001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security.provider;
019
020import static org.junit.Assert.assertEquals;
021import static org.junit.Assert.assertNotSame;
022import static org.junit.Assert.assertSame;
023
024import java.io.IOException;
025import java.net.InetAddress;
026import java.util.HashMap;
027import java.util.Map;
028import javax.security.sasl.SaslClient;
029import org.apache.hadoop.conf.Configuration;
030import org.apache.hadoop.hbase.HBaseClassTestRule;
031import org.apache.hadoop.hbase.HBaseConfiguration;
032import org.apache.hadoop.hbase.security.SecurityInfo;
033import org.apache.hadoop.hbase.security.User;
034import org.apache.hadoop.hbase.testclassification.SecurityTests;
035import org.apache.hadoop.hbase.testclassification.SmallTests;
036import org.apache.hadoop.security.UserGroupInformation.AuthenticationMethod;
037import org.apache.hadoop.security.token.Token;
038import org.apache.hadoop.security.token.TokenIdentifier;
039import org.junit.ClassRule;
040import org.junit.Test;
041import org.junit.experimental.categories.Category;
042
043import org.apache.hadoop.hbase.shaded.protobuf.generated.RPCProtos.UserInformation;
044
045@Category({ SmallTests.class, SecurityTests.class })
046public class TestSaslClientAuthenticationProviders {
047
048  @ClassRule
049  public static final HBaseClassTestRule CLASS_RULE =
050    HBaseClassTestRule.forClass(TestSaslClientAuthenticationProviders.class);
051
052  @Test
053  public void testCannotAddTheSameProviderTwice() {
054    HashMap<Byte, SaslClientAuthenticationProvider> registeredProviders = new HashMap<>();
055    SaslClientAuthenticationProvider p1 = new SimpleSaslClientAuthenticationProvider();
056    SaslClientAuthenticationProvider p2 = new SimpleSaslClientAuthenticationProvider();
057
058    SaslClientAuthenticationProviders.addProviderIfNotExists(p1, registeredProviders);
059    assertEquals(1, registeredProviders.size());
060
061    try {
062      SaslClientAuthenticationProviders.addProviderIfNotExists(p2, registeredProviders);
063    } catch (RuntimeException e) {
064    }
065
066    assertSame("Expected the original provider to be present", p1,
067      registeredProviders.entrySet().iterator().next().getValue());
068  }
069
070  @Test
071  public void testInstanceIsCached() {
072    Configuration conf = HBaseConfiguration.create();
073    SaslClientAuthenticationProviders providers1 =
074      SaslClientAuthenticationProviders.getInstance(conf);
075    SaslClientAuthenticationProviders providers2 =
076      SaslClientAuthenticationProviders.getInstance(conf);
077    assertSame(providers1, providers2);
078
079    SaslClientAuthenticationProviders.reset();
080
081    SaslClientAuthenticationProviders providers3 =
082      SaslClientAuthenticationProviders.getInstance(conf);
083    assertNotSame(providers1, providers3);
084    assertEquals(providers1.getNumRegisteredProviders(), providers3.getNumRegisteredProviders());
085  }
086
087  @Test(expected = RuntimeException.class)
088  public void testDifferentConflictingImplementationsFail() {
089    Configuration conf = HBaseConfiguration.create();
090    conf.setStrings(SaslClientAuthenticationProviders.EXTRA_PROVIDERS_KEY,
091      ConflictingProvider1.class.getName(), ConflictingProvider2.class.getName());
092    SaslClientAuthenticationProviders.getInstance(conf);
093  }
094
095  static class ConflictingProvider1 implements SaslClientAuthenticationProvider {
096    static final SaslAuthMethod METHOD1 =
097      new SaslAuthMethod("FOO", (byte) 12, "DIGEST-MD5", AuthenticationMethod.SIMPLE);
098
099    public ConflictingProvider1() {
100    }
101
102    @Override
103    public SaslAuthMethod getSaslAuthMethod() {
104      return METHOD1;
105    }
106
107    @Override
108    public String getTokenKind() {
109      return null;
110    }
111
112    @Override
113    public SaslClient createClient(Configuration conf, InetAddress serverAddr,
114      SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean fallbackAllowed,
115      Map<String, String> saslProps) throws IOException {
116      return null;
117    }
118
119    @Override
120    public UserInformation getUserInfo(User user) {
121      return null;
122    }
123  }
124
125  static class ConflictingProvider2 implements SaslClientAuthenticationProvider {
126    static final SaslAuthMethod METHOD2 =
127      new SaslAuthMethod("BAR", (byte) 12, "DIGEST-MD5", AuthenticationMethod.SIMPLE);
128
129    public ConflictingProvider2() {
130    }
131
132    @Override
133    public SaslAuthMethod getSaslAuthMethod() {
134      return METHOD2;
135    }
136
137    @Override
138    public String getTokenKind() {
139      return null;
140    }
141
142    @Override
143    public SaslClient createClient(Configuration conf, InetAddress serverAddr,
144      SecurityInfo securityInfo, Token<? extends TokenIdentifier> token, boolean fallbackAllowed,
145      Map<String, String> saslProps) throws IOException {
146      return null;
147    }
148
149    @Override
150    public UserInformation getUserInfo(User user) {
151      return null;
152    }
153  }
154}