From 2d4b960809e68da5fdac876c24bff13610b8852c Mon Sep 17 00:00:00 2001 From: Jeremy Landis Date: Sat, 28 Jan 2017 00:42:57 -0500 Subject: [PATCH] [drop] Remove tomcat6 as it reached EOL --- CHANGELOG.md | 5 +- README.md | 2 +- Source/JNA/pom.xml | 1 - Source/JNA/waffle-demo/pom.xml | 20 -- .../JNA/waffle-demo/waffle-filter/README.md | 12 +- Source/JNA/waffle-demo/waffle-filter/pom.xml | 10 +- Source/JNA/waffle-distro/pom.xml | 6 - Source/JNA/waffle-tomcat6/format.xml | 18 -- Source/JNA/waffle-tomcat6/pom.xml | 81 ----- .../apache/GenericWindowsPrincipal.java | 196 ----------- .../waffle/apache/MixedAuthenticator.java | 294 ----------------- .../waffle/apache/NegotiateAuthenticator.java | 187 ----------- .../apache/WaffleAuthenticatorBase.java | 209 ------------ .../main/java/waffle/apache/WindowsRealm.java | 54 ---- .../main/java/waffle/apache/package-info.java | 15 - .../src/site/resources/images/waffle.jpg | Bin 17937 -> 0 bytes Source/JNA/waffle-tomcat6/src/site/site.xml | 42 --- .../apache/MixedAuthenticatorTests.java | 254 --------------- .../apache/NegotiateAuthenticatorTests.java | 294 ----------------- .../apache/WaffleAuthenticatorBaseTest.java | 105 ------ .../waffle/apache/WindowsAccountTests.java | 98 ------ .../java/waffle/apache/WindowsRealmTests.java | 34 -- .../apache/catalina/SimpleHttpRequest.java | 303 ------------------ .../apache/catalina/SimpleHttpResponse.java | 158 --------- 24 files changed, 10 insertions(+), 2388 deletions(-) delete mode 100644 Source/JNA/waffle-tomcat6/format.xml delete mode 100644 Source/JNA/waffle-tomcat6/pom.xml delete mode 100644 Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/GenericWindowsPrincipal.java delete mode 100644 Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/MixedAuthenticator.java delete mode 100644 Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/NegotiateAuthenticator.java delete mode 100644 Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WaffleAuthenticatorBase.java delete mode 100644 Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WindowsRealm.java delete mode 100644 Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/package-info.java delete mode 100644 Source/JNA/waffle-tomcat6/src/site/resources/images/waffle.jpg delete mode 100644 Source/JNA/waffle-tomcat6/src/site/site.xml delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/MixedAuthenticatorTests.java delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/NegotiateAuthenticatorTests.java delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WaffleAuthenticatorBaseTest.java delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsAccountTests.java delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsRealmTests.java delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpRequest.java delete mode 100644 Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpResponse.java diff --git a/CHANGELOG.md b/CHANGELOG.md index e58b4d6581..212bd5599c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,10 @@ -1.9.0 (in-progress -================== +1.9.0 (in-progress) +=================== * Java 8 only * Dropped Tomcat 6 and Spring 3 modules * [#479](https://github.com/Waffle/waffle/pull/479): Upgrade to Java 8 - using caffeine #304[@ben-manes](https://github.com/ben-manes). * [#482](https://github.com/Waffle/waffle/pull/482): Remove Spring Security 3 #478[@hazendaz](https://github.com/hazendaz). +* [#483](https://github.com/Waffle/waffle/pull/483): Remove Tomcat 6 #323[@hazendaz](https://github.com/hazendaz). 1.8.2 (12/31/2016) ================ diff --git a/README.md b/README.md index 1f32df25b0..37e3e03922 100644 --- a/README.md +++ b/README.md @@ -86,7 +86,7 @@ Contributing License and Copyright --------------------- -Copyright (c) [Application Security Inc.](https://www.trustwave.com/Company/AppSecInc-is-now-Trustwave/), 2010-2016 and Contributors. +Copyright (c) [Application Security Inc.](https://www.trustwave.com/Company/AppSecInc-is-now-Trustwave/), 2010-2017 and Contributors. This project is licensed under the [Eclipse Public License](https://github.com/Waffle/waffle/blob/master/LICENSE). diff --git a/Source/JNA/pom.xml b/Source/JNA/pom.xml index 696265d299..b40455a5dd 100644 --- a/Source/JNA/pom.xml +++ b/Source/JNA/pom.xml @@ -83,7 +83,6 @@ waffle-shiro waffle-spring-security4 waffle-tests - waffle-tomcat6 waffle-tomcat7 waffle-tomcat8 waffle-tomcat85 diff --git a/Source/JNA/waffle-demo/pom.xml b/Source/JNA/waffle-demo/pom.xml index 8b145fee11..86e87cef3a 100644 --- a/Source/JNA/waffle-demo/pom.xml +++ b/Source/JNA/waffle-demo/pom.xml @@ -50,21 +50,11 @@ - - com.github.waffle - waffle-tomcat6 - ${project.version} - com.github.waffle waffle-tomcat7 ${project.version} - - com.github.waffle - waffle-tomcat8 - ${project.version} - @@ -78,21 +68,11 @@ - - org.apache.tomcat.maven - tomcat6-maven-plugin - 2.2 - org.apache.tomcat.maven tomcat7-maven-plugin 2.2 - - org.apache.tomcat.maven - tomcat8-maven-plugin - 2.2 - diff --git a/Source/JNA/waffle-demo/waffle-filter/README.md b/Source/JNA/waffle-demo/waffle-filter/README.md index f82349abb4..40b8c148b0 100644 --- a/Source/JNA/waffle-demo/waffle-filter/README.md +++ b/Source/JNA/waffle-demo/waffle-filter/README.md @@ -1,9 +1,9 @@ Waffle Filter Setup Instructions Using Tomcat Plugins ===================================================== -Plugins currently only available for tomcat 6 and 7. +Plugins currently only available for tomcat 7. -To deploy to a local running tomcat 6 or 7 instance, make the following changes +To deploy to a local running tomcat 7 instance, make the following changes - Add a server block to .m2/settings.xml @@ -24,14 +24,12 @@ To deploy to a local running tomcat 6 or 7 instance, make the following changes ``` -- Start your tomcat server. You can launch a locally installed tomcat with remote debugging enabled on port 8000 using one of these +- Start your tomcat server. You can launch a locally installed tomcat with remote debugging enabled on port 8000 using this - apache-tomcat-6.0.45$ bin/catalina.sh jpda start - apache-tomcat-7.0.70$ bin/catalina.sh jpda start + apache-tomcat-7.0.75$ bin/catalina.sh jpda start -- Build and Deploy the demo application to the local tomcat 6 instance using one of these +- Build and Deploy the demo application to the local tomcat instance using this - mvn clean package tomcat6:redeploy mvn clean package tomcat7:redeploy - The app will be available at: diff --git a/Source/JNA/waffle-demo/waffle-filter/pom.xml b/Source/JNA/waffle-demo/waffle-filter/pom.xml index 4a467c955f..59b595edae 100644 --- a/Source/JNA/waffle-demo/waffle-filter/pom.xml +++ b/Source/JNA/waffle-demo/waffle-filter/pom.xml @@ -43,7 +43,7 @@ com.github.waffle - waffle-tomcat6 + waffle-tomcat7 compile @@ -57,14 +57,6 @@ ${project.name} - - org.apache.tomcat.maven - tomcat6-maven-plugin - - mylocalserver - - - org.apache.tomcat.maven tomcat7-maven-plugin diff --git a/Source/JNA/waffle-distro/pom.xml b/Source/JNA/waffle-distro/pom.xml index 2c80d6c7f4..d5c9447f10 100644 --- a/Source/JNA/waffle-distro/pom.xml +++ b/Source/JNA/waffle-distro/pom.xml @@ -75,12 +75,6 @@ ${project.version} runtime - - com.github.waffle - waffle-tomcat6 - ${project.version} - runtime - com.github.waffle waffle-tomcat7 diff --git a/Source/JNA/waffle-tomcat6/format.xml b/Source/JNA/waffle-tomcat6/format.xml deleted file mode 100644 index 483e8854a6..0000000000 --- a/Source/JNA/waffle-tomcat6/format.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - diff --git a/Source/JNA/waffle-tomcat6/pom.xml b/Source/JNA/waffle-tomcat6/pom.xml deleted file mode 100644 index adbaed2d41..0000000000 --- a/Source/JNA/waffle-tomcat6/pom.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - 4.0.0 - - - com.github.waffle - waffle-parent - 1.9.0-SNAPSHOT - - - waffle-tomcat6 - 1.9.0-SNAPSHOT - jar - - waffle-tomcat6 - Tomcat 6 integration for WAFFLE - https://waffle.github.com/waffle/ - - - scm:git:ssh://git@github.com/waffle/waffle.git - scm:git:ssh://git@github.com/waffle/waffle.git - https://github.com/Waffle/waffle - HEAD - - - - 6.0.48 - - - - - ${project.groupId} - waffle-jna - ${project.version} - compile - - - ${project.groupId} - waffle-tests - ${project.version} - test - - - org.apache.tomcat - catalina - ${tomcat.version} - provided - - - org.apache.tomcat - coyote - ${tomcat.version} - provided - - - org.apache.tomcat - juli - ${tomcat.version} - provided - - - org.apache.tomcat - servlet-api - ${tomcat.version} - provided - - - diff --git a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/GenericWindowsPrincipal.java b/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/GenericWindowsPrincipal.java deleted file mode 100644 index 1eb006456b..0000000000 --- a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/GenericWindowsPrincipal.java +++ /dev/null @@ -1,196 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.catalina.Realm; -import org.apache.catalina.realm.GenericPrincipal; - -import com.google.common.base.Joiner; - -import waffle.windows.auth.IWindowsAccount; -import waffle.windows.auth.IWindowsIdentity; -import waffle.windows.auth.PrincipalFormat; -import waffle.windows.auth.WindowsAccount; - -/** - * A Windows Principal. - * - * @author dblock[at]dblock[dot]org - */ -public class GenericWindowsPrincipal extends GenericPrincipal { - - /** The sid. */ - private final byte[] sid; - - /** The sid string. */ - private final String sidString; - - /** The groups. */ - private final Map groups; - - /** - * A windows principal. - * - * @param newWindowsIdentity - * Windows identity. - * @param newRealm - * Authentication realm. - * @param newPrincipalFormat - * Principal format. - * @param newRoleFormat - * Role format. - */ - public GenericWindowsPrincipal(final IWindowsIdentity newWindowsIdentity, final Realm newRealm, - final PrincipalFormat newPrincipalFormat, final PrincipalFormat newRoleFormat) { - super(newRealm, newWindowsIdentity.getFqn(), "", - GenericWindowsPrincipal.getRoles(newWindowsIdentity, newPrincipalFormat, newRoleFormat)); - this.sid = newWindowsIdentity.getSid(); - this.sidString = newWindowsIdentity.getSidString(); - this.groups = GenericWindowsPrincipal.getGroups(newWindowsIdentity.getGroups()); - } - - /** - * Gets the roles. - * - * @param windowsIdentity - * the windows identity - * @param principalFormat - * the principal format - * @param roleFormat - * the role format - * @return the roles - */ - private static List getRoles(final IWindowsIdentity windowsIdentity, final PrincipalFormat principalFormat, - final PrincipalFormat roleFormat) { - final List roles = new ArrayList<>(); - roles.addAll(GenericWindowsPrincipal.getPrincipalNames(windowsIdentity, principalFormat)); - for (final IWindowsAccount group : windowsIdentity.getGroups()) { - roles.addAll(GenericWindowsPrincipal.getRoleNames(group, roleFormat)); - } - return roles; - } - - /** - * Gets the groups. - * - * @param groups - * the groups - * @return the groups - */ - private static Map getGroups(final IWindowsAccount[] groups) { - final Map groupMap = new HashMap<>(); - for (final IWindowsAccount group : groups) { - groupMap.put(group.getFqn(), new WindowsAccount(group)); - } - return groupMap; - } - - /** - * Byte representation of the SID. - * - * @return Array of bytes. - */ - public byte[] getSid() { - return this.sid.clone(); - } - - /** - * String representation of the SID. - * - * @return String. - */ - public String getSidString() { - return this.sidString; - } - - /** - * Windows groups that the user is a member of. - * - * @return A map of group names to groups. - */ - public Map getGroups() { - return this.groups; - } - - /** - * Returns a list of role principal objects. - * - * @param group - * Windows group. - * @param principalFormat - * Principal format. - * @return List of role principal objects. - */ - private static List getRoleNames(final IWindowsAccount group, final PrincipalFormat principalFormat) { - final List principals = new ArrayList<>(); - switch (principalFormat) { - case FQN: - principals.add(group.getFqn()); - break; - case SID: - principals.add(group.getSidString()); - break; - case BOTH: - principals.add(group.getFqn()); - principals.add(group.getSidString()); - break; - case NONE: - default: - break; - } - return principals; - } - - /** - * Returns a list of user principal objects. - * - * @param windowsIdentity - * Windows identity. - * @param principalFormat - * Principal format. - * @return A list of user principal objects. - */ - private static List getPrincipalNames(final IWindowsIdentity windowsIdentity, - final PrincipalFormat principalFormat) { - final List principals = new ArrayList<>(); - switch (principalFormat) { - case FQN: - principals.add(windowsIdentity.getFqn()); - break; - case SID: - principals.add(windowsIdentity.getSidString()); - break; - case BOTH: - principals.add(windowsIdentity.getFqn()); - principals.add(windowsIdentity.getSidString()); - break; - case NONE: - default: - break; - } - return principals; - } - - /** - * Get an array of roles as a string. - * - * @return Role1, Role2, ... - */ - public String getRolesString() { - return Joiner.on(", ").join(this.getRoles()); - } -} diff --git a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/MixedAuthenticator.java deleted file mode 100644 index f01820c987..0000000000 --- a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/MixedAuthenticator.java +++ /dev/null @@ -1,294 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.io.IOException; -import java.security.Principal; - -import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.catalina.connector.Request; -import org.apache.catalina.connector.Response; -import org.apache.catalina.deploy.LoginConfig; -import org.slf4j.LoggerFactory; - -import com.google.common.io.BaseEncoding; -import com.sun.jna.platform.win32.Win32Exception; - -import waffle.util.AuthorizationHeader; -import waffle.util.NtlmServletRequest; -import waffle.windows.auth.IWindowsIdentity; -import waffle.windows.auth.IWindowsSecurityContext; - -/** - * Mixed Negotiate + Form Authenticator. - * - * @author dblock[at]dblock[dot]org - */ -public class MixedAuthenticator extends WaffleAuthenticatorBase { - - /** - * Instantiates a new mixed authenticator. - */ - public MixedAuthenticator() { - super(); - this.log = LoggerFactory.getLogger(MixedAuthenticator.class); - this.info = "waffle.apache.MixedAuthenticator/1.0"; - this.log.debug("[waffle.apache.MixedAuthenticator] loaded"); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#start() - */ - @Override - public void start() { - this.log.info("[waffle.apache.MixedAuthenticator] started"); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#stop() - */ - @Override - public void stop() { - this.log.info("[waffle.apache.MixedAuthenticator] stopped"); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#authenticate(org.apache.catalina.connector.Request, - * org.apache.catalina.connector.Response, org.apache.catalina.deploy.LoginConfig) - */ - @Override - public boolean authenticate(final Request request, final Response response, final LoginConfig loginConfig) { - - // realm: fail if no realm is configured - if (this.context == null || this.context.getRealm() == null) { - this.log.warn("missing context/realm"); - this.sendError(response, HttpServletResponse.SC_SERVICE_UNAVAILABLE); - return false; - } - - this.log.debug("{} {}, contentlength: {}", request.getMethod(), request.getRequestURI(), - Integer.valueOf(request.getContentLength())); - - final boolean negotiateCheck = request.getParameter("j_negotiate_check") != null; - this.log.debug("negotiateCheck: {}", Boolean.valueOf(negotiateCheck)); - final boolean securityCheck = request.getParameter("j_security_check") != null; - this.log.debug("securityCheck: {}", Boolean.valueOf(securityCheck)); - - final Principal principal = request.getUserPrincipal(); - - final AuthorizationHeader authorizationHeader = new AuthorizationHeader(request); - final boolean ntlmPost = authorizationHeader.isNtlmType1PostAuthorizationHeader(); - this.log.debug("authorization: {}, ntlm post: {}", authorizationHeader, Boolean.valueOf(ntlmPost)); - - if (principal != null && !ntlmPost) { - this.log.debug("previously authenticated user: {}", principal.getName()); - return true; - } else if (negotiateCheck) { - if (!authorizationHeader.isNull()) { - return this.negotiate(request, response, authorizationHeader); - } - this.log.debug("authorization required"); - this.sendUnauthorized(response); - return false; - } else if (securityCheck) { - final boolean postResult = this.post(request, response); - if (postResult) { - this.redirectTo(request, response, request.getServletPath()); - } else { - this.redirectTo(request, response, loginConfig.getErrorPage()); - } - return postResult; - } else { - this.redirectTo(request, response, loginConfig.getLoginPage()); - return false; - } - } - - /** - * Negotiate. - * - * @param request - * the request - * @param response - * the response - * @param authorizationHeader - * the authorization header - * @return true, if successful - */ - private boolean negotiate(final Request request, final Response response, - final AuthorizationHeader authorizationHeader) { - - final String securityPackage = authorizationHeader.getSecurityPackage(); - // maintain a connection-based session for NTLM tokens - final String connectionId = NtlmServletRequest.getConnectionId(request); - - this.log.debug("security package: {}, connection id: {}", securityPackage, connectionId); - - final boolean ntlmPost = authorizationHeader.isNtlmType1PostAuthorizationHeader(); - - if (ntlmPost) { - // type 1 NTLM authentication message received - this.auth.resetSecurityToken(connectionId); - } - - final byte[] tokenBuffer = authorizationHeader.getTokenBytes(); - this.log.debug("token buffer: {} byte(s)", Integer.valueOf(tokenBuffer.length)); - - // log the user in using the token - IWindowsSecurityContext securityContext; - try { - securityContext = this.auth.acceptSecurityToken(connectionId, tokenBuffer, securityPackage); - } catch (final Win32Exception e) { - this.log.warn("error logging in user: {}", e.getMessage()); - this.log.trace("", e); - this.sendUnauthorized(response); - return false; - } - this.log.debug("continue required: {}", Boolean.valueOf(securityContext.isContinue())); - - final byte[] continueTokenBytes = securityContext.getToken(); - if (continueTokenBytes != null && continueTokenBytes.length > 0) { - final String continueToken = BaseEncoding.base64().encode(continueTokenBytes); - this.log.debug("continue token: {}", continueToken); - response.addHeader("WWW-Authenticate", securityPackage + " " + continueToken); - } - - try { - if (securityContext.isContinue() || ntlmPost) { - response.setHeader("Connection", "keep-alive"); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED); - response.flushBuffer(); - return false; - } - } catch (final IOException e) { - this.log.warn("error logging in user: {}", e.getMessage()); - this.log.trace("", e); - this.sendUnauthorized(response); - return false; - } - - // create and register the user principal with the session - final IWindowsIdentity windowsIdentity = securityContext.getIdentity(); - - // disable guest login - if (!this.allowGuestLogin && windowsIdentity.isGuest()) { - this.log.warn("guest login disabled: {}", windowsIdentity.getFqn()); - this.sendUnauthorized(response); - return false; - } - - try { - - this.log.