From 6cfebc0867b2f21a401f55734aba30eb245e3c70 Mon Sep 17 00:00:00 2001 From: Neil Derraugh Date: Mon, 8 Jun 2020 10:40:10 -0400 Subject: Fix security issue in SecurityUtil - Specified mode and padding to address risky algorithm - Corrected unit test for different exception message - Moved tests to package Issue-ID: SDC-3105 Signed-off-by: Neil Derraugh Change-Id: I5773ab555a5468362c775cf99795df4eb8c52136 --- .../org/openecomp/sdc/securityutil/CipherUtil.java | 58 +++---- .../test/java/AuthenticationCookieUtilsTest.java | 64 -------- .../src/test/java/CipherUtilTest.java | 73 --------- .../src/test/java/PasswordsTest.java | 95 ----------- .../src/test/java/RepresentationUtilsTest.java | 54 ------- .../src/test/java/SessionValidationFilterTest.java | 178 -------------------- .../AuthenticationCookieUtilsTest.java | 66 ++++++++ .../openecomp/sdc/securityutil/CipherUtilTest.java | 73 +++++++++ .../openecomp/sdc/securityutil/PasswordsTest.java | 97 +++++++++++ .../sdc/securityutil/RepresentationUtilsTest.java | 56 +++++++ .../filters/SessionValidationFilterTest.java | 180 +++++++++++++++++++++ 11 files changed, 503 insertions(+), 491 deletions(-) delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtilsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/CipherUtilTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/PasswordsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/RepresentationUtilsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilterTest.java diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java index 4f4c18c282..71ac6151f7 100644 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/main/java/org/openecomp/sdc/securityutil/CipherUtil.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,43 +21,47 @@ package org.openecomp.sdc.securityutil; import java.security.SecureRandom; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - +import java.util.Arrays; import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class CipherUtil { - private static Logger log = LoggerFactory.getLogger( CipherUtil.class.getName()); + + private static Logger log = LoggerFactory.getLogger(CipherUtil.class.getName()); private static final String ALGORITHM = "AES"; - private static final String ALGORYTHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING"; + private static final String ALGORITHM_DETAILS = ALGORITHM + "/GCM/NoPadding"; private static final String CIPHER_PROVIDER = "SunJCE"; - private static final int BLOCK_SIZE = 128; - private static final int BYTE_SIZE = 8; - private static final int IV_SIZE = BLOCK_SIZE / BYTE_SIZE; + + public static final int GCM_TAG_LENGTH = 16; + public static final int GCM_IV_LENGTH = 12; + private static final byte[] EMPTY_BYTE_ARRAY = new byte[0]; private static final String ALGORITHM_NAME = "SHA1PRNG"; + private CipherUtil() {} + /** * Encrypt the text using the secret key in key.properties file * * @param value string to encrypt * @return The encrypted string - * @throws CipherUtilException - * In case of issue with the encryption + * @throws CipherUtilException In case of issue with the encryption */ public static String encryptPKC(String value, String base64key) throws CipherUtilException { Cipher cipher; - byte[] iv = new byte[IV_SIZE]; + byte[] iv = new byte[GCM_IV_LENGTH]; byte[] finalByte; try { - cipher = Cipher.getInstance(ALGORYTHM_DETAILS, CIPHER_PROVIDER); + cipher = Cipher.getInstance(ALGORITHM_DETAILS, CIPHER_PROVIDER); SecureRandom secureRandom = SecureRandom.getInstance(ALGORITHM_NAME); secureRandom.nextBytes(iv); - IvParameterSpec ivspec = new IvParameterSpec(iv); - cipher.init(Cipher.ENCRYPT_MODE, getSecretKeySpec(base64key), ivspec); + GCMParameterSpec spec = + new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, iv); + cipher.init(Cipher.ENCRYPT_MODE, getSecretKeySpec(base64key), spec); finalByte = cipher.doFinal(value.getBytes()); } catch (Exception ex) { @@ -70,12 +74,10 @@ public class CipherUtil { /** * Decrypts the text using the secret key in key.properties file. * - * @param message - * The encrypted string that must be decrypted using the ONAP Portal - * Encryption Key + * @param message The encrypted string that must be decrypted using the ONAP Portal Encryption + * Key * @return The String decrypted - * @throws CipherUtilException - * if any decryption step fails + * @throws CipherUtilException if any decryption step fails */ public static String decryptPKC(String message, String base64key) throws CipherUtilException { @@ -83,10 +85,12 @@ public class CipherUtil { Cipher cipher; byte[] decrypted; try { - cipher = Cipher.getInstance(ALGORYTHM_DETAILS, CIPHER_PROVIDER); - IvParameterSpec ivspec = new IvParameterSpec(subarray(encryptedMessage, 0, IV_SIZE)); - byte[] realData = subarray(encryptedMessage, IV_SIZE, encryptedMessage.length); - cipher.init(Cipher.DECRYPT_MODE, getSecretKeySpec(base64key), ivspec); + cipher = Cipher.getInstance(ALGORITHM_DETAILS, CIPHER_PROVIDER); + byte[] initVector = Arrays.copyOfRange(encryptedMessage, 0, GCM_IV_LENGTH); + GCMParameterSpec spec = + new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, initVector); + byte[] realData = subarray(encryptedMessage, GCM_IV_LENGTH, encryptedMessage.length); + cipher.init(Cipher.DECRYPT_MODE, getSecretKeySpec(base64key), spec); decrypted = cipher.doFinal(realData); } catch (Exception ex) { @@ -120,7 +124,7 @@ public class CipherUtil { private static byte[] subarray(byte[] array, int startIndexInclusive, int endIndexExclusive) { if (array == null) { - return null; + return new byte[0]; } else { if (startIndexInclusive < 0) { startIndexInclusive = 0; diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java deleted file mode 100644 index 402803479f..