor implements RequestPostProcessor {
 
+        private final X509Certificate[] certificates;
 
+
 
+        private X509RequestPostProcessor(X509Certificate... certificates) {
 
+            Assert.notNull("X509Certificate cannot be null");
 
+            this.certificates = certificates;
 
+        }
 
+
 
+        @Override
 
+        public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
 
+            request.setAttribute("javax.servlet.request.X509Certificate", certificates);
 
+            return request;
 
+        }
 
+    }
 
+
 
     /**
 
      * Populates a valid {@link CsrfToken} into the request.
 
      *

+ 60 - 0
test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java
Visa fil 

@@ -0,0 +1,60 @@
 
+/*
 
+ * Copyright 2002-2014 the original author or authors.
 
+ *
 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ *
 
+ *      http://www.apache.org/licenses/LICENSE-2.0
 
+ *
 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+package org.springframework.security.test.web.servlet.request;
 
+
 
+import org.junit.Before;
 
+import org.junit.Test;
 
+import org.junit.runner.RunWith;
 
+import org.mockito.Mock;
 
+import org.mockito.runners.MockitoJUnitRunner;
 
+import org.springframework.mock.web.MockHttpServletRequest;
 
+
 
+import java.security.cert.X509Certificate;
 
+
 
+import static org.fest.assertions.Assertions.assertThat;
 
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
 
+
 
+@RunWith(MockitoJUnitRunner.class)
 
+public class SecurityMockMvcRequestPostProcessorsCertificateTests {
 
+    @Mock
 
+    private X509Certificate certificate;
 
+
 
+    private MockHttpServletRequest request;
 
+
 
+    @Before
 
+    public void setup() {
 
+        request = new MockHttpServletRequest();
 
+    }
 
+
 
+    @Test
 
+    public void x509SingleCertificate() {
 
+        MockHttpServletRequest postProcessedRequest = x509(certificate).postProcessRequest(request);
 
+
 
+        X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest.getAttribute("javax.servlet.request.X509Certificate");
 
+
 
+        assertThat(certificates).containsOnly(certificate);
 
+    }
 
+
 
+    @Test
 
+    public void x509ResourceName() throws Exception {
 
+        MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(request);
 
+
 
+        X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest.getAttribute("javax.servlet.request.X509Certificate");
 
+
 
+        assertThat(certificates.length).isEqualTo(1);
 
+        assertThat(certificates[0].getSubjectDN().getName()).isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework");
 
+    }
 
+}

BIN
test/src/test/resources/rod.cer
Visa fil