summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java
diff options
context:
space:
mode:
authorNeil Derraugh <neil.derraugh@yoppworks.com>2020-06-08 10:40:10 -0400
committerOfir Sonsino <ofir.sonsino@intl.att.com>2020-06-10 08:23:27 +0000
commit6cfebc0867b2f21a401f55734aba30eb245e3c70 (patch)
treefcbed2057758d87703104cccaacb302f082d9f19 /openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java
parent8a0f58a005175959f5b56c0840ee9980f0d68c01 (diff)
Fix security issue in SecurityUtil
- Specified mode and padding to address risky algorithm - Corrected unit test for different exception message - Moved tests to package Issue-ID: SDC-3105 Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com> Change-Id: I5773ab555a5468362c775cf99795df4eb8c52136
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java')
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java64
1 files changed, 0 insertions, 64 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java
deleted file mode 100644
index 402803479f..0000000000
--- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * SDC
- * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-import org.junit.Test;
-
-import javax.servlet.http.Cookie;
-
-import java.io.IOException;
-import org.openecomp.sdc.securityutil.AuthenticationCookie;
-import org.openecomp.sdc.securityutil.AuthenticationCookieUtils;
-import org.openecomp.sdc.securityutil.CipherUtilException;
-import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
-import org.openecomp.sdc.securityutil.filters.SampleFilter;
-
-import static org.junit.Assert.*;
-
-public class AuthenticationCookieUtilsTest {
-
- private SampleFilter sessionValidationFilter = new SampleFilter();
- private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration();
-
- @Test
- public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException {
- // original cookie, pojo and servlet cookie
- AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku");
- Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils
- .getEncryptedCookie(authenticationCookieOriginal,filterCfg ));
- // cookie with increased time, pojo and servlet cookie
- Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg);
- AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg);
- // validation
- long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime();
- long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime();
- assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased);
- }
-
- @Test
- public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException {
- // original cookie, pojo and servlet cookie
- AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku");
- Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg ));
- // cookie with increased time, pojo and servlet cookie
- AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg);
- assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie));
- }
-
-}