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString()); - - final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity, - this.context.getRealm(), this.principalFormat, this.roleFormat); - - this.log.debug("roles: {}", windowsPrincipal.getRolesString()); - - // create a session associated with this request if there's none - final HttpSession session = request.getSession(true); - this.log.debug("session id: {}", session == null ? "null" : session.getId()); - - this.register(request, response, windowsPrincipal, securityPackage, windowsPrincipal.getName(), null); - this.log.info("successfully logged in user: {}", windowsPrincipal.getName()); - - } finally { - windowsIdentity.dispose(); - } - - return true; - } - - /** - * Post. - * - * @param request - * the request - * @param response - * the response - * @return true, if successful - */ - private boolean post(final Request request, final Response response) { - - final String username = request.getParameter("j_username"); - final String password = request.getParameter("j_password"); - - this.log.debug("logging in: {}", username); - - IWindowsIdentity windowsIdentity; - try { - windowsIdentity = this.auth.logonUser(username, password); - } catch (final Exception e) { - this.log.error(e.getMessage()); - this.log.trace("", e); - return false; - } - - // disable guest login - if (!this.allowGuestLogin && windowsIdentity.isGuest()) { - this.log.warn("guest login disabled: {}", windowsIdentity.getFqn()); - return false; - } - - try { - this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString()); - - final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity, - this.context.getRealm(), this.principalFormat, this.roleFormat); - - this.log.debug("roles: {}", windowsPrincipal.getRolesString()); - - // create a session associated with this request if there's none - final HttpSession session = request.getSession(true); - this.log.debug("session id: {}", session == null ? "null" : session.getId()); - - this.register(request, response, windowsPrincipal, "FORM", windowsPrincipal.getName(), null); - this.log.info("successfully logged in user: {}", windowsPrincipal.getName()); - } finally { - windowsIdentity.dispose(); - } - - return true; - } - - /** - * Redirect to. - * - * @param request - * the request - * @param response - * the response - * @param url - * the url - */ - private void redirectTo(final Request request, final Response response, final String url) { - try { - this.log.debug("redirecting to: {}", url); - final ServletContext servletContext = this.context.getServletContext(); - final RequestDispatcher disp = servletContext.getRequestDispatcher(url); - disp.forward(request.getRequest(), response); - } catch (final IOException | ServletException e) { - this.log.error(e.getMessage()); - this.log.trace("", e); - throw new RuntimeException(e); - } - } -} diff --git a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/NegotiateAuthenticator.java deleted file mode 100644 index 1004315637..0000000000 --- a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/NegotiateAuthenticator.java +++ /dev/null @@ -1,187 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.io.IOException; -import java.security.Principal; - -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.catalina.connector.Request; -import org.apache.catalina.connector.Response; -import org.apache.catalina.deploy.LoginConfig; -import org.slf4j.LoggerFactory; - -import com.google.common.io.BaseEncoding; -import com.sun.jna.platform.win32.Win32Exception; - -import waffle.util.AuthorizationHeader; -import waffle.util.NtlmServletRequest; -import waffle.windows.auth.IWindowsIdentity; -import waffle.windows.auth.IWindowsSecurityContext; - -/** - * An Apache Negotiate (NTLM, Kerberos) Authenticator. - * - * @author dblock[at]dblock[dot]org - */ -public class NegotiateAuthenticator extends WaffleAuthenticatorBase { - - /** - * Instantiates a new negotiate authenticator. - */ - public NegotiateAuthenticator() { - super(); - this.log = LoggerFactory.getLogger(NegotiateAuthenticator.class); - this.info = "waffle.apache.NegotiateAuthenticator/1.0"; - this.log.debug("[waffle.apache.NegotiateAuthenticator] loaded"); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#start() - */ - @Override - public void start() { - this.log.info("[waffle.apache.NegotiateAuthenticator] started"); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#stop() - */ - @Override - public void stop() { - this.log.info("[waffle.apache.NegotiateAuthenticator] stopped"); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#authenticate(org.apache.catalina.connector.Request, - * org.apache.catalina.connector.Response, org.apache.catalina.deploy.LoginConfig) - */ - @Override - public boolean authenticate(final Request request, final Response response, final LoginConfig loginConfig) { - - Principal principal = request.getUserPrincipal(); - final AuthorizationHeader authorizationHeader = new AuthorizationHeader(request); - final boolean ntlmPost = authorizationHeader.isNtlmType1PostAuthorizationHeader(); - - this.log.debug("{} {}, contentlength: {}", request.getMethod(), request.getRequestURI(), - Integer.valueOf(request.getContentLength())); - this.log.debug("authorization: {}, ntlm post: {}", authorizationHeader, Boolean.valueOf(ntlmPost)); - - if (principal != null && !ntlmPost) { - // user already authenticated - this.log.debug("previously authenticated user: {}", principal.getName()); - return true; - } - - // authenticate user - if (!authorizationHeader.isNull()) { - - final String securityPackage = authorizationHeader.getSecurityPackage(); - // maintain a connection-based session for NTLM tokens - final String connectionId = NtlmServletRequest.getConnectionId(request); - - this.log.debug("security package: {}, connection id: {}", securityPackage, connectionId); - - if (ntlmPost) { - // type 1 NTLM authentication message received - this.auth.resetSecurityToken(connectionId); - } - - final byte[] tokenBuffer = authorizationHeader.getTokenBytes(); - this.log.debug("token buffer: {} byte(s)", Integer.valueOf(tokenBuffer.length)); - - // log the user in using the token - IWindowsSecurityContext securityContext; - try { - securityContext = this.auth.acceptSecurityToken(connectionId, tokenBuffer, securityPackage); - } catch (final Win32Exception e) { - this.log.warn("error logging in user: {}", e.getMessage()); - this.log.trace("", e); - this.sendUnauthorized(response); - return false; - } - this.log.debug("continue required: {}", Boolean.valueOf(securityContext.isContinue())); - - final byte[] continueTokenBytes = securityContext.getToken(); - if (continueTokenBytes != null && continueTokenBytes.length > 0) { - final String continueToken = BaseEncoding.base64().encode(continueTokenBytes); - this.log.debug("continue token: {}", continueToken); - response.addHeader("WWW-Authenticate", securityPackage + " " + continueToken); - } - - try { - if (securityContext.isContinue() || ntlmPost) { - response.setHeader("Connection", "keep-alive"); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED); - response.flushBuffer(); - return false; - } - } catch (final IOException e) { - this.log.warn("error logging in user: {}", e.getMessage()); - this.log.trace("", e); - this.sendUnauthorized(response); - return false; - } - - // realm: fail if no realm is configured - if (this.context == null || this.context.getRealm() == null) { - this.log.warn("missing context/realm"); - this.sendError(response, HttpServletResponse.SC_SERVICE_UNAVAILABLE); - return false; - } - - // create and register the user principal with the session - final IWindowsIdentity windowsIdentity = securityContext.getIdentity(); - - // disable guest login - if (!this.allowGuestLogin && windowsIdentity.isGuest()) { - this.log.warn("guest login disabled: {}", windowsIdentity.getFqn()); - this.sendUnauthorized(response); - return false; - } - - try { - this.log.