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java +++ /dev/null @@ -1,64 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -import org.junit.Test; - -import javax.servlet.http.Cookie; - -import java.io.IOException; -import org.openecomp.sdc.securityutil.AuthenticationCookie; -import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; -import org.openecomp.sdc.securityutil.CipherUtilException; -import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; -import org.openecomp.sdc.securityutil.filters.SampleFilter; - -import static org.junit.Assert.*; - -public class AuthenticationCookieUtilsTest { - - private SampleFilter sessionValidationFilter = new SampleFilter(); - private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration(); - - @Test - public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException { - // original cookie, pojo and servlet cookie - AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); - Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils - .getEncryptedCookie(authenticationCookieOriginal,filterCfg )); - // cookie with increased time, pojo and servlet cookie - Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg); - AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg); - // validation - long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime(); - long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime(); - assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased); - } - - @Test - public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException { - // original cookie, pojo and servlet cookie - AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); - Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); - // cookie with increased time, pojo and servlet cookie - AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg); - assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie)); - } - -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java deleted file mode 100644 index 888c888d42..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java +++ /dev/null @@ -1,73 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang.RandomStringUtils; -import org.junit.Test; -import org.openecomp.sdc.securityutil.CipherUtil; -import org.openecomp.sdc.securityutil.CipherUtilException; - -import static org.junit.Assert.*; - -public class CipherUtilTest { - - private static final String KEY = "AGLDdG4D04BKm2IxIWEr8o=="; - private static final String DATA = "data"; - - @Test - public void encryptDecryptPKC() throws CipherUtilException { - String generatedKey = RandomStringUtils.randomAlphabetic(16); - String base64Key = Base64.encodeBase64String(generatedKey.getBytes()); - String encrypted = CipherUtil.encryptPKC(DATA, base64Key); - assertNotEquals(DATA, encrypted); - String decrypted = CipherUtil.decryptPKC(encrypted, base64Key); - assertEquals(decrypted, DATA); - } - - @Test - public void encryptInvalidKey() { - try { - CipherUtil.encryptPKC(DATA, "invalidKey"); - fail(); - } catch (CipherUtilException ex) { - assertTrue(ex.getMessage().contains("Invalid AES key length")); - } - } - - @Test - public void decryptInvalidKey() { - try { - CipherUtil.decryptPKC(DATA, "invalidKey"); - fail(); - } catch (CipherUtilException ex) { - assertTrue(ex.getMessage().contains("length")); - } - } - - @Test - public void decryptInvalidData() { - try { - CipherUtil.decryptPKC(DATA, KEY); - fail(); - } catch (CipherUtilException ex) { - assertTrue(ex.getMessage().contains("Wrong IV length")); - } - } -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java deleted file mode 100644 index d3ba3bbe4e..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java +++ /dev/null @@ -1,95 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -import org.junit.Test; -import org.openecomp.sdc.securityutil.Passwords; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -public class PasswordsTest { - - @Test - public void hashPassword() throws Exception { - String hash = Passwords.hashPassword("hello1234"); - assertTrue(Passwords.isExpectedPassword("hello1234", hash)); - - //test different salt-> result in different hash - String hash2 = Passwords.hashPassword("hello1234"); - assertFalse(hash.equals(hash2)); - - String hash3 = Passwords.hashPassword(""); - assertTrue(Passwords.isExpectedPassword("", hash3)); - - String hash4 = Passwords.hashPassword(null); - assertTrue(hash4 == null); - } - - @Test - public void isExpectedPassword() throws Exception { - //region isExpectedPassword(String password, String salt, String hash) - assertTrue(Passwords.isExpectedPassword(null, null, null)); - //valid hash - assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //invalid salt - assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - assertFalse(Passwords.isExpectedPassword("hello1234", null, "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //exacly 1 param uninitialized - assertFalse(Passwords.isExpectedPassword("hello1234", "", null)); - assertFalse(Passwords.isExpectedPassword(null, "", "hello1234")); - //no salt & no hash - assertFalse(Passwords.isExpectedPassword("hello1234", null, "hello1234")); - //endregion - - //region isExpectedPassword(String password, String expectedHash) - assertTrue(Passwords.isExpectedPassword(null, null)); - //valid hash - assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //invalid salt - assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //exacly 1 param uninitialized - assertFalse(Passwords.isExpectedPassword("hello1234", null)); - assertFalse(Passwords.isExpectedPassword(null, "hello1234")); - //no salt & no hash - assertFalse(Passwords.isExpectedPassword("hello1234", "hello1234")); - //endregion - } - - @Test - public void hashtest() { - String password = "123456"; - String hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = "1sdfgsgd23456"; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = "1sdfgsgd2345((*&%$%6"; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = ""; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = " "; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - } - - -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java deleted file mode 100644 index 5960c82130..