Examples of KeyStoreLoginModule

• com.sun.security.auth.module.KeyStoreLoginModule
  Provides a JAAS login module that prompts for a key store alias and populates the subject with the alias's principal and credentials. Stores an X500Principal for the subject distinguished name of the first certificate in the alias's credentials in the subject's principals, the alias's certificate path in the subject's public credentials, and a X500PrivateCredential whose certificate is the first certificate in the alias's certificate path and whose private key is the alias's private key in the subject's private credentials.

  Recognizes the following options in the configuration file:

  keyStoreURL

  A URL that specifies the location of the key store. Defaults to a URL pointing to the .keystore file in the directory specified by the user.home system property. The input stream from this URL is passed to the KeyStore.load method. "NONE" may be specified if a null stream must be passed to the KeyStore.load method. "NONE" should be specified if the KeyStore resides on a hardware token device, for example.

  keyStoreType

  The key store type. If not specified, defaults to the result of calling KeyStore.getDefaultType(). If the type is "PKCS11", then keyStoreURL must be "NONE" and privateKeyPasswordURL must not be specified.

  keyStoreProvider

  The key store provider. If not specified, uses the standard search order to find the provider.

  keyStoreAlias

  The alias in the key store to login as. Required when no callback handler is provided. No default value.

  keyStorePasswordURL

  A URL that specifies the location of the key store password. Required when no callback handler is provided and protected is false. No default value.

  privateKeyPasswordURL

  A URL that specifies the location of the specific private key password needed to access the private key for this alias. The keystore password is used if this value is needed and not specified.

  protected

  This value should be set to "true" if the KeyStore has a separate, protected authentication path (for example, a dedicated PIN-pad attached to a smart card). Defaults to "false". If "true" keyStorePasswordURL and privateKeyPasswordURL must not be specified.

• org.apache.harmony.auth.module.KeyStoreLoginModule

Examples of com.sun.security.auth.module.KeyStoreLoginModule

    private static void testInvalidOptions() throws Exception {

        // if keyStoreType is PKCS11, keyStoreURL must be NONE

        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        options.put(O_TYPE, P11KEYSTORE);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }

        // if keyStoreType is PKCS11, keyStoreURL is NONE,
        // then privateKeyPasswordURL must not be specified

        options = new HashMap();
        options.put(O_TYPE, P11KEYSTORE);
        options.put(O_URL, NONE);
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }

        // if protected is true, keyStorePasswordURL must not be specified

        options = new HashMap();
        options.put(O_PPATH, "true");
        options.put(O_SPASS_URL, SPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }

        // if protected is true, privateKeyPasswordURL must not be specified

        options = new HashMap();
        options.put(O_PPATH, "true");
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");

Examples of com.sun.security.auth.module.KeyStoreLoginModule

    private static void testNullCallbackHandler() throws Exception {

        // no options (missing alias)

        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }

        // missing passwords

        options.put(O_ALIAS, ALIAS);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }

        // no private key password
        // (private key password is different from store password)

        options.put(O_SPASS_URL, SPASS_URL);
        m.initialize(s, null, null, options);
        try {
            m.login();
            throw new SecurityException("expected exception");
        } catch (LoginException le) {
            // good
            //le.printStackTrace();
            System.out.println("test " + testnum++ + " passed");
        }

        // all necessary options
        // (private key password is different from store password)

        options.put(O_URL, URL);
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);
        m.login();
        System.out.println("test " + testnum++ + " passed");
    }

Examples of com.sun.security.auth.module.KeyStoreLoginModule

        System.out.println("test " + testnum++ + " passed");
    }

    private static void testWithCallbackHandler() throws Exception {

        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        options.put(O_URL, URL);

        CallbackHandler goodHandler = new MyCallbackHandler(true);
        m.initialize(s, goodHandler, null, options);
        m.login();
        System.out.println("test " + testnum++ + " passed");

