X509EvidenceVerificationSuiteChild.java

/*
 * JBoss, Home of Professional Open Source
 * Copyright 2016 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.security.ldap;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;

import org.junit.Test;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.X509PeerCertificateChainEvidence;

import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

/**
 * @author <a href="mailto:jkalina@redhat.com">Jan Kalina</a>
 */
public class X509EvidenceVerificationSuiteChild {

    @Test
    public void testX509Auth() throws Exception {

        SecurityRealm securityRealm = LdapSecurityRealmBuilder.builder()
                .setDirContextSupplier(LdapTestSuite.dirContextFactory.create())
                .identityMapping()
                    .setSearchDn("dc=elytron,dc=wildfly,dc=org")
                    .setRdnIdentifier("uid")
                    .build()
                .x509EvidenceVerifier()
                    .addSerialNumberCertificateVerifier("x509serialNumber")
                    .addSubjectDnCertificateVerifier("x509subject")
                    .addDigestCertificateVerifier("x509digest", "SHA-1")
                    .addEncodedCertificateVerifier("usercertificate")
                    .build()
                .build();

        RealmIdentity realmIdentity = securityRealm.getRealmIdentity(new NamePrincipal("scarab"));

        SupportLevel credentialSupport = realmIdentity.getEvidenceVerifySupport(X509PeerCertificateChainEvidence.class, null);
        assertEquals("Identity verification level support", SupportLevel.POSSIBLY_SUPPORTED, credentialSupport);

        X509Certificate scarab = loadCertificate("/ca/certs/04.pem"); // scarab
        X509Certificate ca = loadCertificate("/ca/cacert.pem"); // ca
        Evidence evidence = new X509PeerCertificateChainEvidence(scarab, ca);
        assertTrue(realmIdentity.verifyEvidence(evidence));
    }

    private X509Certificate loadCertificate(String name) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        InputStream is = X509EvidenceVerificationSuiteChild.class.getResourceAsStream(name);
        return (X509Certificate) certificateFactory.generateCertificate(is);
    }

}