Examples of org.apache.ace.authentication.processor.clientcert.ClientCertAuthenticationProcessor

• org.apache.ace.authentication.processor.clientcert.ClientCertAuthenticationProcessor
  Provides an {@link AuthenticationProcessor} that implements authentication based on certificates and looks up a user in the {@link UserAdmin} service using (by default, can be configured otherwise) the key "username". If a matching user is found, it is considered authenticated.

    /**
     * Tests that authenticating a known user with a valid certificate chain will not yield null.
     */
    @Test(groups = { UNIT })
    public void testAuthenticateKnownUserWithValidCertificateChainYieldsValidResult() throws ConfigurationException {
        ClientCertAuthenticationProcessor processor = createAuthorizationProcessor();

        final String lookupKey = "anyKey";
        final String matchPolicy = "dn";

        Properties props = new Properties();
        props.put(PROPERTY_USERNAME_LOOKUPKEY, lookupKey);
        props.put(PROPERTY_USERNAME_MATCH_POLICY, matchPolicy);
        props.put(PROPERTY_VERIFY_CERT_VALIDITY, "true");
        processor.updated(props);

        X509Certificate[] certChain = createValidCertificateChainWithDN("cn=Alice,dc=acme,dc=corp", "cn=Fido,ou=dev,dc=acme,dc=corp", "cn=Bob,ou=dev,dc=acme,dc=corp");

        when(m_servletRequest.getAttribute(ATTRIBUTE_X509_CERTIFICATE)).thenReturn(certChain);

        User user = mock(User.class);
        when(user.getName()).thenReturn("bob");

        when(m_userAdmin.getUser(eq(lookupKey), eq("CN=Bob,OU=dev,DC=acme,DC=corp"))).thenReturn(user);

        User result = processor.authenticate(m_userAdmin, m_servletRequest);
        assert result != null : "Expected a valid user to be returned!";

        assert "bob".equals(user.getName()) : "Expected bob to be returned as user!";
    }

        Properties props = new Properties();
        props.put(PROPERTY_USERNAME_LOOKUPKEY, lookupKey);
        props.put(PROPERTY_USERNAME_MATCH_POLICY, matchPolicy);
        props.put(PROPERTY_VERIFY_CERT_VALIDITY, "true");

        ClientCertAuthenticationProcessor processor = createAuthorizationProcessor();

        processor.updated(props);

        X509Certificate[] certificateChain = createValidCertificateChain("alice");

        // Test whether we can use the new properties...
        when(m_servletRequest.getAttribute(ATTRIBUTE_X509_CERTIFICATE)).thenReturn(certificateChain);

        User user = mock(User.class);
        when(user.getName()).thenReturn("alice");

        when(m_userAdmin.getUser(eq(lookupKey), eq("alice"))).thenReturn(user);

        User result = processor.authenticate(m_userAdmin, m_servletRequest);
        assert result != null : "Expected a valid user to be returned!";

        assert "alice".equals(user.getName()) : "Expected alice to be returned as user!";
    }

     * Creates a new {@link ClientCertAuthenticationProcessor} instance.
     *
     * @return a new authentication processor instance, never <code>null</code>.
     */
    private ClientCertAuthenticationProcessor createAuthorizationProcessor() {
        return new ClientCertAuthenticationProcessor(m_log);
    }