Merge pull request #31179 from tloodu/validationkey-fat

Validation Key FAT Tests

Author: tloodu

dev/com.ibm.ws.security.token.ltpa/src/com/ibm/ws/security/token/ltpa/internal/LTPAConfigurationImpl.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2012, 2023 IBM Corporation and others.
+ * Copyright (c) 2012, 2025 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -24,6 +24,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.StringJoiner;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 import java.util.concurrent.locks.ReentrantReadWriteLock.ReadLock;
@@ -237,14 +238,15 @@ private void loadConfig(Map<String, Object> props) {
      */
     private void debugLTPAConfig() {
         if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
-            Tr.debug(tc, "primaryKeyImportFile: " + primaryKeyImportFile);
-            //Tr.debug(tc, "primaryKeyPassword: " + primaryKeyPassword);
-            Tr.debug(tc, "keyTokenExpiration: " + keyTokenExpiration);
-            Tr.debug(tc, "monitorInterval: " + monitorInterval);
-            Tr.debug(tc, "authFilterRef: " + authFilterRef);
-            Tr.debug(tc, "monitorValidationKeysDir: " + monitorValidationKeysDir);
-            Tr.debug(tc, "updateTrigger: " + updateTrigger);
-            Tr.debug(tc, "validationKeys: " + (validationKeys == null ? "Null" : maskKeysPasswords(validationKeys)));
+            StringJoiner sj = new StringJoiner(", ", "debugLTPAConfig[", "]");
+            sj.add("primaryKeyImportFile: " + primaryKeyImportFile);
+            sj.add("keyTokenExpiration: " + keyTokenExpiration);
+            sj.add("monitorInterval: " + monitorInterval);
+            sj.add("authFilterRef: " + authFilterRef);
+            sj.add("monitorValidationKeysDir: " + monitorValidationKeysDir);
+            sj.add("updateTrigger: " + updateTrigger);
+            sj.add("validationKeys: " + (validationKeys == null ? "Null" : maskKeysPasswords(validationKeys)));
+            Tr.debug(tc, sj.toString());
         }
     }
 
@@ -319,8 +321,15 @@ private List<Properties> getNonConfiguredValidationKeys() {
                     return validationKeysInDirectory;
                 }
 
+                /*
+                 * Use the canonical path when comparing primaryKeyImportFile to fullFileName because fullFileName is
+                 * derived primaryKeyImportDir which is a canonical path. If we don't compare with a canonical path then the
+                 * comparison fails on windows when '/' are used in server.xml instead of '\'.
+                 */
+                String canonicalPrimaryKeyImportFile = getCanonicalPathWithDefault(primaryKeyImportFile, primaryKeyImportFile);
+
                 // Skip the primary LTPA keys file or validationKeys file configured in the valicationKeys element
-                if (primaryKeyImportFile.equals(fullFileName) || isConfiguredValidationKeys(fullFileName)) {
+                if (canonicalPrimaryKeyImportFile.equals(fullFileName) || isConfiguredValidationKeys(fullFileName)) {
                     continue;
                 }
 
@@ -339,6 +348,24 @@ private List<Properties> getNonConfiguredValidationKeys() {
         return validationKeysInDirectory;
     }
 
+    /**
+     * @param defaultValue
+     * @param pathToResolve
+     * @return
+     */
+    private String getCanonicalPathWithDefault(String pathToResolve, String defaultValue) {
+        String canonicalPrimaryKeyImportFile;
+        try {
+            canonicalPrimaryKeyImportFile = new File(pathToResolve).getCanonicalPath();
+
+        } catch (IOException ioe) {
+            Tr.debug(tc, "Could not resolve canonical path to " + pathToResolve +
+                         ", returning default '" + defaultValue + "'. Failure info: " + ioe.getMessage());
+            canonicalPrimaryKeyImportFile = defaultValue;
+        }
+        return canonicalPrimaryKeyImportFile;
+    }
+
     /**
      * @param fn
      * @return
@@ -367,7 +394,6 @@ private void resolveActualPrimaryKeysFileLocation() {
 