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString()); - - final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity, - this.context.getRealm(), this.principalFormat, this.roleFormat); - - this.log.debug("roles: {}", windowsPrincipal.getRolesString()); - - principal = windowsPrincipal; - - // create a session associated with this request if there's none - final HttpSession session = request.getSession(true); - this.log.debug("session id: {}", session == null ? "null" : session.getId()); - - // register the authenticated principal - this.register(request, response, principal, securityPackage, principal.getName(), null); - this.log.info("successfully logged in user: {}", principal.getName()); - - } finally { - windowsIdentity.dispose(); - securityContext.dispose(); - } - - return true; - } - - this.log.debug("authorization required"); - this.sendUnauthorized(response); - return false; - } -} diff --git a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WaffleAuthenticatorBase.java b/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WaffleAuthenticatorBase.java deleted file mode 100644 index f5fea5a890..0000000000 --- a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WaffleAuthenticatorBase.java +++ /dev/null @@ -1,209 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.io.IOException; -import java.util.Arrays; -import java.util.LinkedHashSet; -import java.util.Locale; -import java.util.Set; - -import javax.servlet.http.HttpServletResponse; - -import org.apache.catalina.authenticator.AuthenticatorBase; -import org.apache.catalina.connector.Response; -import org.slf4j.Logger; - -import waffle.windows.auth.IWindowsAuthProvider; -import waffle.windows.auth.PrincipalFormat; -import waffle.windows.auth.impl.WindowsAuthProviderImpl; - -/** - * The Class WaffleAuthenticatorBase. - * - * @author dblock[at]dblock[dot]org - */ -abstract class WaffleAuthenticatorBase extends AuthenticatorBase { - - /** The Constant SUPPORTED_PROTOCOLS. */ - private static final Set SUPPORTED_PROTOCOLS = new LinkedHashSet<>(Arrays.asList("Negotiate", "NTLM")); - - /** The info. */ - @SuppressWarnings("hiding") - protected String info; - - /** The log. */ - protected Logger log; - - /** The principal format. */ - protected PrincipalFormat principalFormat = PrincipalFormat.FQN; - - /** The role format. */ - protected PrincipalFormat roleFormat = PrincipalFormat.FQN; - - /** The allow guest login. */ - protected boolean allowGuestLogin = true; - - /** The protocols. */ - protected Set protocols = WaffleAuthenticatorBase.SUPPORTED_PROTOCOLS; - - /** The auth. */ - protected IWindowsAuthProvider auth = new WindowsAuthProviderImpl(); - - /** - * Windows authentication provider. - * - * @return IWindowsAuthProvider. - */ - public IWindowsAuthProvider getAuth() { - return this.auth; - } - - /** - * Set Windows auth provider. - * - * @param provider - * Class implements IWindowsAuthProvider. - */ - public void setAuth(final IWindowsAuthProvider provider) { - this.auth = provider; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.authenticator.AuthenticatorBase#getInfo() - */ - @Override - public String getInfo() { - return this.info; - } - - /** - * Set the principal format. - * - * @param format - * Principal format. - */ - public void setPrincipalFormat(final String format) { - this.principalFormat = PrincipalFormat.valueOf(format.toUpperCase(Locale.ENGLISH)); - this.log.debug("principal format: {}", this.principalFormat); - } - - /** - * Principal format. - * - * @return Principal format. - */ - public PrincipalFormat getPrincipalFormat() { - return this.principalFormat; - } - - /** - * Set the principal format. - * - * @param format - * Role format. - */ - public void setRoleFormat(final String format) { - this.roleFormat = PrincipalFormat.valueOf(format.toUpperCase(Locale.ENGLISH)); - this.log.debug("role format: {}", this.roleFormat); - } - - /** - * Principal format. - * - * @return Role format. - */ - public PrincipalFormat getRoleFormat() { - return this.roleFormat; - } - - /** - * True if Guest login permitted. - * - * @return True if Guest login permitted, false otherwise. - */ - public boolean isAllowGuestLogin() { - return this.allowGuestLogin; - } - - /** - * Set whether Guest login is permitted. Default is true, if the Guest account is enabled, an invalid - * username/password results in a Guest login. - * - * @param value - * True or false. - */ - public void setAllowGuestLogin(final boolean value) { - this.allowGuestLogin = value; - } - - /** - * Set the authentication protocols. Default is "Negotiate, NTLM". - * - * @param value - * Authentication protocols - */ - public void setProtocols(final String value) { - this.protocols = new LinkedHashSet<>(); - final String[] protocolNames = value.split(","); - for (String protocolName : protocolNames) { - protocolName = protocolName.trim(); - if (!protocolName.isEmpty()) { - this.log.debug("init protocol: {}", protocolName); - if (WaffleAuthenticatorBase.SUPPORTED_PROTOCOLS.contains(protocolName)) { - this.protocols.add(protocolName); - } else { - this.log.error("unsupported protocol: {}", protocolName); - throw new RuntimeException("Unsupported protocol: " + protocolName); - } - } - } - } - - /** - * Send a 401 Unauthorized along with protocol authentication headers. - * - * @param response - * HTTP Response - */ - protected void sendUnauthorized(final Response response) { - try { - for (final String protocol : this.protocols) { - response.addHeader("WWW-Authenticate", protocol); - } - response.setHeader("Connection", "close"); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED); - response.flushBuffer(); - } catch (final IOException e) { - throw new RuntimeException(e); - } - } - - /** - * Send an error code. - * - * @param response - * HTTP Response - * @param code - * Error Code - */ - protected void sendError(final Response response, final int code) { - try { - response.sendError(code); - } catch (final IOException e) { - this.log.error(e.getMessage()); - this.log.trace("", e); - throw new RuntimeException(e); - } - } -} diff --git a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WindowsRealm.java b/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WindowsRealm.java deleted file mode 100644 index e9117ee0d1..0000000000 --- a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/WindowsRealm.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.security.Principal; - -import org.apache.catalina.realm.RealmBase; - -/** - * A rudimentary Windows realm. - * - * @author dblock[at]dblock[dot]org - */ -public class WindowsRealm extends RealmBase { - - /** The Constant NAME. */ - protected static final String NAME = "waffle.apache.WindowsRealm/1.0"; - - /* - * (non-Javadoc) - * @see org.apache.catalina.realm.RealmBase#getName() - */ - @Override - protected String getName() { - return WindowsRealm.NAME; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.realm.RealmBase#getPassword(java.lang.String) - */ - @Override - protected String getPassword(final String arg0) { - return null; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.realm.RealmBase#getPrincipal(java.lang.String) - */ - @Override - protected Principal getPrincipal(final String arg0) { - return null; - } -} diff --git a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/package-info.java b/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/package-info.java deleted file mode 100644 index 1f0149245e..0000000000 --- a/Source/JNA/waffle-tomcat6/src/main/java/waffle/apache/package-info.java +++ /dev/null @@ -1,15 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -/** - * Waffle Tomcat Package. - */ -package waffle.apache; diff --git a/Source/JNA/waffle-tomcat6/src/site/resources/images/waffle.jpg b/Source/JNA/waffle-tomcat6/src/site/resources/images/waffle.jpg deleted file mode 100644 index 00455a8db4e640237a1e7a1ab51d3d29fc135bed..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17937 zcmeHu2T)W?wCx$PBte2C2`X?!@(>3B5fI5iB6MW-l2Ez-lwOFUez1>7W)C9Qn{>r8GztH zfGgl1fSsf|t>|rU0|4sk01p5FBmgnw1b`2=AmASWVFCyb+5lh$VgA*2fc*7C2M^Q{ z0>B!e1s^wv@UM1oh&@2?qi-_!eg!_@h&Zc55 zm>?7;D8w!#1QQX3L4`nd06!gaI35-Y0O@$Y?53yV|7y$P6v09S!T;eK(Leo%(Esf} zg!P~PgR%JGCxi>{mu=-z05^OUB3><_Ia!`Iu86R9A1cXGy zB*#d}z-92e5CY)g{}fUI5CRB39swR9F%bzNJ~Qhw`YzsJYb z%iIqi-+mg?JTSeMRnamyv#w|3862Bk**Y}4A+Drv>lG50^Q>)nZj&0o!vnn~IPi&> zh*0#v1rDJT1fU15r)da<1Mbt}JZRGC{R%y6HR%@kK>jKn++E}wClSs8VlL4aeV`MW zC#@B)iJ=iwzg+kqd%*p-3)oSB9RFZUYCsk!Ul*-cOwsps49HT#bh93a>!k$J|Nl5Zgh-rFWkF3wV7BH1NyIW2SNX*FBj> zd-+Qr3zZpZq|J$1P8>@pb&ZP4nO>`9Y-hCO7`Xb9=Cab@2713((U5{!9r1Ahp6C}> z@tPZ6xo_2m1(L#BFg0~`U*E7eaaIk;->O7abffk}&ARhKBBEyfyD45}y_uS8PaA)~ z^vX|FXe8#uPV(!IDos&Fq9X`QyVqO+RhtCUl+61*vk1bpu|3gNu8SQ)LolE1TJL&z zvA(Zi^oEg;GP$qe{d*=u8=k{vbB(B#H?Sfkl8MmY9dL{l&9blaD1mEA&lRs4nBZU z(byvF+ALE?eupPet!1yU~+^|_=eQB&T7MSBnvCZxQ%3<#7Vl>2f=HSDZ+WC|~14)vwT_!~`c{d77AmkTX* z_l!NSZba{9UtO-A*ci?I7<4U3xNODkir{P?p*pL&Uqj{?7H}5w#26;^LtWWC)%rFs zkeO>mFVt>@*A$@U-Y)mf=$+g&_dwlKD{}f9WPrg^OoYQO*G`+YF1>oj%?E-u>cVk zP_{*XDN4ay%^7TeGGum^nCk6*re#=R>q0%0jI;(8v`{fser-_DCxZ7vW!nX!rTzSl zh4@qWSs(NVVE!~^jE-x5J?=>+I|azrZU3J4>(UBchLAhqQ-}xp44Si3jf?8&LKSv^ zJ-T?$bitE&oicvaX2sOzyfy6jcNL7^#3!EpQFA?4=o41w1zOotx69aE$p?Hx=Ewas zx5+pgjeQbc<@zK!I^HV133;|@L?1b%ruMneb?}?=QzHBrEn#`3y*xO^Yfr4_d$XDw zNgI(o!?)e?{pI=nyH&Xz7r!Z4$v9xJZz#QV8tTGtaCMdm$veBiQdVmgMwh2c(WXiz zlY{+BH6KhJ^DMG5qc+)GC$>^si|Km`(bhAyo^*WP*WG#XSY%@wKl$o?)ZllfXz@+4 z)hYclahJhbe7_G?!1=m%D95(ffacb>2+J&=;IwmV35pZR1mB(XDc7-p)b7b>if6fo zjzXn-P6g&gU!s^~cvk%%BYHJQVZo*bF%hbFB0qP&Zv)rdD@T2$e*Y5fNPndqNwHxl zoEz>L*Q(AZAJjw}!*|cHSB}!N;obnS3x`#YFZakk)fLL*J!7a$G;DwD1yN za4+@6gf5XW;@)Uq>;5YDs^@;>CjG4D5X_{FXngL10wmYPYfc{=XqIQBw2LVmwPPS` z#brG~S8t|dSX2f{ql<|deAz@eTC6ItNLFCs{?_8#)RR@%teIx%<9@?wk)6nm2QBS3 z?Rn`^Pr9{(=ghh{hmdtmcU|Vu@8AKx0fR-T8ri2a_d|xb>8el`mKh?M)- zAjQ<3;ZO2+F6O;%DjVulHS!OWHXW>vDEG$#YmVGfB_68EnVerN^9>xfrQoZcw}}jT zBp8}6OJ2M~g9*19xpm8_TaUA1VbOg3JR996A~owO%#lU6($c$d}JRN$&vfz~eOnhkDSSD=bTG1Z& z{GxUT=F)SI>MDasfqYM`xoER*YlUn3sS}IU?u>hI?lU5@!c&VY3C~U!B`LaYi|O=a z)kl zx*^#=ZvXgNYRkN|K#}f;(IqL9txY_Vv%Z)s`PR)s8a<|Rdu)P@7ml%L5pl0IUY~8K zvoP&1D(>PjG&{9puoU5Fxs+1-!H;cBJ-RPgQ?VU` ztvGJ*S52nz^U~tp$>&tI+f4}5H;D@^$QJ zn_VVO<_h{D{>-6IAIS8Y@d;F=}6Q`UdPMhr{V^x*smy&Ott?jFb#kADBcXvF}d|Rq0mpb)L?85QP>LJ;A zERfhTqz&$mXFbTu#=;rgkPTCl7UMnF;+=}(H;fh6%X_`lOSZav>s6N4>Y1=WvO-Co zwcfjXlr%=~yJBsP2wRfAAU9!kLw5}~iW5+IUp`Hw+kpE<@g8^f&3n8Gce;Atg>GY( z^BDI2w!iR~er9cj z*h%yrt@V|uHIDF&SU+iJnaSBx)!vE8iHn){uLy1PVD@8?uGluaC;kbOyiU=NX{9Hu zc4Dk5&K16IDib~0k!0a{rarL7*ppRi|9M;ET0*UC(`Ox51(PY|2nV3Qi!Ul6^u*25 z(y4X7NakBU4UEM#^S%qOEM6ffE!