HADOOP-16014. Fix test, checkstyle and javadoc issues in TestKerberosAuthenticationHandler. Contributed by Dinesh Chitlangia.

2018-12-21 13:30:48 -08:00 · 2018-12-21 13:30:48 -08:00 · 2499435d9d
commit 2499435d9d
parent ea724181d6
1 changed files with 63 additions and 35 deletions
--- a/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
+++ b/hadoop-common-project/hadoop-auth/src/test/java/org/apache/hadoop/security/authentication/server/TestKerberosAuthenticationHandler.java
@ -26,11 +26,12 @@
 import org.junit.After;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.Timeout;
 import org.mockito.Mockito;
 import org.ietf.jgss.Oid;
 import javax.security.auth.Subject;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@ -38,15 +39,19 @@
 import java.io.File;
 import java.security.Principal;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Properties;
 import java.util.Set;
 import java.util.concurrent.Callable;
 /**
 * Tests for Kerberos Authentication Handler.
 */
 public class TestKerberosAuthenticationHandler
    extends KerberosSecurityTestcase {
  @Rule
  public Timeout globalTimeout = Timeout.millis(60000);
  protected KerberosAuthenticationHandler handler;
  protected KerberosAuthenticationHandler getNewAuthenticationHandler() {
@ -74,8 +79,10 @@ public void setup() throws Exception {
    File keytabFile = new File(KerberosTestUtils.getKeytabFile());
    String clientPrincipal = KerberosTestUtils.getClientPrincipal();
    String serverPrincipal = KerberosTestUtils.getServerPrincipal();
-    clientPrincipal = clientPrincipal.substring(0, clientPrincipal.lastIndexOf("@"));
+    clientPrincipal = clientPrincipal.substring(0,
-    serverPrincipal = serverPrincipal.substring(0, serverPrincipal.lastIndexOf("@"));
+        clientPrincipal.lastIndexOf("@"));
    serverPrincipal = serverPrincipal.substring(0,
        serverPrincipal.lastIndexOf("@"));
    getKdc().createPrincipal(keytabFile, clientPrincipal, serverPrincipal);
    // handler
    handler = getNewAuthenticationHandler();
@ -88,7 +95,7 @@ public void setup() throws Exception {
    }
  }
-  @Test(timeout=60000)
+  @Test
  public void testNameRules() throws Exception {
    KerberosName kn = new KerberosName(KerberosTestUtils.getServerPrincipal());
    Assert.assertEquals(KerberosTestUtils.getRealm(), kn.getRealm());
@ -100,7 +107,8 @@ public void testNameRules() throws Exception {
    handler = getNewAuthenticationHandler();
    Properties props = getDefaultProperties();
-    props.setProperty(KerberosAuthenticationHandler.NAME_RULES, "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
+    props.setProperty(KerberosAuthenticationHandler.NAME_RULES,
        "RULE:[1:$1@$0](.*@BAR)s/@.*//\nDEFAULT");
    try {
      handler.init(props);
    } catch (Exception ex) {
@ -111,13 +119,12 @@ public void testNameRules() throws Exception {
    try {
      kn.getShortName();
      Assert.fail();
-    }
+    } catch (Exception ex) {
    catch (Exception ex) {      
    }
  }
-  @Test(timeout=60000)
+  @Test
-  public void testInit() throws Exception {
+  public void testInit() {
    Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());
    Set<KerberosPrincipal> principals = handler.getPrincipals();
    Principal expectedPrincipal =
@ -126,8 +133,11 @@ public void testInit() throws Exception {
    Assert.assertEquals(1, principals.size());
  }
-  // dynamic configuration of HTTP principals
+  /**
-  @Test(timeout=60000)
+   * Tests dynamic configuration of HTTP principals.
    * @throws Exception
   */
  @Test
  public void testDynamicPrincipalDiscovery() throws Exception {
    String[] keytabUsers = new String[]{
        "HTTP/host1", "HTTP/host2", "HTTP2/host1", "XHTTP/host"
@ -143,7 +153,8 @@ public void testDynamicPrincipalDiscovery() throws Exception {
    handler = getNewAuthenticationHandler();
    handler.init(props);
-    Assert.assertEquals(KerberosTestUtils.getKeytabFile(), handler.getKeytab());    
+    Assert.assertEquals(KerberosTestUtils.getKeytabFile(),
        handler.getKeytab());
    Set<KerberosPrincipal> loginPrincipals = handler.getPrincipals();
    for (String user : keytabUsers) {
@ -155,9 +166,13 @@ public void testDynamicPrincipalDiscovery() throws Exception {
    }
  }
-  // dynamic configuration of HTTP principals
+  /**
-  @Test(timeout=60000)
+   * Tests dynamic principal discovery for missing principals.