        CallbackHandler badHandler = new MyCallbackHandler(false);
        m.initialize(s, badHandler, null, options);
        try {
            m.login();
            throw new SecurityException("expected LoginException");
        } catch (LoginException le) {
            // good
            System.out.println("test " + testnum++ + " passed");
        }

Examples of com.sun.security.auth.module.KeyStoreLoginModule

    private static void testReadOnly() throws Exception {

        // setup

        KeyStoreLoginModule m = new KeyStoreLoginModule();
        Subject s = new Subject();
        Map options = new HashMap();
        options.put(O_URL, URL);
        options.put(O_ALIAS, ALIAS);
        options.put(O_SPASS_URL, SPASS_URL);
        options.put(O_KPASS_URL, KPASS_URL);
        m.initialize(s, null, null, options);

        // login first
        m.login();
        m.commit();
        System.out.println("test " + testnum++ + " passed");

        // test regular logout
        m.logout();
        if (s.getPrincipals().size() != 0) {
            throw new SecurityException("expected no principals");
        }
        if (s.getPublicCredentials().size() != 0) {
            throw new SecurityException("expected no public creds");
        }
        if (s.getPrivateCredentials().size() != 0) {
            throw new SecurityException("expected no private creds");
        }
        System.out.println("test " + testnum++ + " passed");

        // login again
        m.login();
        m.commit();
        System.out.println("test " + testnum++ + " passed");

        // set subject to read-only
        s.setReadOnly();

        // try to logout
        try {
            m.logout();
            throw new SecurityException("expected login exception");
        } catch (LoginException le) {
            // good
            System.out.println("test " + testnum++ + " passed");
        }

Examples of org.apache.harmony.auth.module.KeyStoreLoginModule

            + Support_Resources.getAbsoluteResourcePath("fault_pass");

    private final String KEYSTORE_ALIAS = "mykey";

    public void test_abort() throws LoginException {
        KeyStoreLoginModule ksm = new KeyStoreLoginModule();
        try {
            assertFalse("Should return false if login failed or no login", ksm
                    .abort());
        } catch (LoginException e) {
            fail("Abort failed");
        }
        Subject subject = new Subject();
        subject.setReadOnly();
        ksm.initialize(subject, null, null, options);
        try {
            assertFalse("Should return false if login failed or no login", ksm
                    .abort());
        } catch (Exception e) {
            fail("Not any exception here");
        }
        options.remove("keyStorePasswordURL");
        options.put("keyStorePasswordURL", KEYSTORE_FAULTPASSWORD_URL);
        subject = new Subject();
        ksm.initialize(subject, null, null, options);
        try {
            ksm.login();
            fail("login should fail");
        } catch (LoginException e) {
            assertFalse("Should return false because of login failure", ksm
                    .abort());
        }
        options.remove("keyStorePasswordURL");
        options.put("keyStorePasswordURL", KEYSTORE_PASSWORD_URL);
        subject = new Subject();
        ksm.initialize(subject, null, null, options);
        ksm.login();
        assertTrue("Should return true if login was successful", ksm
                .abort());
    }

Examples of org.apache.harmony.auth.module.KeyStoreLoginModule

        assertTrue("Should return true if login was successful", ksm
                .abort());
    }

    public void test_commit() {
        KeyStoreLoginModule module = new KeyStoreLoginModule();
        Subject subject = new Subject();
        module.initialize(subject, null, null, options);
        try {
            assertTrue("Login should be successful", module.login());
            module.commit();
        } catch (LoginException e) {
            e.printStackTrace();
            fail("Login shouldn't fail");
        }
        Set<Principal> principals = subject.getPrincipals();
        assertFalse("Should get at least one principal", principals.isEmpty());
        Set<Object> subjects = subject.getPrivateCredentials();
        assertFalse("Should get at least one private credential", subjects
                .isEmpty());
        Set<Object> subjects2 = subject.getPublicCredentials();
        assertFalse("Should get at least one public credential", subjects2
                .isEmpty());
        subject = new Subject();
        subject.setReadOnly();
        module.initialize(subject, null, null, options);
        try {
            assertFalse("Commit shouldn't be successful", module.commit());
            fail("Should throw LoginException here because of trying to clear read-only subject");
        } catch (LoginException e) {
            // expected LoginException here
        }