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java +++ /dev/null @@ -1,54 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -import org.junit.Test; - -import java.io.IOException; -import java.util.HashSet; -import java.util.Set; -import org.openecomp.sdc.securityutil.AuthenticationCookie; -import org.openecomp.sdc.securityutil.RepresentationUtils; - -import static org.junit.Assert.assertTrue; - -public class RepresentationUtilsTest { - - private static AuthenticationCookie originalCookie = new AuthenticationCookie("kuku"); - - @Test - public void representationE2EwithRoleNull() throws IOException { - originalCookie.setRoles(null); - String jsonStr = RepresentationUtils.toRepresentation(originalCookie); - AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); - assertTrue(originalCookie.equals(cookieFromJson)); - } - - @Test - public void representationE2EwithRoleNotNull() throws IOException { - Set roles = new HashSet(); - roles.add("Designer"); - roles.add("Admin"); - roles.add("Tester"); - originalCookie.setRoles(roles); - String jsonStr = RepresentationUtils.toRepresentation(originalCookie); - AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); - assertTrue(originalCookie.equals(cookieFromJson)); - } -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java deleted file mode 100644 index 07151bc4d5..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java +++ /dev/null @@ -1,178 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.Spy; -import org.mockito.junit.MockitoJUnitRunner; - -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import org.openecomp.sdc.securityutil.AuthenticationCookie; -import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; -import org.openecomp.sdc.securityutil.CipherUtilException; -import org.openecomp.sdc.securityutil.RepresentationUtils; -import org.openecomp.sdc.securityutil.filters.ResponceWrapper; -import org.openecomp.sdc.securityutil.filters.SampleFilter; - -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.when; - -@RunWith(MockitoJUnitRunner.class) -public class SessionValidationFilterTest { - - @Mock - private HttpServletRequest request; - @Spy - private HttpServletResponse response; - @Mock - private FilterChain filterChain; - @Mock - private FilterConfig filterConfig; - @Mock - private ResponceWrapper responceWrapper; - - // implementation of SessionValidationFilter - @InjectMocks - @Spy - private SampleFilter sessionValidationFilter = new SampleFilter(); - - @Before - public void setUpClass() throws ServletException { - sessionValidationFilter.init(filterConfig); - } - - @Test - public void excludedUrlHealthcheck() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/healthCheck"); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - - @Test - public void excludedUrlUpload() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/upload/123"); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - - // case when url pattern in web.xml is forward slash (/) - @Test - public void pathInfoIsNull() throws IOException, ServletException { - when(request.getServletPath()).thenReturn("/upload/2"); - when(request.getPathInfo()).thenReturn(null); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - - @Test - public void noCookiesInRequest() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/resource"); - when(request.getCookies()).thenReturn(new Cookie[0]); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void nullCookiesInRequest() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/resource"); - when(request.getCookies()).thenReturn(null); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/resource"); - String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1); - Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku"))); - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - // set max session time to timout value - long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut(); - long startTime = authenticationCookie.getMaxSessionTime(); - long timeout = startTime - maxSessionTimeOut - 1000l; - authenticationCookie.setMaxSessionTime(timeout); - Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils - .getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - // set session time to timout to idle - long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut(); - long sessionStartTime = authenticationCookie.getCurrentSessionTime(); - long timeout = sessionStartTime - idleSessionTimeOut - 2000; - authenticationCookie.setCurrentSessionTime(timeout); - Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - -// test validate contains - @Test - public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtilsTest.java new file mode 100644 index 0000000000..6c1e6cb849 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/AuthenticationCookieUtilsTest.java @@ -0,0 +1,66 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.securityutil; + +import org.junit.Test; + +import javax.servlet.http.Cookie; + +import java.io.IOException; +import org.openecomp.sdc.securityutil.AuthenticationCookie; +import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; +import org.openecomp.sdc.securityutil.CipherUtilException; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.openecomp.sdc.securityutil.filters.SampleFilter; + +import static org.junit.Assert.