Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import static org.junit.jupiter.api.Assertions.assertEquals;
021import static org.junit.jupiter.api.Assertions.assertThrows;
022
023import java.io.IOException;
024import java.util.Map;
025import javax.security.sasl.Sasl;
026import org.apache.hadoop.hbase.testclassification.SecurityTests;
027import org.apache.hadoop.hbase.testclassification.SmallTests;
028import org.junit.jupiter.api.Tag;
029import org.junit.jupiter.api.Test;
030
031@Tag(SecurityTests.TAG)
032@Tag(SmallTests.TAG)
033public class TestSaslUtil {
034
035  @Test
036  public void testInitSaslProperties() {
037    Map<String, String> props;
038
039    props = SaslUtil.initSaslProperties("integrity");
040    assertEquals("auth-int", props.get(Sasl.QOP));
041
042    props = SaslUtil.initSaslProperties("privacy,authentication");
043    assertEquals("auth-conf,auth", props.get(Sasl.QOP));
044
045    props = SaslUtil.initSaslProperties("integrity,authentication,privacy");
046    assertEquals("auth-int,auth,auth-conf", props.get(Sasl.QOP));
047
048    assertThrows(IllegalArgumentException.class, () -> {
049      Map<String, String> invalidProps = SaslUtil.initSaslProperties("xyz");
050      assertEquals("auth", invalidProps.get(Sasl.QOP));
051    });
052
053    props = SaslUtil.initSaslProperties("");
054    assertEquals("auth", props.get(Sasl.QOP));
055  }
056
057  @Test
058  public void testVerifyQop() throws IOException {
059    String nullQop = null;
060    String authentication = "auth";
061    String integrity = "auth-int";
062    String confidentality = "auth-conf";
063    String anyQop = "auth-conf,auth-int,auth";
064
065    // Empty requested, got empty
066    SaslUtil.verifyNegotiatedQop(nullQop, nullQop);
067
068    // Auth requested, got null
069    SaslUtil.verifyNegotiatedQop(authentication, nullQop);
070
071    // Auth requested, got auth
072    SaslUtil.verifyNegotiatedQop(authentication, authentication);
073
074    // Auth requested, got confidentiality.
075    assertThrows(IOException.class,
076      () -> SaslUtil.verifyNegotiatedQop(authentication, confidentality));
077
078    // Integrity requested requested, got null
079    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(integrity, nullQop));
080
081    // Integrity requested requested, got auth
082    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(integrity, authentication));
083
084    // Integrity requested requested, got conf
085    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(integrity, authentication));
086
087    // Confidentiality requested requested, got null
088    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(confidentality, nullQop));
089
090    // Confidentiality requested requested, got auth
091    assertThrows(IOException.class,
092      () -> SaslUtil.verifyNegotiatedQop(confidentality, authentication));
093
094    // Confidentiality requested requested, got integrity
095    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(confidentality, integrity));
096
097    // Confidentiality requested requested, got confidentiality
098    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(confidentality, integrity));
099
100    // Any requested, got null
101    SaslUtil.verifyNegotiatedQop(anyQop, null);
102
103    // Any requested, got auth
104    SaslUtil.verifyNegotiatedQop(anyQop, authentication);
105
106    // Any requested, got integrity
107    SaslUtil.verifyNegotiatedQop(anyQop, integrity);
108
109    // Any requested, got confidentiality
110    SaslUtil.verifyNegotiatedQop(anyQop, confidentality);
111  }
112}