Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import java.io.File;
- import javax.security.auth.kerberos.KerberosPrincipal;
- import javax.security.auth.login.LoginContext;
- import javax.security.auth.login.LoginException;
- import org.junit.BeforeClass;
- import org.junit.ClassRule;
- import org.junit.Test;
- import org.junit.rules.TemporaryFolder;
- import org.apache.log4j.Logger;
- import static org.hamcrest.Matchers.contains;
- import static org.hamcrest.Matchers.equalTo;
- import static org.hamcrest.Matchers.notNullValue;
- import static org.junit.Assert.assertThat;
- /**
- * Basic KDC tests - these just show that the test environment is properly
- * configured.
- *
- * IMPORTANT: The UserGroupInformation.loginUserFromKeytabAndReturnUGI() method
- * does not currently work with the KDC junit Rule. We must use the Subject-based
- * method when testing HDFS + Kerberos.
- */
- public class BasicKdcTest {
- @SuppressWarnings("unused")
- private static final Logger LOG = Logger.getLogger(BasicKdcTest.class);
- @ClassRule
- public static final TemporaryFolder tmpDir = new TemporaryFolder();
- @ClassRule
- public static final EmbeddedKdcResource kdc = new EmbeddedKdcResource();
- private static KerberosPrincipal alice;
- private static KerberosPrincipal bob;
- private static File keytabFile;
- private static File ticketCacheFile;
- private KerberosUtilities utils = new KerberosUtilities();
- @BeforeClass
- public static void createKeytabs() throws Exception {
- // create Kerberos principal and keytab filename.
- alice = new KerberosPrincipal("alice@" + kdc.getRealm());
- bob = new KerberosPrincipal("bob@" + kdc.getRealm());
- keytabFile = tmpDir.newFile("users.keytab");
- ticketCacheFile = tmpDir.newFile("krb5cc_alice");
- // create keytab file containing key for Alice but not Bob.
- kdc.createKeytabFile(keytabFile, "alice");
- }
- /**
- * Test LoginContext login without TGT ticket (success).
- *
- * @throws LoginException
- */
- @Test
- public void testLoginWithoutTgtSuccess() throws LoginException {
- final LoginContext lc = utils.getKerberosLoginContext(alice, keytabFile);
- lc.login();
- assertThat("subject does not contain expected principal", lc.getSubject().getPrincipals(),
- contains(alice));
- lc.logout();
- }
- /**
- * Test LoginContext login without TGT ticket (unknown user). This only
- * tests for missing keytab entry, not a valid keytab file with an unknown user.
- *
- * @throws LoginException
- */
- @Test(expected = LoginException.class)
- public void testLoginWithoutTgtUnknownUser() throws LoginException {
- @SuppressWarnings("unused")
- final LoginContext lc = utils.getKerberosLoginContext(bob, keytabFile);
- }
- /**
- * Test LoginContext login with TGT ticket.
- *
- * @throws LoginException
- */
- @Test
- public void testLoginWithTgtSuccess() throws LoginException {
- final LoginContext lc = utils.getKerberosLoginContext(alice, keytabFile, true, ticketCacheFile);
- lc.login();
- assertThat("subject does not contain expected principal", lc.getSubject().getPrincipals(),
- contains(alice));
- assertThat("ticket cache does not exist", ticketCacheFile.exists(), equalTo(true));
- lc.logout();
- }
- /**
- * Test LoginContext login with TGT ticket (unknown user). This only
- * tests for missing keytab entry, not a valid keytab file with an unknown user.
- *
- * @throws LoginException
- */
- @Test(expected = LoginException.class)
- public void testLoginWithTgtUnknownUser() throws LoginException {
- @SuppressWarnings("unused")
- final LoginContext lc = utils.getKerberosLoginContext(bob, keytabFile, true, ticketCacheFile);
- }
- /**
- * Test getKeyTab() method (success)
- */
- @Test
- public void testGetKeyTabSuccess() throws LoginException {
- assertThat("failed to see key", utils.getKeyTab(alice, keytabFile), notNullValue());
- }
- /**
- * Test getKeyTab() method (unknown user)
- */
- @Test(expected = LoginException.class)
- public void testGetKeyTabUnknownUser() throws LoginException {
- assertThat("failed to see key", utils.getKeyTab(bob, keytabFile), notNullValue());
- }
- }
Add Comment
Please, Sign In to add comment