diff options
Diffstat (limited to 'id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java')
-rw-r--r-- | id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java | 70 |
1 files changed, 0 insertions, 70 deletions
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java deleted file mode 100644 index 8e18adc08..000000000 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/OAuth20UtilTest.java +++ /dev/null @@ -1,70 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package test.at.gv.egovernment.moa.id.auth.oauth; - -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.testng.Assert; -import org.testng.annotations.Test; - -import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; - -public class OAuth20UtilTest { - - @Test - public void validateURL() { - Assert.assertTrue(OAuth20Util.isUrl("file:/D:/dev/work/exthex/workspace/OAuthTesting/resources/keys/test_keystore.jks")); - Assert.assertTrue(OAuth20Util.isUrl("https://www.google.at/")); - Assert.assertTrue(OAuth20Util.isUrl("http://test")); - Assert.assertTrue(OAuth20Util.isUrl("http://localhost:59542/Callback")); - - - Assert.assertFalse(OAuth20Util.isUrl("http://")); - Assert.assertFalse(OAuth20Util.isUrl("123http://test")); - Assert.assertFalse(OAuth20Util.isUrl("test")); - } - - @Test - public void validateState() { - // check state for invalid characters (like < > & ; ... javascript ... to prevent xss) - - Assert.assertFalse(OAuth20Util.isValidStateValue("javascript")); - Assert.assertFalse(OAuth20Util.isValidStateValue("<Test")); - Assert.assertFalse(OAuth20Util.isValidStateValue("Test>")); - Assert.assertFalse(OAuth20Util.isValidStateValue("Tas<est")); - Assert.assertFalse(OAuth20Util.isValidStateValue("Te>st")); - Assert.assertFalse(OAuth20Util.isValidStateValue("Tes&t")); - Assert.assertFalse(OAuth20Util.isValidStateValue("Tes;t")); - Assert.assertTrue(OAuth20Util.isValidStateValue("secure_state")); - } - - - @Test - public void testExp() { - Pattern urlPattern = Pattern.compile("/oauth2/auth\\?(.*)$", Pattern.CASE_INSENSITIVE); - Matcher matcher = urlPattern.matcher("https://localhost/moa-id-auth/oauth2/auth?client_id=http://test&redirect_uri=http://localhost:59542/Callback&response_type=code&scope=profile%20eID%20eID_gov%20mandate&state=7gfnabf112ogg9segnnrfpi83q"); - System.out.println(matcher.find()); - } - -} |