|D})YUplP&GM7n^uI*!e=aS%T#?r-^a@!lYTcm z@yT|)9iz=7KFY{0cQ2uPwex<&JL20i>y$a`%g~d{*6q|De?3*cJ@|RA zPr_KhY-GVdLg@jKm1G77>B(kdYN5E5y}>82dQ5b zaMPWJ+rEC=nA@f1^AkqMt}ajMpngjDZ6qFv&`WkCs&pc0E6f;LV5@I>UBaM^tHa4T zvbAzfcF2)0Q?iF|t#WK2X~RZ1e8Q&7{LMD~$R}Ps4@_Z-%H6*@TB^g_JfYnhiuWA7 zwBFx!uEqj(j^f6#U6npbrj6@9`)S`{tt@rlRQ%`YRmN@dopuc+S|#CYn+<$y*uL3P znLGQwaacfncbO+*LTyhVXP+%CaZbljYu`;%1y)ZfPPu)7ZIMr)Kz7C7d^N2Hb8Fu= z@~iCE#!pya@qD;4zwK7u*2`6R+-lTzLw~<)g6(Sk*2f*$b|VkhiRn5DPEGoz%(Ph< zRQ3AtS<|(~Bn+EUz4Ppr6^ zesD4p5`S@o5BNr4{ZmKufW!AU=fIoqAPoR6Acpd<1%DnV{#Oz9|3-EY8JuYVL|P6b zibG$30}SIZA|wYiE)rlA@Gc%cKVr-Za{sBzgd_2l!Rm0fI1&I4vLMU?KBT}k012Q0 zd+>1r5P&tn2Z9I(cES4h@-yN%ZaVn<#A9&uLHVb`Pu>qFaU{~i$q9VnCPQR}@<3X< zYg#$LLFz|89XJ|?1>u$lpbNr9PAH@;u8k{d2pjZ2=}Tyo^AGyK4INv%pYn82oygtE z9*%I=b5e5$Dadc*5FW@t_6hJIJ|L78{$ZQg)(z$1@*9f?hPc!Jfp{2pdZeCp6eR=814a|BJfbPxkNXWLCEFC?}NLKY~krX#bMZ zF9FyE&_E$^u|9@IxoCQz-4Q<*22Mum1TLii!X>vtp}__9U-)F;C${^~>Ic71YMe0u z@?(d>A)|*2m+(MJjw6r%T>3Xb0{l%uz_%*c1aU_O5H&o)8IN$r*^MKd@d#%;!WoZn z#v`2Z2xmOP8IN$rBb@OFXFS3gk8sBSFLB0$voQyF1O`CV>EQGXo{|AM5OhKTRv`Gq z4rl>(U>glS?guRpd;@6y7aHt{bX6<&oxIu5ILIx3`w&))!S5RCkd_ z*x6t4aYJ17(a?qaIKm~Zxn*TYFUTI4;sed_+1NXw5pM462zR*jX?dN~II%YjlsF^M zmh9fnPDpo{w>0-b2N>AKu?4u<4^+^O(%c5>TI^^LT5+^TvkUV}@C)-np}g!iZkEmn zFO-`jyAZ!9H)zt$+6JbhaQTNpkdo&9F)=SMFMcm5Kg!KkKuA(jQb15xKv5r2LGXJ-L$ zRCe|YAVXaprhtNbI3ti~Wd)hTh*_iH;IJ+~?~(myIMvN6JU5>nL1*6oEfdK3ZKz;rgQp{E_ni>FNUUou8->0trGvULfWJW`1$W z;qap$nP2z-9RWTO>EW$55P$kv{vXK*dx6UclLgZMkrCDmJO?j>;WEK~`U;W+gm^@_ zTtJZjHy1?H@W9kNDlqv9SANMLcmO^%0o4f(8X-CM)3m~b)Bpq@9}l091VVV&8v;<{ zf!SHwr>W#Dzup(t!Dn|3DD9oRL}QiFhlJz>8HXYPM<5^V3*>pgGp2>iMcEa23Vx_sBFEaxh)!10Tudk zKG;8ZeJ=IkINhMOWSosi@#KKp`5xb1)dsxR*&}5gT;yCUHjc{*xfG1I7;hJlB0oEX zMDw3k&pyAx&@(ve%%DtHWc?`>Pgd)bR_s?^=s7nSx#BA6l3S(L@DcKYduftjlg!=;Pq zhNnF8@ZJ|dqgBx{CQOx;qEFtjS?Wo}A>0{B5(nRsji{1I>nhcENog1roM4KH8+=&v z?6Q2Q1I6)c5641>Lx)*JKU*-Sma#8ziYK_gWe|@FbJkQ01!rZ849?n&yJO!pOt1cw z_BCe2Ik)iJ37>($3f?855vyuLBmNEy4X=K2#YGq0wlWNH2=IvGdqskl%~A z_FXp5CexuzOpTD{#J3Nhik~vM=8%3Ziiq)N5juZ@O|i3{d@JMr*Wggnu>F)*aHi9X z0`RUp#o-WjsT*HHZ5&yLH6;N$$}0=S%)0D6tvNe9q}(%2S=JXBDaYn*X~G6|@*Qe2DL5r0K9G)>`)J?M{BJL}tV=Y}5-qROM3aVgy=*%Z~v zxe1X{dVONm;tVQiJom;Z)BvoAe&!gB}zn#48 zTB$>;wEpT?{h6rpN{w@I-+WPJc!w)EZf{hPq`~JZSM_T3R#IHEn12$~S2(`H1+st9HAX?B1xx*r!A;BrMI5 z3VWO~-H{VC4$PB*p2+FwN=Y13tLYAi^wf4Vs@rRGq>RwFkFLD_sq4wT2RV2m{c0Mo z98WgE^5)pw>UJjD3)e7ai-O_Q{Beq2ar!6c!{1-*|2`mg{9@aHPC@mRan!&jr_ZA3 zjI`{=#|=6Ew|uq|JE5@nCEED&`riISGad3lyWzYg-k!$7{vC_N-858-nDu9rK1!%Q z%KJ)emaIzpd)H%SbtgYd+7!y1>i#xm_(jG=CheOlvA&py-FC^P%tE76;~_y#Qz@jo z@2fk7Fi8&!Lav^$zwP!k{Vw_07h?-V{WJm8>+l*9VWa`%dBdkg>d50Sx2Of@&NW2p zm`r&|e(|5e0w3b9s9v*4to;-fWA=pH%QdJ+P*?wkoWS|lvQ7;hc&1L1tCgfhX`H>0pFQ+SpSszW z{;L>i{6%x^-L|lp&q|zNDhydw-~51ex_#MVrjMre_3}~7;m(I!_A{cRXd#0| zj|esTx%GMZ48L_c)|6+=e7oC0Q8NDdMhR`Ak$Eoe6W)0*QaWeinO`nbx$>FM?ZM`B z;yNEs+D5rD^PZagsA(SzHE*P{JC;yUcdS%Oti_wt4lkKYwrnoG_|0y^%n-}j*{yJm z=^RnQm*duQ!(XTjPM*Jpm^$X=#h@2i^UYkE&-))akz%pXAZC zfCp`{q)axY#ixa^uAVmLnZu`&(K&AKynN!-x$sVZh6rH?qkQ_6eOHl*IYasQcxV1q z0%vz{nqWfskN-iaggYoq90DYwhaM&jHIMSu3Zf|DNrrG`IO&5;P6ZBH}6EtxygTUm{lh{{o&SkLE9&zZ)iK!8hh=((V z=ao3?uhQ+>}On{AeGa~m41|S_JR;+fwpnD zcFE}qL@)leAs_qM_pC~a?4OR&zhR}NL(eE{2$9S3KdgSNuZ!0}PSa_`+Dm8OU>O^% z9PBbA>kh-{`ajbBYf0jUrEcJ~_*(QTL48#vWThGE5;4n@ad)y0UFLLq^s&(ms`qBc z0-0PWQsVPS#~C`1 zaY=U@XiI?0t-DHwCIio}c9{ez__~wW`xx5TFXN{>P`f>U2MHYTP%H7i;&W%@15)G^Zylf=Gj?BEiDaO!P%sfg3}UVv9Z;v>{XJ{cUs@;6?SFSiaQ^}d~GEmylh}d~FnGouk z+<#Oy9}2H+Mav02OzHc)8BWIFL&X#FbVaQjQW}}{UiEg??MyztxA&oCl)M={=o!})qV!V-LKY0B3i6vR`7ipu{63R4lSG8DN`&7GsLxen>d7Q7tc>nU?xdA( z38WN{IWbEU!E*+$wv?7{PcA)hYL;#ekg8&Vd|9D7Zuj>#LPh>Dn5y>{2S8{(3LE>J z9<}tCRdHiGFaz2-dkpz-l7{Tz^Q}uMeu>{>p{Dn&+McFAuhLy@?oeQr%?MfK-(!%YwPsS3IotX}}R+&|HPs0H}-AvvkjK|-D7@;Ci4hq`;#mejEH;}3`*u~0 zXN@RLs`7$IT$nFc>t?{m4c>mJvul!T{a_n2*R1lUamCcQN7 - - - - /images/waffle.jpg - https://github.com/Waffle/waffle - - - /images/waffle.jpg - https://github.com/Waffle/waffle - - - org.apache.maven.skins - maven-fluido-skin - 1.6 - - - - true - true - - - - - - - - - \ No newline at end of file diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/MixedAuthenticatorTests.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/MixedAuthenticatorTests.java deleted file mode 100644 index 4864a2f46b..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/MixedAuthenticatorTests.java +++ /dev/null @@ -1,254 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import org.apache.catalina.Context; -import org.apache.catalina.deploy.LoginConfig; -import org.assertj.core.api.Assertions; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.io.BaseEncoding; -import com.sun.jna.platform.win32.Sspi; -import com.sun.jna.platform.win32.Sspi.SecBufferDesc; - -import mockit.Mocked; -import waffle.apache.catalina.SimpleHttpRequest; -import waffle.apache.catalina.SimpleHttpResponse; -import waffle.mock.MockWindowsAuthProvider; -import waffle.windows.auth.IWindowsCredentialsHandle; -import waffle.windows.auth.impl.WindowsAccountImpl; -import waffle.windows.auth.impl.WindowsCredentialsHandleImpl; -import waffle.windows.auth.impl.WindowsSecurityContextImpl; - -/** - * Waffle Tomcat Mixed Authenticator Tests. - * - * @author dblock[at]dblock[dot]org - */ -public class MixedAuthenticatorTests { - - /** The authenticator. */ - private MixedAuthenticator authenticator; - - @Mocked - Context context; - - /** - * Sets the up. - */ - @Before - public void setUp() { - this.authenticator = new MixedAuthenticator(); - this.authenticator.setContainer(this.context); - this.authenticator.start(); - } - - /** - * Tear down. - */ - @After - public void tearDown() { - this.authenticator.stop(); - } - - /** - * Test challenge get. - */ - @Test - public void testChallengeGET() { - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setMethod("GET"); - request.setQueryString("j_negotiate_check"); - final SimpleHttpResponse response = new SimpleHttpResponse(); - this.authenticator.authenticate(request, response, null); - final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate"); - Assert.assertNotNull(wwwAuthenticates); - Assert.assertEquals(2, wwwAuthenticates.length); - Assert.assertEquals("Negotiate", wwwAuthenticates[0]); - Assert.assertEquals("NTLM", wwwAuthenticates[1]); - Assert.assertEquals("close", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - } - - /** - * Test challenge post. - */ - @Test - public void testChallengePOST() { - final String securityPackage = "Negotiate"; - IWindowsCredentialsHandle clientCredentials = null; - WindowsSecurityContextImpl clientContext = null; - try { - // client credentials handle - clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); - clientCredentials.initialize(); - // initial client security context - clientContext = new WindowsSecurityContextImpl(); - clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); - clientContext.setCredentialsHandle(clientCredentials); - clientContext.setSecurityPackage(securityPackage); - clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setQueryString("j_negotiate_check"); - request.setMethod("POST"); - request.setContentLength(0); - final String clientToken = BaseEncoding.base64().encode(clientContext.getToken()); - request.addHeader("Authorization", securityPackage + " " + clientToken); - final SimpleHttpResponse response = new SimpleHttpResponse(); - this.authenticator.authenticate(request, response, null); - Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); - Assert.assertEquals("keep-alive", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - } finally { - if (clientContext != null) { - clientContext.dispose(); - } - if (clientCredentials != null) { - clientCredentials.dispose(); - } - } - } - - /** - * Test get. - */ - @Test - public void testGet() { - final LoginConfig loginConfig = new LoginConfig(); - loginConfig.setErrorPage("error.html"); - loginConfig.setLoginPage("login.html"); - final SimpleHttpRequest request = new SimpleHttpRequest(); - final SimpleHttpResponse response = new SimpleHttpResponse(); - Assert.assertFalse(this.authenticator.authenticate(request, response, loginConfig)); - } - - /** - * Test get info. - */ - @Test - public void testGetInfo() { - Assertions.assertThat(this.authenticator.getInfo().length()).isGreaterThan(0); - } - - /** - * Test negotiate. - */ - @Test - public void testNegotiate() { - final String securityPackage = "Negotiate"; - IWindowsCredentialsHandle clientCredentials = null; - WindowsSecurityContextImpl clientContext = null; - try { - // client credentials handle - clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); - clientCredentials.initialize(); - // initial client security context - clientContext = new WindowsSecurityContextImpl(); - clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); - clientContext.setCredentialsHandle(clientCredentials); - clientContext.setSecurityPackage(securityPackage); - clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); - // negotiate - boolean authenticated = false; - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setQueryString("j_negotiate_check"); - String clientToken; - while (true) { - clientToken = BaseEncoding.base64().encode(clientContext.getToken()); - request.addHeader("Authorization", securityPackage + " " + clientToken); - - final SimpleHttpResponse response = new SimpleHttpResponse(); - authenticated = this.authenticator.authenticate(request, response, null); - - if (authenticated) { - Assertions.assertThat(response.getHeaderNames().length).isGreaterThanOrEqualTo(0); - break; - } - - Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); - Assert.assertEquals("keep-alive", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - final String continueToken = response.getHeader("WWW-Authenticate") - .substring(securityPackage.length() + 