/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.openejb.server;
import junit.framework.TestCase;
import org.apache.openejb.server.auth.IPAddressPermission;
import org.apache.openejb.server.auth.IPAddressPermissionFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.util.Properties;
public class ServiceAccessControllerTest extends TestCase {
public void testWrongExactIPAddressPermission1() throws Exception {
try {
IPAddressPermissionFactory.getIPAddressMask("121.122.123.a");
fail();
} catch (IllegalArgumentException e) {
}
}
public void testWrongExactIPAddressPermission2() throws Exception {
try {
IPAddressPermissionFactory.getIPAddressMask("121.122.123.256");
fail();
} catch (IllegalArgumentException e) {
}
}
public void testExactIPAddressPermission() throws Exception {
final IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.124");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 124})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 125})));
}
public void testWrongStartWithIPAddressPermission1() throws Exception {
try {
IPAddressPermissionFactory.getIPAddressMask("121.0.123.0");
fail();
} catch (IllegalArgumentException e) {
}
}
public void testStartWithIPAddressPermission() throws Exception {
final IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.0.0");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 124})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 123, 123, 124})));
}
public void testFactorizedIPAddressPermission() throws Exception {
IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.{1,2,3}");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 1})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 2})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 3})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 4})));
permission = IPAddressPermissionFactory.getIPAddressMask("121.122.{1,2,3}");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 1, 1})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 2, 2})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 3, 3})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 4, 3})));
}
public void testNetmaskIPAddressPermission() throws Exception {
IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.254/31");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 254})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 255})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 253})));
permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.254/255.255.255.254");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 254})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 255})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 253})));
}
public void testExactIPv6AddressPermission() throws Exception {
final IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("101:102:103:104:105:106:107:108");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, 1, 8})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, 1, 9})));
}
public void testNetmaskIPv6AddressPermission() throws Exception {
IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("101:102:103:104:105:106:107:FFFE/127");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 254})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 255})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 253})));
permission = IPAddressPermissionFactory.getIPAddressMask("101:102:103:104:105:106:107:FFFE/FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFE");
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 254})));
assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 255})));
assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 253})));
}
// public void testServiceOKWithInit() throws Exception {
// Properties properties = new Properties();
// properties.put("only_from", "121.122.{56,57}");
//
// MockServerService mockServerService = new MockServerService();
// ServiceAccessController controller = new ServiceAccessController(mockServerService);
// controller.init(properties);
//
// executeTestServiceOK(mockServerService, controller);
// }
//
// public void testServiceNOKWithInit() throws Exception {
// Properties properties = new Properties();
// properties.put("only_from", "121.122.{56,57}");
//
// MockServerService mockServerService = new MockServerService();
// ServiceAccessController controller = new ServiceAccessController(mockServerService);
// controller.init(properties);
//
// executeTestServiceOK(mockServerService, controller);
// }
private void executeTestServiceOK(final MockServerService mockServerService, final ServiceAccessController controller) throws ServiceException, IOException {
MockSocket mockSocket = new MockSocket(InetAddress.getByAddress(new byte[]{121, 122, 56, 123}));
controller.service(mockSocket);
assertSame(mockSocket, mockServerService.socket);
mockSocket = new MockSocket(InetAddress.getByAddress(new byte[]{121, 122, 57, 123}));
controller.service(mockSocket);
assertSame(mockSocket, mockServerService.socket);
}
private void executeTestServiceNOK(final ServiceAccessController controller) throws ServiceException, IOException {
final MockSocket mockSocket = new MockSocket(InetAddress.getByAddress(new byte[]{121, 122, 58, 123}));
try {
controller.service(mockSocket);
fail();
} catch (SecurityException e) {
}
}
private static class MockSocket extends Socket {
private final InetAddress address;
private MockSocket(final InetAddress address) {
this.address = address;
}
@Override
public InetAddress getInetAddress() {
return address;
}
}
private static class MockServerService implements ServerService {
private Socket socket;
@Override
public void init(final Properties props) throws Exception {
}
@Override
public void start() throws ServiceException {
throw new AssertionError();
}
@Override
public void stop() throws ServiceException {
throw new AssertionError();
}
@Override
public String getIP() {
throw new AssertionError();
}
@Override
public int getPort() {
throw new AssertionError();
}
@Override
public void service(final Socket socket) throws ServiceException, IOException {
this.socket = socket;
}
@Override
public void service(final InputStream in, final OutputStream out) throws ServiceException, IOException {
}
@Override
public String getName() {
throw new AssertionError();
}
}
}