Examples of org.apache.harmony.auth.module.KeyStoreLoginModule

        }

    }

    public void test_initialize() {
        KeyStoreLoginModule module = new KeyStoreLoginModule();
        try {
            module.initialize(null, null, null, null);
            fail("Should throw NullPointerException here.");
        } catch (NullPointerException e) {
            // expected NullPointerException
        }
    }

Examples of org.apache.harmony.auth.module.KeyStoreLoginModule

            // expected NullPointerException
        }
    }

    public void test_login() {
        KeyStoreLoginModule module = new KeyStoreLoginModule();
        HashMap<String, String> emptyOptions = new HashMap<String, String>();
        module.initialize(null, null, null, emptyOptions);
        try {
            module.login();
            fail("Should throw LoginException here.");
        } catch (LoginException e) {
            // expected LoginException
        }

        Subject subject = new Subject();
        module.initialize(subject, null, null, options);
        try {
            assertTrue("Login should be successful", module.login());
        } catch (LoginException e) {
            fail("Login shouldn't fail");
        }
        options.put("keyStorePasswordURL", KEYSTORE_FAULTPASSWORD_URL);
        module.initialize(subject, null, null, options);
        try {
            assertFalse("Login shouldn't be successful", module.login());
            fail("Login should fail");
        } catch (LoginException e) {
            // expected Loginexception here
        }
    }

Examples of org.apache.harmony.auth.module.KeyStoreLoginModule

            // expected Loginexception here
        }
    }

    public void test_logout() {
        KeyStoreLoginModule module = new KeyStoreLoginModule();
        Subject subject = new Subject();
        module.initialize(subject, null, null, options);
        try {
            assertTrue("Login should be successful", module.login());
            module.commit();
        } catch (LoginException e) {
            fail("Login shouldn't fail");
        }
        Set<Principal> principals = subject.getPrincipals();
        assertFalse("Should get at least one principal", principals.isEmpty());
        Set<Object> subjects = subject.getPrivateCredentials();
        assertFalse("Should get at least one private credential", subjects
                .isEmpty());
        Set<Object> subjects2 = subject.getPublicCredentials();
        assertFalse("Should get at least one public credential", subjects2
                .isEmpty());
        try {
            assertTrue("Should be true", module.logout());
        } catch (LoginException e) {
            fail("Logout failed");
        }
        principals = subject.getPrincipals();
        assertTrue("Principals should be cleared", principals.isEmpty());

Examples of org.apache.harmony.auth.module.KeyStoreLoginModule

            + Support_Resources.getAbsoluteResourcePath("fault_pass");

    private final String KEYSTORE_ALIAS = "mykey";

    public void test_abort() throws LoginException {
        KeyStoreLoginModule ksm = new KeyStoreLoginModule();
        try {
            assertFalse("Should return false if login failed or no login", ksm
                    .abort());
        } catch (LoginException e) {
            fail("Abort failed");
        }
        Subject subject = new Subject();
        subject.setReadOnly();
        ksm.initialize(subject, null, null, options);

        assertFalse("Should return false if login failed or no login", ksm.abort());

        options.remove("keyStorePasswordURL");
        options.put("keyStorePasswordURL", KEYSTORE_FAULTPASSWORD_URL);
        subject = new Subject();
        ksm.initialize(subject, null, null, options);
        try {
            ksm.login();
            fail("login should fail");
        } catch (LoginException e) {
            assertFalse("Should return false because of login failure", ksm
                    .abort());
        }
        options.remove("keyStorePasswordURL");
        options.put("keyStorePasswordURL", KEYSTORE_PASSWORD_URL);
        subject = new Subject();
        ksm.initialize(subject, null, null, options);
        ksm.login();
        assertTrue("Should return true if login was successful", ksm
                .abort());
    }