1); - final byte[] continueTokenBytes = BaseEncoding.base64().decode(continueToken); - Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0); - final SecBufferDesc continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); - clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, - WindowsAccountImpl.getCurrentUsername()); - } - Assert.assertTrue(authenticated); - } finally { - if (clientContext != null) { - clientContext.dispose(); - } - if (clientCredentials != null) { - clientCredentials.dispose(); - } - } - } - - /** - * Test post security check. - */ - @Test - public void testPostSecurityCheck() { - final LoginConfig loginConfig = new LoginConfig(); - loginConfig.setErrorPage("error.html"); - loginConfig.setLoginPage("login.html"); - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setQueryString("j_security_check"); - request.addParameter("j_username", "username"); - request.addParameter("j_password", "password"); - final SimpleHttpResponse response = new SimpleHttpResponse(); - Assert.assertFalse(this.authenticator.authenticate(request, response, loginConfig)); - } - - /** - * Test security check parameters. - */ - @Test - public void testSecurityCheckParameters() { - this.authenticator.setAuth(new MockWindowsAuthProvider()); - final LoginConfig loginConfig = new LoginConfig(); - loginConfig.setErrorPage("error.html"); - loginConfig.setLoginPage("login.html"); - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.addParameter("j_security_check", ""); - request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername()); - request.addParameter("j_password", ""); - final SimpleHttpResponse response = new SimpleHttpResponse(); - Assert.assertTrue(this.authenticator.authenticate(request, response, loginConfig)); - } - - /** - * Test security check query string. - */ - @Test - public void testSecurityCheckQueryString() { - this.authenticator.setAuth(new MockWindowsAuthProvider()); - final LoginConfig loginConfig = new LoginConfig(); - loginConfig.setErrorPage("error.html"); - loginConfig.setLoginPage("login.html"); - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setQueryString("j_security_check"); - request.addParameter("j_username", WindowsAccountImpl.getCurrentUsername()); - request.addParameter("j_password", ""); - final SimpleHttpResponse response = new SimpleHttpResponse(); - Assert.assertTrue(this.authenticator.authenticate(request, response, loginConfig)); - } -} diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/NegotiateAuthenticatorTests.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/NegotiateAuthenticatorTests.java deleted file mode 100644 index ceeeb54c21..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/NegotiateAuthenticatorTests.java +++ /dev/null @@ -1,294 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import org.apache.catalina.Context; -import org.assertj.core.api.Assertions; -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -import com.google.common.io.BaseEncoding; -import com.sun.jna.platform.win32.Sspi; -import com.sun.jna.platform.win32.Sspi.SecBufferDesc; - -import mockit.Mocked; -import waffle.apache.catalina.SimpleHttpRequest; -import waffle.apache.catalina.SimpleHttpResponse; -import waffle.windows.auth.IWindowsCredentialsHandle; -import waffle.windows.auth.PrincipalFormat; -import waffle.windows.auth.impl.WindowsAccountImpl; -import waffle.windows.auth.impl.WindowsAuthProviderImpl; -import waffle.windows.auth.impl.WindowsCredentialsHandleImpl; -import waffle.windows.auth.impl.WindowsSecurityContextImpl; - -/** - * Waffle Tomcat Authenticator Tests. - * - * @author dblock[at]dblock[dot]org - */ -public class NegotiateAuthenticatorTests { - - /** The authenticator. */ - private NegotiateAuthenticator authenticator; - - @Mocked - Context context; - - /** - * Sets the up. - */ - @Before - public void setUp() { - this.authenticator = new NegotiateAuthenticator(); - this.authenticator.setContainer(this.context); - this.authenticator.start(); - } - - /** - * Tear down. - */ - @After - public void tearDown() { - this.authenticator.stop(); - } - - /** - * Test allow guest login. - */ - @Test - public void testAllowGuestLogin() { - Assert.assertTrue(this.authenticator.isAllowGuestLogin()); - this.authenticator.setAllowGuestLogin(false); - Assert.assertFalse(this.authenticator.isAllowGuestLogin()); - } - - /** - * Test challenge get. - */ - @Test - public void testChallengeGET() { - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setMethod("GET"); - final SimpleHttpResponse response = new SimpleHttpResponse(); - this.authenticator.authenticate(request, response, null); - final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate"); - Assert.assertNotNull(wwwAuthenticates); - Assert.assertEquals(2, wwwAuthenticates.length); - Assert.assertEquals("Negotiate", wwwAuthenticates[0]); - Assert.assertEquals("NTLM", wwwAuthenticates[1]); - Assert.assertEquals("close", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - } - - /** - * Test challenge post. - */ - @Test - public void testChallengePOST() { - final String securityPackage = "Negotiate"; - IWindowsCredentialsHandle clientCredentials = null; - WindowsSecurityContextImpl clientContext = null; - try { - // client credentials handle - clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); - clientCredentials.initialize(); - // initial client security context - clientContext = new WindowsSecurityContextImpl(); - clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); - clientContext.setCredentialsHandle(clientCredentials); - clientContext.setSecurityPackage(securityPackage); - clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setMethod("POST"); - request.setContentLength(0); - final String clientToken = BaseEncoding.base64().encode(clientContext.getToken()); - request.addHeader("Authorization", securityPackage + " " + clientToken); - final SimpleHttpResponse response = new SimpleHttpResponse(); - this.authenticator.authenticate(request, response, null); - Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); - Assert.assertEquals("keep-alive", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - } finally { - if (clientContext != null) { - clientContext.dispose(); - } - if (clientCredentials != null) { - clientCredentials.dispose(); - } - } - } - - /** - * Test get info. - */ - @Test - public void testGetInfo() { - Assertions.assertThat(this.authenticator.getInfo().length()).isGreaterThan(0); - Assert.assertTrue(this.authenticator.getAuth() instanceof WindowsAuthProviderImpl); - } - - /** - * Test negotiate. - */ - @Test - public void testNegotiate() { - final String securityPackage = "Negotiate"; - IWindowsCredentialsHandle clientCredentials = null; - WindowsSecurityContextImpl clientContext = null; - try { - // client credentials handle - clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); - clientCredentials.initialize(); - // initial client security context - clientContext = new WindowsSecurityContextImpl(); - clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); - clientContext.setCredentialsHandle(clientCredentials); - clientContext.setSecurityPackage(securityPackage); - clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); - // negotiate - boolean authenticated = false; - final SimpleHttpRequest request = new SimpleHttpRequest(); - while (true) { - final String clientToken = BaseEncoding.base64().encode(clientContext.getToken()); - request.addHeader("Authorization", securityPackage + " " + clientToken); - - final SimpleHttpResponse response = new SimpleHttpResponse(); - authenticated = this.authenticator.authenticate(request, response, null); - - if (authenticated) { - Assert.assertNotNull(request.getUserPrincipal()); - Assert.assertTrue(request.getUserPrincipal() instanceof GenericWindowsPrincipal); - final GenericWindowsPrincipal windowsPrincipal = (GenericWindowsPrincipal) request - .getUserPrincipal(); - Assert.assertTrue(windowsPrincipal.getSidString().startsWith("S-")); - Assertions.assertThat(windowsPrincipal.getSid().length).isGreaterThan(0); - Assert.assertTrue(windowsPrincipal.getGroups().containsKey("Everyone")); - Assertions.assertThat(response.getHeaderNames().length).isLessThanOrEqualTo(1); - break; - } - - Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); - Assert.assertEquals("keep-alive", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - final String continueToken = response.getHeader("WWW-Authenticate") - .substring(securityPackage.length() + 1); - final byte[] continueTokenBytes = BaseEncoding.base64().decode(continueToken); - Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0); - final SecBufferDesc continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); - clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, - WindowsAccountImpl.getCurrentUsername()); - } - Assert.assertTrue(authenticated); - } finally { - if (clientContext != null) { - clientContext.dispose(); - } - if (clientCredentials != null) { - clientCredentials.dispose(); - } - } - } - - /** - * Test post empty. - */ - @Test - public void testPOSTEmpty() { - final String securityPackage = "Negotiate"; - IWindowsCredentialsHandle clientCredentials = null; - WindowsSecurityContextImpl clientContext = null; - try { - // client credentials handle - clientCredentials = WindowsCredentialsHandleImpl.getCurrent(securityPackage); - clientCredentials.initialize(); - // initial client security context - clientContext = new WindowsSecurityContextImpl(); - clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername()); - clientContext.setCredentialsHandle(clientCredentials); - clientContext.setSecurityPackage(securityPackage); - clientContext.initialize(null, null, WindowsAccountImpl.getCurrentUsername()); - // negotiate - boolean authenticated = false; - final SimpleHttpRequest request = new SimpleHttpRequest(); - request.setMethod("POST"); - request.setContentLength(0); - String clientToken; - String continueToken; - byte[] continueTokenBytes; - SimpleHttpResponse response; - SecBufferDesc continueTokenBuffer; - while (true) { - clientToken = BaseEncoding.base64().encode(clientContext.getToken()); - request.addHeader("Authorization", securityPackage + " " + clientToken); - - response = new SimpleHttpResponse(); - authenticated = this.authenticator.authenticate(request, response, null); - - if (authenticated) { - Assertions.assertThat(response.getHeaderNames().length).isGreaterThanOrEqualTo(0); - break; - } - - if (response.getHeader("WWW-Authenticate").startsWith(securityPackage + ",")) { - Assert.assertEquals("close", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - return; - } - - Assert.