Return-Path: 
 <commits-return-29740-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C30CC10FE7
	for <apmail-cxf-commits-archive@www.apache.org>;
 Mon, 18 Nov 2013 14:02:36 +0000 (UTC)
Received: (qmail 37403 invoked by uid 500); 18 Nov 2013 14:02:36 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 37343 invoked by uid 500); 18 Nov 2013 14:02:34 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 37282 invoked by uid 99); 18 Nov 2013 14:02:33 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Nov 2013 14:02:33 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 18 Nov 2013 14:02:28 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 7191123888FE;
	Mon, 18 Nov 2013 14:02:08 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1543030 - in /cxf/trunk:
 rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/
 rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/
 systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/
Date: Mon, 18 Nov 2013 14:02:08 -0000
To: commits@cxf.apache.org
From: sergeyb@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20131118140208.7191123888FE@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: sergeyb
Date: Mon Nov 18 14:02:07 2013
New Revision: 1543030

URL: http://svn.apache.org/r1543030
Log:
[CXF-5390] DeflaterEncoderDecoder needs to throw the exception if the inflator can not finish the process

Added:
    cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java   (with props)
Modified:
    cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
    cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java?rev=1543030&r1=1543029&r2=1543030&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java Mon Nov 18 14:02:07 2013
@@ -38,6 +38,15 @@ public class DeflateEncoderDecoder {
         while (!inflater.finished()) {
             inputLen = inflater.inflate(input);
             if (!inflater.finished()) {
+                
+                if (inputLen == 0) {
+                    if (inflater.needsInput()) {
+                        throw new DataFormatException("Inflater can not inflate all the token bytes");
+                    } else {
+                        break;
+                    }
+                }
+                
                 inflatedToken = new byte[input.length + inflatedLen];
                 System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
                 inflatedLen += inputLen;
@@ -57,9 +66,10 @@ public class DeflateEncoderDecoder {
         compresser.setInput(tokenBytes);
         compresser.finish();
         
-        byte[] output = new byte[tokenBytes.length];
+        byte[] output = new byte[tokenBytes.length * 2];
         
         int compressedDataLength = compresser.deflate(output);
+        
         byte[] result = new byte[compressedDataLength];
         System.arraycopy(output, 0, result, 0, compressedDataLength);
         return result;

Added: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java?rev=1543030&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java (added)
+++ cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java Mon Nov 18 14:02:07 2013
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml;
+
+import java.io.InputStream;
+import java.util.zip.DataFormatException;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.IOUtils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class DeflateEncoderDecoderTest extends Assert {
+
+    @Test(expected = DataFormatException.class) 
+    public void testInvalidContent() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        inflater.inflateToken("invalid_grant".getBytes());
+    }
+    
+    @Test(expected = DataFormatException.class)
+    public void testInvalidContentAfterBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] base64decoded = Base64Utility.decode("invalid_grant");
+        inflater.inflateToken(base64decoded);
+    }
+    
+    @Test
+    public void testInflateDeflate() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        InputStream is = inflater.inflateToken(deflated);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+    
+    @Test
+    public void testInflateDeflateBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        String base64String = Base64Utility.encode(deflated);
+        byte[] base64decoded = Base64Utility.decode(base64String);
+        InputStream is = inflater.inflateToken(base64decoded);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+    
+}

Propchange: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java?rev=1543030&r1=1543029&r2=1543030&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java Mon Nov 18 14:02:07 2013
@@ -27,6 +27,7 @@ import javax.ws.rs.ProcessingException;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -77,6 +78,24 @@ public class JAXRSSamlTest extends Abstr
     }
     
     @Test
+    public void testInvalidSAMLTokenAsHeader() throws Exception {
+        String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
+        
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+        
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSSamlTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        WebClient wc = bean.createWebClient();
+        wc.header("Authorization", "SAML invalid_grant");
+        Response r = wc.get();
+        assertEquals(401, r.getStatus());
+    }
+    
+    @Test
     public void testGetBookSAMLTokenInForm() throws Exception {
         String address = "https://localhost:" + PORT + "/samlform/bookstore/books";
         FormEncodingProvider<Form> formProvider = new FormEncodingProvider<Form>();