         if (monitorValidationKeysDir || isValidationKeysFileConfigured) {
             try {
-                // primaryKeyImportFile has already been resolved when the server loads the config, this includes variable and .. being resolved.
                 // primaryKeyImportDir is required to be set to load any validation keys.
                 primaryKeyImportDir = new File(primaryKeyImportFile).getCanonicalFile().getParent() + File.separator;
                 Tr.debug(tc, "primaryKeyImportDir: " + primaryKeyImportDir);

dev/com.ibm.ws.security.token.ltpa/test/com/ibm/ws/security/token/ltpa/internal/LTPAConfigurationImplTest.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2012, 2023 IBM Corporation and others.
+ * Copyright (c) 2012, 2025 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -16,6 +16,8 @@
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 
+import java.io.File;
+import java.io.IOException;
 import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -59,14 +61,10 @@ public class LTPAConfigurationImplTest {
     private static SharedOutputManager outputMgr;
 
     private static final String PATH_TO_FILE = "/path/to/file";
-    private static final String PATH_TO_DIR = "/path/to/";
     private static final String PATH_TO_ANOTHER_FILE = "/path/to/another/file";
-    private static final String DEFAULT_CONFIG_LOCATION_DIR = "${server.config.dir}/resources/security/";
     private static final String DEFAULT_CONFIG_LOCATION = "${server.config.dir}/resources/security/ltpa.keys";
     private static final String DEFAULT_OUTPUT_LOCATION = "${server.output.dir}/resources/security/ltpa.keys";
-    private static final String DEFAULT_VALIDATION_KEY_LOCATION = "${server.config.dir}/resources/security/validation.keys";
     private static final String RESOLVED_DEFAULT_CONFIG_LOCATION = "testServerName/resources/security/ltpa.keys";
-    private static final String RESOLVED_DEFAULT_CONFIG_LOCATION_DIR = "testServerName/resources/security/";
     private static final String RESOLVED_DEFAULT_OUTPUT_LOCATION = "testServerName/resources/security/ltpa.keys";
     private static final String DEFAULT_VALIDATION_KEY_ELEMENT = "<validationKeys fileName=\"validation.keys\" password=\"pwd\" validUntilDate=\"2099-01-01T00:00:00Z\"/>";
     private static final String DEFAULT_VALIDATION_FILENAME = "validation.keys";
@@ -95,8 +93,18 @@ public class LTPAConfigurationImplTest {
     private final LTPAKeysChangeNotifier ltpaKeysChangeNotifier = mock.mock(LTPAKeysChangeNotifier.class);
 
     private LTPAConfigurationImplTestDouble ltpaConfig;
+
     private Map<String, Object> props;
 
+    private static String PATH_TO_DIR;
+    static {
+        try {
+            PATH_TO_DIR = new File("/path/to/").getCanonicalPath() + File.separator;
+        } catch (IOException ioe) {
+            PATH_TO_DIR = "/path/to/" + File.separator;
+        }
+    }
+
     @BeforeClass
     public static void setUpBeforeClass() throws Exception {
         outputMgr = SharedOutputManager.getInstance();
@@ -315,7 +323,7 @@ public void fileMonitorRegistration_updateTriggerMbean() throws Exception {
 
         assertTrue("The LTPA file monitor registration must be set.", ltpaConfig.wasSetFileMonitorRegistrationCalled);
     }
-    
+
     /**
      * Tests that the file monitor is not registered and set in the LTPAConfigImpl object when updateTrigger is set to disabled.
      */
@@ -331,7 +339,6 @@ public void fileMonitorRegistration_updateTriggerDisabled() throws Exception {
         assertTrue("The LTPA file monitor registration must not be set.", !ltpaConfig.wasSetFileMonitorRegistrationCalled);
     }
 
-    @SuppressWarnings("deprecation")
     private void setupFileMonitorRegistrationsExpectations(final int numberOfInvocations) {
         mock.checking(new Expectations() {
             {
@@ -392,7 +399,7 @@ public void getUpdateTrigger() {
     @Test
     public void getValidationKeys() {
         assertEquals("The validationKeys value was not the expected value",
-                     "[{fileName=/path/to/validation.keys, password=pwd, validUntilDate=2099-01-01T00:00:00Z}]", ltpaConfig.getValidationKeys().toString());
+                     "[{fileName=" + PATH_TO_DIR + "validation.keys, password=pwd, validUntilDate=2099-01-01T00:00:00Z}]", ltpaConfig.getValidationKeys().toString());
     }
 