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " ")); - Assert.assertEquals("keep-alive", response.getHeader("Connection")); - Assert.assertEquals(2, response.getHeaderNames().length); - Assert.assertEquals(401, response.getStatus()); - continueToken = response.getHeader("WWW-Authenticate").substring(securityPackage.length() + 1); - continueTokenBytes = BaseEncoding.base64().decode(continueToken); - Assertions.assertThat(continueTokenBytes.length).isGreaterThan(0); - continueTokenBuffer = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, continueTokenBytes); - clientContext.initialize(clientContext.getHandle(), continueTokenBuffer, - WindowsAccountImpl.getCurrentUsername()); - } - Assert.assertTrue(authenticated); - } finally { - if (clientContext != null) { - clientContext.dispose(); - } - if (clientCredentials != null) { - clientCredentials.dispose(); - } - } - } - - /** - * Test principal format. - */ - @Test - public void testPrincipalFormat() { - Assert.assertEquals(PrincipalFormat.FQN, this.authenticator.getPrincipalFormat()); - this.authenticator.setPrincipalFormat("both"); - Assert.assertEquals(PrincipalFormat.BOTH, this.authenticator.getPrincipalFormat()); - } - - /** - * Test role format. - */ - @Test - public void testRoleFormat() { - Assert.assertEquals(PrincipalFormat.FQN, this.authenticator.getRoleFormat()); - this.authenticator.setRoleFormat("both"); - Assert.assertEquals(PrincipalFormat.BOTH, this.authenticator.getRoleFormat()); - } -} diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WaffleAuthenticatorBaseTest.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WaffleAuthenticatorBaseTest.java deleted file mode 100644 index aecefe735d..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WaffleAuthenticatorBaseTest.java +++ /dev/null @@ -1,105 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.io.IOException; - -import org.apache.catalina.connector.Request; -import org.apache.catalina.connector.Response; -import org.apache.catalina.deploy.LoginConfig; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; -import org.slf4j.LoggerFactory; - -/** - * Waffle Authenticator Base Tests. - * - * @author dblock[at]dblock[dot]org - */ -public class WaffleAuthenticatorBaseTest { - - /** The waffle authenticator base. */ - private WaffleAuthenticatorBase waffleAuthenticatorBase; - - /** - * Inits the. - */ - @Before - public void init() { - this.waffleAuthenticatorBase = new WaffleAuthenticatorBase() { - { - this.log = LoggerFactory.getLogger(WaffleAuthenticatorBaseTest.class); - } - - @Override - public boolean authenticate(final Request request, final Response response, final LoginConfig loginConfig) - throws IOException { - return false; - } - }; - } - - /** - * Should_accept_both_protocols. - * - * @throws Exception - * the exception - */ - @Test - public void should_accept_both_protocols() throws Exception { - this.waffleAuthenticatorBase.setProtocols(" NTLM , , Negotiate "); - - Assert.assertEquals("Two protocols added", 2, this.waffleAuthenticatorBase.protocols.size()); - Assert.assertTrue("NTLM has been added", this.waffleAuthenticatorBase.protocols.contains("NTLM")); - Assert.assertTrue("Negotiate has been added", this.waffleAuthenticatorBase.protocols.contains("Negotiate")); - } - - /** - * Should_accept_ negotiate_protocol. - * - * @throws Exception - * the exception - */ - @Test - public void should_accept_Negotiate_protocol() throws Exception { - this.waffleAuthenticatorBase.setProtocols(" Negotiate "); - - Assert.assertEquals("One protocol added", 1, this.waffleAuthenticatorBase.protocols.size()); - Assert.assertEquals("Negotiate", this.waffleAuthenticatorBase.protocols.iterator().next()); - } - - /** - * Should_accept_ ntl m_protocol. - * - * @throws Exception - * the exception - */ - @Test - public void should_accept_NTLM_protocol() throws Exception { - this.waffleAuthenticatorBase.setProtocols(" NTLM "); - - Assert.assertEquals("One protocol added", 1, this.waffleAuthenticatorBase.protocols.size()); - Assert.assertEquals("NTLM", this.waffleAuthenticatorBase.protocols.iterator().next()); - } - - /** - * Should_refuse_other_protocol. - * - * @throws Exception - * the exception - */ - @Test(expected = RuntimeException.class) - public void should_refuse_other_protocol() throws Exception { - this.waffleAuthenticatorBase.setProtocols(" NTLM , OTHER, Negotiate "); - } -} \ No newline at end of file diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsAccountTests.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsAccountTests.java deleted file mode 100644 index bf390eaf37..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsAccountTests.java +++ /dev/null @@ -1,98 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; - -import org.assertj.core.api.Assertions; -import org.junit.Assert; -import org.junit.Before; -import org.junit.Test; - -import waffle.mock.MockWindowsAccount; -import waffle.windows.auth.WindowsAccount; - -/** - * Windows Account Tests. - * - * @author dblock[at]dblock[dot]org - */ -public class WindowsAccountTests { - - /** The mock windows account. */ - private final MockWindowsAccount mockWindowsAccount = new MockWindowsAccount("localhost\\Administrator"); - - /** The windows account. */ - private WindowsAccount windowsAccount; - - /** - * Sets the up. - */ - @Before - public void setUp() { - this.windowsAccount = new WindowsAccount(this.mockWindowsAccount); - } - - /** - * Test equals. - */ - @Test - public void testEquals() { - Assert.assertEquals(this.windowsAccount, new WindowsAccount(this.mockWindowsAccount)); - final MockWindowsAccount mockWindowsAccount2 = new MockWindowsAccount("localhost\\Administrator2"); - Assert.assertFalse(this.windowsAccount.equals(new WindowsAccount(mockWindowsAccount2))); - } - - /** - * Test is serializable. - * - * @throws IOException - * Signals that an I/O exception has occurred. - * @throws ClassNotFoundException - * the class not found exception - */ - @Test - public void testIsSerializable() throws IOException, ClassNotFoundException { - // serialize - final ByteArrayOutputStream out = new ByteArrayOutputStream(); - try (final ObjectOutputStream oos = new ObjectOutputStream(out)) { - oos.writeObject(this.windowsAccount); - } - Assertions.assertThat(out.toByteArray().length).isGreaterThan(0); - // deserialize - final InputStream in = new ByteArrayInputStream(out.toByteArray()); - final ObjectInputStream ois = new ObjectInputStream(in); - final WindowsAccount copy = (WindowsAccount) ois.readObject(); - // test - Assert.assertEquals(this.windowsAccount, copy); - Assert.assertEquals(this.windowsAccount.getDomain(), copy.getDomain()); - Assert.assertEquals(this.windowsAccount.getFqn(), copy.getFqn()); - Assert.assertEquals(this.windowsAccount.getName(), copy.getName()); - Assert.assertEquals(this.windowsAccount.getSidString(), copy.getSidString()); - } - - /** - * Test properties. - */ - @Test - public void testProperties() { - Assert.assertEquals("localhost", this.windowsAccount.getDomain()); - Assert.assertEquals("localhost\\Administrator", this.windowsAccount.getFqn()); - Assert.assertEquals("Administrator", this.windowsAccount.getName()); - Assert.assertTrue(this.windowsAccount.getSidString().startsWith("S-")); - } -} diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsRealmTests.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsRealmTests.java deleted file mode 100644 index e39c6f6a8d..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/WindowsRealmTests.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache; - -import org.junit.Assert; -import org.junit.Test; - -/** - * Windows Realm Tests. - * - * @author dblock[at]dblock[dot]org - */ -public class WindowsRealmTests { - - /** - * Test properties. - */ - @Test - public void testProperties() { - final WindowsRealm realm = new WindowsRealm(); - Assert.assertNull(realm.getPassword(null)); - Assert.assertNull(realm.getPrincipal(null)); - Assert.assertEquals("waffle.apache.WindowsRealm/1.0", realm.getName()); - } -} diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpRequest.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpRequest.java deleted file mode 100644 index 60a677f47d..