*; + +public class AuthenticationCookieUtilsTest { + + private SampleFilter sessionValidationFilter = new SampleFilter(); + private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration(); + + @Test + public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException { + // original cookie, pojo and servlet cookie + AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); + Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils + .getEncryptedCookie(authenticationCookieOriginal,filterCfg )); + // cookie with increased time, pojo and servlet cookie + Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg); + AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg); + // validation + long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime(); + long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime(); + assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased); + } + + @Test + public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException { + // original cookie, pojo and servlet cookie + AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); + Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); + // cookie with increased time, pojo and servlet cookie + AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg); + assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie)); + } + +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/CipherUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/CipherUtilTest.java new file mode 100644 index 0000000000..437974de02 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/CipherUtilTest.java @@ -0,0 +1,73 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.securityutil; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.RandomStringUtils; +import org.junit.Test; + +import static org.junit.Assert.*; + +public class CipherUtilTest { + + private static final String KEY = "AGLDdG4D04BKm2IxIWEr8o=="; + private static final String DATA = "data"; + + @Test + public void encryptDecryptPKC() throws CipherUtilException { + String generatedKey = RandomStringUtils.randomAlphabetic(16); + String base64Key = Base64.encodeBase64String(generatedKey.getBytes()); + String encrypted = CipherUtil.encryptPKC(DATA, base64Key); + assertNotEquals(DATA, encrypted); + String decrypted = CipherUtil.decryptPKC(encrypted, base64Key); + assertEquals(decrypted, DATA); + } + + @Test + public void encryptInvalidKey() { + try { + CipherUtil.encryptPKC(DATA, "invalidKey"); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("Invalid AES key length")); + } + } + + @Test + public void decryptInvalidKey() { + try { + CipherUtil.decryptPKC(DATA, "invalidKey"); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("length")); + } + } + + @Test + public void decryptInvalidData() { + try { + CipherUtil.decryptPKC(DATA, KEY); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("Input too short")); + } + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/PasswordsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/PasswordsTest.java new file mode 100644 index 0000000000..34a0c52604 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/PasswordsTest.java @@ -0,0 +1,97 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.securityutil; + +import org.junit.Test; +import org.openecomp.sdc.securityutil.Passwords; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class PasswordsTest { + + @Test + public void hashPassword() throws Exception { + String hash = Passwords.hashPassword("hello1234"); + assertTrue(Passwords.isExpectedPassword("hello1234", hash)); + + //test different salt-> result in different hash + String hash2 = Passwords.hashPassword("hello1234"); + assertFalse(hash.equals(hash2)); + + String hash3 = Passwords.hashPassword(""); + assertTrue(Passwords.isExpectedPassword("", hash3)); + + String hash4 = Passwords.hashPassword(null); + assertTrue(hash4 == null); + } + + @Test + public void isExpectedPassword() throws Exception { + //region isExpectedPassword(String password, String salt, String hash) + assertTrue(Passwords.isExpectedPassword(null, null, null)); + //valid hash + assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //invalid salt + assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + assertFalse(Passwords.isExpectedPassword("hello1234", null, "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //exacly 1 param uninitialized + assertFalse(Passwords.isExpectedPassword("hello1234", "", null)); + assertFalse(Passwords.isExpectedPassword(null, "", "hello1234")); + //no salt & no hash + assertFalse(Passwords.isExpectedPassword("hello1234", null, "hello1234")); + //endregion + + //region isExpectedPassword(String password, String expectedHash) + assertTrue(Passwords.isExpectedPassword(null, null)); + //valid hash + assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //invalid salt + assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //exacly 1 param uninitialized + assertFalse(Passwords.isExpectedPassword("hello1234", null)); + assertFalse(Passwords.isExpectedPassword(null, "hello1234")); + //no salt & no hash + assertFalse(Passwords.isExpectedPassword("hello1234", "hello1234")); + //endregion + } + + @Test + public void hashtest() { + String password = "123456"; + String hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = "1sdfgsgd23456"; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = "1sdfgsgd2345((*&%$%6"; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = ""; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = " "; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + } + + +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/RepresentationUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/RepresentationUtilsTest.java new file mode 100644 index 0000000000..f7af4a9318 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/RepresentationUtilsTest.java @@ -0,0 +1,56 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.securityutil; + +import org.junit.Test; + +import java.io.IOException; +import java.util.HashSet; +import java.util.Set; +import org.openecomp.sdc.securityutil.AuthenticationCookie; +import org.openecomp.sdc.securityutil.RepresentationUtils; + +import static org.junit.Assert.assertTrue; + +public class RepresentationUtilsTest { + + private static AuthenticationCookie originalCookie = new AuthenticationCookie("kuku"); + + @Test + public void representationE2EwithRoleNull() throws IOException { + originalCookie.setRoles(null); + String jsonStr = RepresentationUtils.toRepresentation(originalCookie); + AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); + assertTrue(originalCookie.equals(cookieFromJson)); + } + + @Test + public void representationE2EwithRoleNotNull() throws IOException { + Set roles = new HashSet(); + roles.add("Designer"); + roles.add("Admin"); + roles.add("Tester"); + originalCookie.setRoles(roles); + String jsonStr = RepresentationUtils.toRepresentation(originalCookie); + AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); + assertTrue(originalCookie.equals(cookieFromJson)); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilterTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilterTest.java new file mode 100644 index 0000000000..cb11ef97f4 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/org/openecomp/sdc/securityutil/filters/SessionValidationFilterTest.java @@ -0,0 +1,180 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.sdc.securityutil.filters; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.Spy; +import org.mockito.junit.MockitoJUnitRunner; + +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import org.openecomp.sdc.securityutil.AuthenticationCookie; +import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; +import org.openecomp.sdc.securityutil.CipherUtilException; +import org.openecomp.sdc.securityutil.RepresentationUtils; +import org.openecomp.sdc.securityutil.filters.ResponceWrapper; +import org.openecomp.sdc.securityutil.filters.SampleFilter; + +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class SessionValidationFilterTest { + + @Mock + private HttpServletRequest request; + @Spy + private HttpServletResponse response; + @Mock + private FilterChain filterChain; + @Mock + private FilterConfig filterConfig; + @Mock + private ResponceWrapper responceWrapper; + + // implementation of SessionValidationFilter + @InjectMocks + @Spy + private SampleFilter sessionValidationFilter = new SampleFilter(); + + @Before + public void setUpClass() throws ServletException { + sessionValidationFilter.init(filterConfig); + } + + @Test + public void excludedUrlHealthcheck() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/healthCheck"); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + @Test + public void excludedUrlUpload() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/upload/123"); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + // case when url pattern in web.xml is forward slash (/) + @Test + public void pathInfoIsNull() throws IOException, ServletException { + when(request.getServletPath()).thenReturn("/upload/2"); + when(request.getPathInfo()).thenReturn(null); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + @Test + public void noCookiesInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + when(request.getCookies()).thenReturn(new Cookie[0]); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void nullCookiesInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + when(request.getCookies()).thenReturn(null); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1); + Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku"))); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + // set max session time to timout value + long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut(); + long startTime = authenticationCookie.getMaxSessionTime(); + long timeout = startTime - maxSessionTimeOut - 1000l; + authenticationCookie.setMaxSessionTime(timeout); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils + .getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + // set session time to timout to idle + long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut(); + long sessionStartTime = authenticationCookie.getCurrentSessionTime(); + long timeout = sessionStartTime - idleSessionTimeOut - 2000; + authenticationCookie.setCurrentSessionTime(timeout); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + +// test validate contains + @Test + public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + +} -- cgit 1.2.3-korg