     /**
@@ -652,6 +659,6 @@ public void maskKeysPasswords_replacesPasswordWithMask() {
         List<Properties> outputList = ltpaConfig.maskKeysPasswords(inputList);
 
         // Assert
-        assertEquals("The password was not masked correctly", expectedList, outputList);   
+        assertEquals("The password was not masked correctly", expectedList, outputList);
     }
 }

dev/com.ibm.ws.security.token.ltpa/test/com/ibm/ws/security/token/ltpa/internal/LTPAKeyCreateTaskTest.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2012, 2023 IBM Corporation and others.
+ * Copyright (c) 2012, 2025 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -47,9 +47,7 @@ public class LTPAKeyCreateTaskTest {
 
     private static SharedOutputManager outputMgr = SharedOutputManager.getInstance();
     private static final String DEFAULT_OUTPUT_LOCATION = "${server.output.dir}/resources/security/ltpa.keys";
-    private static final String DEFAULT_OUTPUT_LOCATION_DIR = "${server.output.dir}/resources/security/";
     private static final String RESOLVED_DEFAULT_OUTPUT_LOCATION = "testServerName/resources/security/ltpa.keys";
-    private static final String RESOLVED_DEFAULT_OUTPUT_LOCATION_DIR = "testServerName/resources/security/";
     private static String TEST_FILE_NAME = "testFileName";
 
     /**
@@ -75,7 +73,8 @@ private class LTPAKeyCreatorDouble extends LTPAKeyCreateTask {
         }
 
         @Override
-        void createRequiredCollaborators() throws Exception {}
+        void createRequiredCollaborators() throws Exception {
+        }
     }
 
     @Before

dev/com.ibm.ws.security.token.ltpa_fat/build.gradle

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2020, 2024 IBM Corporation and others.
+ * Copyright (c) 2020, 2025 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -73,7 +73,9 @@ autoFVT.doLast {
   def servers = [
     'com.ibm.ws.security.token.ltpa.fat',
     'com.ibm.ws.security.token.ltpa.fat.contextRootCookiePathTestServer',
-    'com.ibm.ws.security.token.ltpa.fat.ltpaKeyRotationTestServer'
+    'com.ibm.ws.security.token.ltpa.fat.ltpaKeyRotationTestServer',
+    'com.ibm.ws.security.token.ltpa.fat.validationKeyTestServer1',
+    'com.ibm.ws.security.token.ltpa.fat.validationKeyTestServer2'
   ]
   servers.each { server ->
     copy { 
@@ -105,6 +107,16 @@ autoFVT.doLast {
       into new File(autoFvtDir, 'lib/LibertyFATTestFiles')
       rename 'server.xml', 'ltpaKeyRotationTestServer.server.orig.xml'
     }
+    copy { 
+      from new File(projectDir, 'publish/servers/com.ibm.ws.security.token.ltpa.fat.validationKeyTestServer1/server.xml')
+      into new File(autoFvtDir, 'lib/LibertyFATTestFiles')
+      rename 'server.xml', 'validationKeyTestServer1.server.orig.xml'
+    }
+    copy { 
+      from new File(projectDir, 'publish/servers/com.ibm.ws.security.token.ltpa.fat.validationKeyTestServer2/server.xml')
+      into new File(autoFvtDir, 'lib/LibertyFATTestFiles')
+      rename 'server.xml', 'validationKeyTestServer2.server.orig.xml'
+    }
     copy { 
       from new File(projectDir, 'publish/files/server.xml')
       into new File(autoFvtDir, 'lib/LibertyFATTestFiles')

dev/com.ibm.ws.security.token.ltpa_fat/fat/src/com/ibm/ws/security/token/ltpa/fat/FATSuite.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2020, 2023 IBM Corporation and others.
+ * Copyright (c) 2020, 2025 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License 2.0
  * which accompanies this distribution, and is available at
@@ -35,6 +35,7 @@
                 ContextRootCookiePathTests.class,
                 FATTest.class,
                 LTPAKeyRotationTests.class,
+                LTPAValidationKeyTests.class
 })
 /**
  * Purpose: This suite collects and runs all known good test suites.