diff options
author | Neil Derraugh <neil.derraugh@yoppworks.com> | 2020-06-08 10:40:10 -0400 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2020-06-10 08:23:27 +0000 |
commit | 6cfebc0867b2f21a401f55734aba30eb245e3c70 (patch) | |
tree | fcbed2057758d87703104cccaacb302f082d9f19 /openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java | |
parent | 8a0f58a005175959f5b56c0840ee9980f0d68c01 (diff) |
Fix security issue in SecurityUtil
- Specified mode and padding to address risky algorithm
- Corrected unit test for different exception message
- Moved tests to package
Issue-ID: SDC-3105
Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com>
Change-Id: I5773ab555a5468362c775cf99795df4eb8c52136
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java')
-rw-r--r-- | openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java deleted file mode 100644 index 402803479f..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java +++ /dev/null @@ -1,64 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -import org.junit.Test; - -import javax.servlet.http.Cookie; - -import java.io.IOException; -import org.openecomp.sdc.securityutil.AuthenticationCookie; -import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; -import org.openecomp.sdc.securityutil.CipherUtilException; -import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; -import org.openecomp.sdc.securityutil.filters.SampleFilter; - -import static org.junit.Assert.*; - -public class AuthenticationCookieUtilsTest { - - private SampleFilter sessionValidationFilter = new SampleFilter(); - private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration(); - - @Test - public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException { - // original cookie, pojo and servlet cookie - AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); - Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils - .getEncryptedCookie(authenticationCookieOriginal,filterCfg )); - // cookie with increased time, pojo and servlet cookie - Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg); - AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg); - // validation - long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime(); - long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime(); - assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased); - } - - @Test - public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException { - // original cookie, pojo and servlet cookie - AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); - Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); - // cookie with increased time, pojo and servlet cookie - AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg); - assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie)); - } - -} |