-  public void testDynamicPrincipalDiscoveryMissingPrincipals() throws Exception {
+   * @throws Exception
   */
  @Test
  public void testDynamicPrincipalDiscoveryMissingPrincipals()
      throws Exception {
    String[] keytabUsers = new String[]{"hdfs/localhost"};
    String keytab = KerberosTestUtils.getKeytabFile();
    getKdc().createPrincipal(new File(keytab), keytabUsers);
@ -179,32 +194,37 @@ public void testDynamicPrincipalDiscoveryMissingPrincipals() throws Exception {
    }
  }
-  @Test(timeout=60000)
+  @Test
-  public void testType() throws Exception {
+  public void testType() {
    Assert.assertEquals(getExpectedType(), handler.getType());
  }
  @Test
  public void testRequestWithoutAuthorization() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
    Assert.assertNull(handler.authenticate(request, response));
-    Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE);
+    Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE,
        KerberosAuthenticator.NEGOTIATE);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  }
  @Test
  public void testRequestWithInvalidAuthorization() throws Exception {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
-    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn("invalid");
+    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION))
        .thenReturn("invalid");
    Assert.assertNull(handler.authenticate(request, response));
-    Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE, KerberosAuthenticator.NEGOTIATE);
+    Mockito.verify(response).setHeader(KerberosAuthenticator.WWW_AUTHENTICATE,
        KerberosAuthenticator.NEGOTIATE);
    Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
  }
-  @Test(timeout=60000)
+  @Test
-  public void testRequestWithIncompleteAuthorization() throws Exception {
+  public void testRequestWithIncompleteAuthorization() {
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
@ -220,6 +240,7 @@ public void testRequestWithIncompleteAuthorization() throws Exception {
    }
  }
  @Test
  public void testRequestWithAuthorization() throws Exception {
    String token = KerberosTestUtils.doAsClient(new Callable<String>() {
      @Override
@ -228,7 +249,8 @@ public String call() throws Exception {
        GSSContext gssContext = null;
        try {
          String servicePrincipal = KerberosTestUtils.getServerPrincipal();
-          Oid oid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
+          Oid oid =
              KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL");
          GSSName serviceName = gssManager.createName(servicePrincipal,
              oid);
          oid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
@ -238,7 +260,8 @@ public String call() throws Exception {
          gssContext.requestMutualAuth(true);
          byte[] inToken = new byte[0];
-          byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length);
+          byte[] outToken =
              gssContext.initSecContext(inToken, 0, inToken.length);
          Base64 base64 = new Base64(0);
          return base64.encodeToString(outToken);
@ -260,29 +283,34 @@ public String call() throws Exception {
    AuthenticationToken authToken = handler.authenticate(request, response);
    if (authToken != null) {
-      Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE),
+      Mockito.verify(response)
-                                         Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
+          .setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE),
              Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
      Mockito.verify(response).setStatus(HttpServletResponse.SC_OK);
-      Assert.assertEquals(KerberosTestUtils.getClientPrincipal(), authToken.getName());
+      Assert.assertEquals(KerberosTestUtils.getClientPrincipal(),
-      Assert.assertTrue(KerberosTestUtils.getClientPrincipal().startsWith(authToken.getUserName()));
+          authToken.getName());
      Assert.assertTrue(KerberosTestUtils.getClientPrincipal()
          .startsWith(authToken.getUserName()));
      Assert.assertEquals(getExpectedType(), authToken.getType());
    } else {
-      Mockito.verify(response).setHeader(Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE),
+      Mockito.verify(response).setHeader(
-                                         Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
+          Mockito.eq(KerberosAuthenticator.WWW_AUTHENTICATE),
          Mockito.matches(KerberosAuthenticator.NEGOTIATE + " .*"));
      Mockito.verify(response).setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
  }
-  public void testRequestWithInvalidKerberosAuthorization() throws Exception {
+  @Test
  public void testRequestWithInvalidKerberosAuthorization() {
    String token = new Base64(0).encodeToString(new byte[]{0, 1, 2});
    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
-    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION)).thenReturn(
+    Mockito.when(request.getHeader(KerberosAuthenticator.AUTHORIZATION))
-      KerberosAuthenticator.NEGOTIATE + token);
+        .thenReturn(KerberosAuthenticator.NEGOTIATE + token);
    try {
      handler.authenticate(request, response);