aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/test/java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2020-08-31 13:51:14 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2020-08-31 13:51:14 +0200
commit3ead2fee52a1e43e12610fda8175cb1a74e8b1f0 (patch)
tree8b3f52b6366b9d326704a125ebc9e4dc9b30b4d3 /id/server/idserverlib/src/test/java
parent8322112004a0334a5d73795760880e635813793b (diff)
downloadmoa-id-spss-3ead2fee52a1e43e12610fda8175cb1a74e8b1f0.tar.gz
moa-id-spss-3ead2fee52a1e43e12610fda8175cb1a74e8b1f0.tar.bz2
moa-id-spss-3ead2fee52a1e43e12610fda8175cb1a74e8b1f0.zip
update validation in case of file:/ paths because trusted templates can be relative to config directory
Diffstat (limited to 'id/server/idserverlib/src/test/java')
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java32
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java73
2 files changed, 87 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
index 7707f3b90..b2f425a2c 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -2,7 +2,9 @@ package at.gv.egovernment.moa.id.config.auth.data;
import java.io.IOException;
import java.net.URI;
+import java.net.URISyntaxException;
import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -20,6 +22,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.util.config.EgovUtilPropertiesConfiguration;
public class DummyAuthConfig implements AuthConfiguration {
@@ -28,11 +31,12 @@ public class DummyAuthConfig implements AuthConfiguration {
private Map<String, String> basicConfig = new HashMap<>();
private List<String> slRequestTemplates;
-
+ private String configRootDir;
+
@Override
public String getRootConfigFileDir() {
- // TODO Auto-generated method stub
- return null;
+ return configRootDir;
+
}
@Override
@@ -246,7 +250,7 @@ public class DummyAuthConfig implements AuthConfiguration {
@Override
public List<String> getSLRequestTemplates() throws ConfigurationException {
- return slRequestTemplates;
+ return new ArrayList<>(slRequestTemplates);
}
@@ -451,8 +455,18 @@ public class DummyAuthConfig implements AuthConfiguration {
@Override
public URI getConfigurationRootDirectory() {
- // TODO Auto-generated method stub
- return null;
+ try {
+ if (MiscUtil.isNotEmpty(configRootDir)) {
+ return new URI(configRootDir);
+
+ }
+ } catch (URISyntaxException e) {
+ e.printStackTrace();
+
+ }
+
+ return null;
+
}
@Override
@@ -501,5 +515,11 @@ public class DummyAuthConfig implements AuthConfiguration {
slRequestTemplates = templates;
}
+
+ public void setConfigRootDir(String configRootDir) {
+ this.configRootDir = configRootDir;
+ }
+
+
}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java
index ad9e2c90e..7afad55aa 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/ParamValidatorUtilsTest.java
@@ -46,6 +46,7 @@ public class ParamValidatorUtilsTest {
config = new DummyAuthConfig();
AuthConfigurationProviderFactory.setAuthConfig(config);
config.setSlRequestTemplateUrls(new ArrayList<String>());
+ config.setConfigRootDir("file://junit.com/");
}
@@ -68,11 +69,11 @@ public class ParamValidatorUtilsTest {
public void templateStrictWhitelistSecond() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
- String template = "file://aaaa.com/ccc";
+ String template = "file:/aaaa.com/ccc";
List<String> oaSlTemplates = Arrays.asList(
"http://aaaa.com/bbbb",
"https://aaaa.com/bbbb",
- "file://aaaa.com/bbbb");
+ "file:/aaaa.com/bbbb");
Assert.assertFalse("Template should NOT be valid",
ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, true));
@@ -95,14 +96,14 @@ public class ParamValidatorUtilsTest {
}
@Test
- public void templateLaczWhitelistSecond() {
+ public void templateLazyWhitelistSecond() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
- String template = "file://aaaa.com/ccc";
+ String template = "file:/aaaa.com/ccc";
List<String> oaSlTemplates = Arrays.asList(
"http://aaaa.com/bbbb",
"https://aaaa.com/bbbb",
- "file://aaaa.com/bbbb");
+ "file:/aaaa.com/bbbb");
Assert.assertFalse("Template should NOT be valid",
ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false));
@@ -110,7 +111,7 @@ public class ParamValidatorUtilsTest {
}
@Test
- public void templateLaczWhitelistThird() {
+ public void templateLazyWhitelistThird() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
String template = "https://aaaa.com/ccc";
@@ -125,7 +126,7 @@ public class ParamValidatorUtilsTest {
}
@Test
- public void templateLaczWhitelistFour() {
+ public void templateLazyWhitelistFour() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
String template = "http://aaaa.com/ccc";
@@ -140,7 +141,7 @@ public class ParamValidatorUtilsTest {
}
@Test
- public void templateLaczWhitelistFife() {
+ public void templateLazyWhitelistFife() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
String template = "http://junit.com/ccc";
@@ -155,7 +156,7 @@ public class ParamValidatorUtilsTest {
}
@Test
- public void templateLaczWhitelistSix() {
+ public void templateLazyWhitelistSix() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
String template = "https://junit.com/ccc";
@@ -170,20 +171,68 @@ public class ParamValidatorUtilsTest {
}
@Test
- public void templateLaczWhitelistSeven() {
+ public void templateLazyWhitelistSeven() {
HttpServletRequest req = getDummyHttpRequest("junit.com");
- String template = "file://junit.com/ccc";
+ String template = "file:/junit.com/ccc";
List<String> oaSlTemplates = Arrays.asList(
"http://aaaa.com/bbbb",
"https://aaaa.com/bbbb",
- "file://aaaa.com/bbbb");
+ "file:/aaaa.com/bbbb");
Assert.assertFalse("Template should Not be valid",
ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false));
}
+ @Test
+ public void templateLazyWhitelistEight() {
+
+ HttpServletRequest req = getDummyHttpRequest("junit.com");
+ String template = "file:/junit.com/ccc";
+ List<String> oaSlTemplates = Arrays.asList(
+ "http://aaaa.com/bbbb",
+ "https://aaaa.com/bbbb",
+ "file://aaaa.com/ccc",
+ "ccc");
+
+ Assert.assertTrue("Template should be valid",
+ ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false));
+
+ }
+
+ @Test
+ public void templateLazyWhitelistNine() {
+
+ HttpServletRequest req = getDummyHttpRequest("junit.com");
+ String template = "file:\\junit.com\\ccc";
+ List<String> oaSlTemplates = Arrays.asList(
+ "http://aaaa.com/bbbb",
+ "https://aaaa.com/bbbb",
+ "file://aaaa.com/ccc",
+ "ccc");
+
+ Assert.assertTrue("Template should be valid",
+ ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false));
+
+ }
+
+ @Test
+ public void templateLazyWhitelistTen() {
+
+ HttpServletRequest req = getDummyHttpRequest("junit.com");
+ String template = "file:\\junit.com/ccc";
+ List<String> oaSlTemplates = Arrays.asList(
+ "http://aaaa.com/bbbb",
+ "https://aaaa.com/bbbb",
+ "file://aaaa.com/ccc",
+ "ccc");
+
+ Assert.assertTrue("Template should be valid",
+ ParamValidatorUtils.isValidTemplate(req, template, oaSlTemplates, false));
+
+ }
+
private HttpServletRequest getDummyHttpRequest(final String serverName) {
return new HttpServletRequest() {