SEC-2602: Add test support for x509 certificate

test/src/main/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessors.java

@@ -15,7 +15,12 @@
  */
 package org.springframework.security.test.web.servlet.request;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -24,6 +29,9 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.core.io.DefaultResourceLoader;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -55,6 +63,32 @@ import org.springframework.util.Assert;
  */
 public final class SecurityMockMvcRequestPostProcessors {
 
+    /**
+     * Populates the provided X509Certificate instances on the request.
+     * @param certificates the X509Certificate instances to pouplate
+     * @return the {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
+     */
+    public static RequestPostProcessor x509(X509Certificate... certificates) {
+        return new X509RequestPostProcessor(certificates);
+    }
+
+    /**
+     * Finds an X509Cetificate using a resoureName and populates it on the request.
+     *
+     * @param resourceName the name of the X509Certificate resource
+     * @return the {@link org.springframework.test.web.servlet.request.RequestPostProcessor} to use.
+     * @throws IOException
+     * @throws CertificateException
+     */
+    public static RequestPostProcessor x509(String resourceName) throws IOException, CertificateException {
+        ResourceLoader loader = new DefaultResourceLoader();
+        Resource resource = loader.getResource(resourceName);
+        InputStream inputStream = resource.getInputStream();
+        CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+        X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(inputStream);
+        return x509(certificate);
+    }
+
     /**
      * Creates a {@link RequestPostProcessor} that will automatically populate a
      * valid {@link CsrfToken} in the request.
@@ -142,6 +176,24 @@ public final class SecurityMockMvcRequestPostProcessors {
         return new HttpBasicRequestPostProcessor(username, password);
     }
 
+    /**
+     * Populates the X509Certificate instances onto the request
+     */
+    private static class X509RequestPostProcessor implements RequestPostProcessor {
+        private final X509Certificate[] certificates;
+
+        private X509RequestPostProcessor(X509Certificate... certificates) {
+            Assert.notNull("X509Certificate cannot be null");
+            this.certificates = certificates;
+        }
+
+        @Override
+        public MockHttpServletRequest postProcessRequest(MockHttpServletRequest request) {
+            request.setAttribute("javax.servlet.request.X509Certificate", certificates);
+            return request;
+        }
+    }
+
     /**
      * Populates a valid {@link CsrfToken} into the request.
      *

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsCertificateTests.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2002-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.test.web.servlet.request;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.springframework.mock.web.MockHttpServletRequest;
+
+import java.security.cert.X509Certificate;
+
+import static org.fest.assertions.Assertions.assertThat;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
+
+@RunWith(MockitoJUnitRunner.class)
+public class SecurityMockMvcRequestPostProcessorsCertificateTests {
+    @Mock
+    private X509Certificate certificate;
+
+    private MockHttpServletRequest request;
+
+    @Before
+    public void setup() {
+        request = new MockHttpServletRequest();
+    }
+
+    @Test
+    public void x509SingleCertificate() {
+        MockHttpServletRequest postProcessedRequest = x509(certificate).postProcessRequest(request);
+
+        X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest.getAttribute("javax.servlet.request.X509Certificate");
+
+        assertThat(certificates).containsOnly(certificate);
+    }
+
+    @Test
+    public void x509ResourceName() throws Exception {
+        MockHttpServletRequest postProcessedRequest = x509("rod.cer").postProcessRequest(request);
+
+        X509Certificate[] certificates = (X509Certificate[]) postProcessedRequest.getAttribute("javax.servlet.request.X509Certificate");
+
+        assertThat(certificates.length).isEqualTo(1);
+        assertThat(certificates[0].getSubjectDN().getName()).isEqualTo("CN=rod, OU=Spring Security, O=Spring Framework");
+    }
+}