cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1543030 - in /cxf/trunk: rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/ rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/ systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/
Date Mon, 18 Nov 2013 14:02:08 GMT
Author: sergeyb
Date: Mon Nov 18 14:02:07 2013
New Revision: 1543030

URL: http://svn.apache.org/r1543030
Log:
[CXF-5390] DeflaterEncoderDecoder needs to throw the exception if the inflator can not finish
the process

Added:
    cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
  (with props)
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java?rev=1543030&r1=1543029&r2=1543030&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
(original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
Mon Nov 18 14:02:07 2013
@@ -38,6 +38,15 @@ public class DeflateEncoderDecoder {
         while (!inflater.finished()) {
             inputLen = inflater.inflate(input);
             if (!inflater.finished()) {
+                
+                if (inputLen == 0) {
+                    if (inflater.needsInput()) {
+                        throw new DataFormatException("Inflater can not inflate all the token
bytes");
+                    } else {
+                        break;
+                    }
+                }
+                
                 inflatedToken = new byte[input.length + inflatedLen];
                 System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
                 inflatedLen += inputLen;
@@ -57,9 +66,10 @@ public class DeflateEncoderDecoder {
         compresser.setInput(tokenBytes);
         compresser.finish();
         
-        byte[] output = new byte[tokenBytes.length];
+        byte[] output = new byte[tokenBytes.length * 2];
         
         int compressedDataLength = compresser.deflate(output);
+        
         byte[] result = new byte[compressedDataLength];
         System.arraycopy(output, 0, result, 0, compressedDataLength);
         return result;

Added: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java?rev=1543030&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
(added)
+++ cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
Mon Nov 18 14:02:07 2013
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml;
+
+import java.io.InputStream;
+import java.util.zip.DataFormatException;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.IOUtils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class DeflateEncoderDecoderTest extends Assert {
+
+    @Test(expected = DataFormatException.class) 
+    public void testInvalidContent() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        inflater.inflateToken("invalid_grant".getBytes());
+    }
+    
+    @Test(expected = DataFormatException.class)
+    public void testInvalidContentAfterBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] base64decoded = Base64Utility.decode("invalid_grant");
+        inflater.inflateToken(base64decoded);
+    }
+    
+    @Test
+    public void testInflateDeflate() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        InputStream is = inflater.inflateToken(deflated);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+    
+    @Test
+    public void testInflateDeflateBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        String base64String = Base64Utility.encode(deflated);
+        byte[] base64decoded = Base64Utility.decode(base64String);
+        InputStream is = inflater.inflateToken(base64decoded);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+    
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1543030&r1=1543029&r2=1543030&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
(original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
Mon Nov 18 14:02:07 2013
@@ -27,6 +27,7 @@ import javax.ws.rs.ProcessingException;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -77,6 +78,24 @@ public class JAXRSSamlTest extends Abstr
     }
     
     @Test
+    public void testInvalidSAMLTokenAsHeader() throws Exception {
+        String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
+        
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+        
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSSamlTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        WebClient wc = bean.createWebClient();
+        wc.header("Authorization", "SAML invalid_grant");
+        Response r = wc.get();
+        assertEquals(401, r.getStatus());
+    }
+    
+    @Test
     public void testGetBookSAMLTokenInForm() throws Exception {
         String address = "https://localhost:" + PORT + "/samlform/bookstore/books";
         FormEncodingProvider<Form> formProvider = new FormEncodingProvider<Form>();



Mime
View raw message