Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertThrows;
022
023import java.io.IOException;
024import java.util.Map;
025import javax.security.sasl.Sasl;
026import org.apache.hadoop.hbase.HBaseClassTestRule;
027import org.apache.hadoop.hbase.testclassification.SecurityTests;
028import org.apache.hadoop.hbase.testclassification.SmallTests;
029import org.junit.ClassRule;
030import org.junit.Rule;
031import org.junit.Test;
032import org.junit.experimental.categories.Category;
033import org.junit.rules.ExpectedException;
034
035@Category({ SecurityTests.class, SmallTests.class })
036public class TestSaslUtil {
037
038  @ClassRule
039  public static final HBaseClassTestRule CLASS_RULE =
040    HBaseClassTestRule.forClass(TestSaslUtil.class);
041
042  @Rule
043  public ExpectedException exception = ExpectedException.none();
044
045  @Test
046  public void testInitSaslProperties() {
047    Map<String, String> props;
048
049    props = SaslUtil.initSaslProperties("integrity");
050    assertEquals("auth-int", props.get(Sasl.QOP));
051
052    props = SaslUtil.initSaslProperties("privacy,authentication");
053    assertEquals("auth-conf,auth", props.get(Sasl.QOP));
054
055    props = SaslUtil.initSaslProperties("integrity,authentication,privacy");
056    assertEquals("auth-int,auth,auth-conf", props.get(Sasl.QOP));
057
058    exception.expect(IllegalArgumentException.class);
059    props = SaslUtil.initSaslProperties("xyz");
060    assertEquals("auth", props.get(Sasl.QOP));
061
062    exception.expect(IllegalArgumentException.class);
063    props = SaslUtil.initSaslProperties("");
064    assertEquals("auth", props.get(Sasl.QOP));
065  }
066
067  @Test
068  public void testVerifyQop() throws IOException {
069    String nullQop = null;
070    String authentication = "auth";
071    String integrity = "auth-int";
072    String confidentality = "auth-conf";
073    String anyQop = "auth-conf,auth-int,auth";
074
075    // Empty requested, got empty
076    SaslUtil.verifyNegotiatedQop(nullQop, nullQop);
077
078    // Auth requested, got null
079    SaslUtil.verifyNegotiatedQop(authentication, nullQop);
080
081    // Auth requested, got auth
082    SaslUtil.verifyNegotiatedQop(authentication, authentication);
083
084    // Auth requested, got confidentiality.
085    assertThrows(IOException.class,
086      () -> SaslUtil.verifyNegotiatedQop(authentication, confidentality));
087
088    // Integrity requested requested, got null
089    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(integrity, nullQop));
090
091    // Integrity requested requested, got auth
092    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(integrity, authentication));
093
094    // Integrity requested requested, got conf
095    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(integrity, authentication));
096
097    // Confidentiality requested requested, got null
098    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(confidentality, nullQop));
099
100    // Confidentiality requested requested, got auth
101    assertThrows(IOException.class,
102      () -> SaslUtil.verifyNegotiatedQop(confidentality, authentication));
103
104    // Confidentiality requested requested, got integrity
105    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(confidentality, integrity));
106
107    // Confidentiality requested requested, got confidentiality
108    assertThrows(IOException.class, () -> SaslUtil.verifyNegotiatedQop(confidentality, integrity));
109
110    // Any requested, got null
111    SaslUtil.verifyNegotiatedQop(anyQop, null);
112
113    // Any requested, got auth
114    SaslUtil.verifyNegotiatedQop(anyQop, authentication);
115
116    // Any requested, got integrity
117    SaslUtil.verifyNegotiatedQop(anyQop, integrity);
118
119    // Any requested, got confidentiality
120    SaslUtil.verifyNegotiatedQop(anyQop, confidentality);
121  }
122}