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpRequest.java +++ /dev/null @@ -1,303 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache.catalina; - -import java.security.Principal; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpSession; - -import org.apache.catalina.connector.Request; - -import mockit.Mocked; - -/** - * Simple HTTP Request. - * - * @author dblock[at]dblock[dot]org - */ -public class SimpleHttpRequest extends Request { - - /** The remote port s. */ - private static int remotePortS; - - /** - * Next remote port. - * - * @return the int - */ - public synchronized static int nextRemotePort() { - return ++SimpleHttpRequest.remotePortS; - } - - /** - * Reset remote port. - */ - public synchronized static void resetRemotePort() { - SimpleHttpRequest.remotePortS = 0; - } - - /** The request uri. */ - private String requestURI; - - /** The query string. */ - private String queryString; - - /** The remote user. */ - private String remoteUser; - - /** The method. */ - private String method = "GET"; - - /** The headers. */ - private final Map headers = new HashMap<>(); - - /** The parameters. */ - private final Map parameters = new HashMap<>(); - - /** The content. */ - private byte[] content; - - /** The http session. */ - @Mocked - private HttpSession httpSession; - - /** The principal. */ - private Principal principal; - - /** - * Instantiates a new simple http request. - */ - public SimpleHttpRequest() { - super(); - this.remotePort = SimpleHttpRequest.nextRemotePort(); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#addHeader(java.lang.String, java.lang.String) - */ - @Override - public void addHeader(final String headerName, final String headerValue) { - this.headers.put(headerName, headerValue); - } - - /** - * Adds the parameter. - * - * @param parameterName - * the parameter name - * @param parameterValue - * the parameter value - */ - public void addParameter(final String parameterName, final String parameterValue) { - this.parameters.put(parameterName, parameterValue); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getContentLength() - */ - @Override - public int getContentLength() { - return this.content == null ? -1 : this.content.length; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getHeader(java.lang.String) - */ - @Override - public String getHeader(final String headerName) { - return this.headers.get(headerName); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getMethod() - */ - @Override - public String getMethod() { - return this.method; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getParameter(java.lang.String) - */ - @Override - public String getParameter(final String parameterName) { - return this.parameters.get(parameterName); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getQueryString() - */ - @Override - public String getQueryString() { - return this.queryString; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getRemoteAddr() - */ - @Override - public String getRemoteAddr() { - return this.remoteAddr; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getRemoteHost() - */ - @Override - public String getRemoteHost() { - return this.remoteHost; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getRemotePort() - */ - @Override - public int getRemotePort() { - return this.remotePort; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getRemoteUser() - */ - @Override - public String getRemoteUser() { - return this.remoteUser; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getRequestURI() - */ - @Override - public String getRequestURI() { - return this.requestURI; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getSession() - */ - @Override - public HttpSession getSession() { - return this.httpSession; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getSession(boolean) - */ - @Override - public HttpSession getSession(final boolean create) { - return this.httpSession; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#getUserPrincipal() - */ - @Override - public Principal getUserPrincipal() { - return this.principal; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setContentLength(int) - */ - @Override - public void setContentLength(final int length) { - this.content = new byte[length]; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setMethod(java.lang.String) - */ - @Override - public void setMethod(final String value) { - this.method = value; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setQueryString(java.lang.String) - */ - @Override - public void setQueryString(final String queryValue) { - this.queryString = queryValue; - if (this.queryString != null) { - for (final String eachParameter : this.queryString.split("[&]")) { - final String[] pair = eachParameter.split("="); - final String value = pair.length == 2 ? pair[1] : ""; - this.addParameter(pair[0], value); - } - } - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setRemoteAddr(java.lang.String) - */ - @Override - public void setRemoteAddr(final String value) { - this.remoteAddr = value; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setRemoteHost(java.lang.String) - */ - @Override - public void setRemoteHost(final String value) { - this.remoteHost = value; - } - - /** - * Sets the remote user. - * - * @param value - * the new remote user - */ - public void setRemoteUser(final String value) { - this.remoteUser = value; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setRequestURI(java.lang.String) - */ - @Override - public void setRequestURI(final String value) { - this.requestURI = value; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Request#setUserPrincipal(java.security.Principal) - */ - @Override - public void setUserPrincipal(final Principal value) { - this.principal = value; - } -} diff --git a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpResponse.java b/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpResponse.java deleted file mode 100644 index 4f96a00705..0000000000 --- a/Source/JNA/waffle-tomcat6/src/test/java/waffle/apache/catalina/SimpleHttpResponse.java +++ /dev/null @@ -1,158 +0,0 @@ -/** - * Waffle (https://github.com/Waffle/waffle) - * - * Copyright (c) 2010-2016 Application Security, Inc. - * - * All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse - * Public License v1.0 which accompanies this distribution, and is available at - * https://www.eclipse.org/legal/epl-v10.html. - * - * Contributors: Application Security, Inc. - */ -package waffle.apache.catalina; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.catalina.connector.Response; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Joiner; - -/** - * Simple HTTP Response. - * - * @author dblock[at]dblock[dot]org - */ -public class SimpleHttpResponse extends Response { - - /** The Constant LOGGER. */ - private static final Logger LOGGER = LoggerFactory.getLogger(SimpleHttpResponse.class); - - /** The status. */ - private int status = 500; - - /** The headers. */ - private final Map> headers = new HashMap<>(); - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#addHeader(java.lang.String, java.lang.String) - */ - @Override - public void addHeader(final String headerName, final String headerValue) { - List current = this.headers.get(headerName); - if (current == null) { - current = new ArrayList<>(); - } - current.add(headerValue); - this.headers.put(headerName, current); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#flushBuffer() - */ - @Override - public void flushBuffer() { - SimpleHttpResponse.LOGGER.info("{} {}", Integer.valueOf(this.status), this.getStatusString()); - for (final String header : this.headers.keySet()) { - for (final String headerValue : this.headers.get(header)) { - SimpleHttpResponse.LOGGER.info("{}: {}", header, headerValue); - } - } - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#getHeader(java.lang.String) - */ - @Override - public String getHeader(final String headerName) { - final List headerValues = this.headers.get(headerName); - return headerValues == null ? null : Joiner.on(", ").join(headerValues); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#getHeaderNames() - */ - @Override - public String[] getHeaderNames() { - return this.headers.keySet().toArray(new String[0]); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#getHeaderValues(java.lang.String) - */ - @Override - public String[] getHeaderValues(final String headerName) { - final List headerValues = this.headers.get(headerName); - return headerValues == null ? null : headerValues.toArray(new String[0]); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#getStatus() - */ - @Override - public int getStatus() { - return this.status; - } - - /** - * Gets the status string. - * - * @return the status string - */ - public String getStatusString() { - return this.status == 401 ? "Unauthorized" : "Unknown"; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#sendError(int) - */ - @Override - public void sendError(final int rc) { - this.status = rc; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#sendError(int, java.lang.String) - */ - @Override - public void sendError(final int rc, final String message) { - this.status = rc; - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#setHeader(java.lang.String, java.lang.String) - */ - @Override - public void setHeader(final String headerName, final String headerValue) { - List current = this.headers.get(headerName); - if (current == null) { - current = new ArrayList<>(); - } else { - current.clear(); - } - current.add(headerValue); - this.headers.put(headerName, current); - } - - /* - * (non-Javadoc) - * @see org.apache.catalina.connector.Response#setStatus(int) - */ - @Override - public void setStatus(final int value) { - this.status = value; - } -}