server/openejb-server/src/test/java/org/apache/openejb/server/ServiceAccessControllerTest.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package org.apache.openejb.server;

import junit.framework.TestCase;
import org.apache.openejb.server.auth.IPAddressPermission;
import org.apache.openejb.server.auth.IPAddressPermissionFactory;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.util.Properties;

public class ServiceAccessControllerTest extends TestCase {

    public void testWrongExactIPAddressPermission1() throws Exception {
        try {
            IPAddressPermissionFactory.getIPAddressMask("121.122.123.a");
            fail();
        } catch (IllegalArgumentException e) {
        }
    }

    public void testWrongExactIPAddressPermission2() throws Exception {
        try {
            IPAddressPermissionFactory.getIPAddressMask("121.122.123.256");
            fail();
        } catch (IllegalArgumentException e) {
        }
    }

    public void testExactIPAddressPermission() throws Exception {
        final IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.124");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 124})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 125})));
    }

    public void testWrongStartWithIPAddressPermission1() throws Exception {
        try {
            IPAddressPermissionFactory.getIPAddressMask("121.0.123.0");
            fail();
        } catch (IllegalArgumentException e) {
        }
    }

    public void testStartWithIPAddressPermission() throws Exception {
        final IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.0.0");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 124})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 123, 123, 124})));
    }

    public void testFactorizedIPAddressPermission() throws Exception {
        IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.{1,2,3}");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 1})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 2})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 3})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, 4})));

        permission = IPAddressPermissionFactory.getIPAddressMask("121.122.{1,2,3}");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 1, 1})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 2, 2})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 3, 3})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 4, 3})));
    }

    public void testNetmaskIPAddressPermission() throws Exception {
        IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.254/31");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 254})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 255})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 253})));

        permission = IPAddressPermissionFactory.getIPAddressMask("121.122.123.254/255.255.255.254");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 254})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 255})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{121, 122, 123, (byte) 253})));
    }

    public void testExactIPv6AddressPermission() throws Exception {
        final IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("101:102:103:104:105:106:107:108");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, 1, 8})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, 1, 9})));
    }

    public void testNetmaskIPv6AddressPermission() throws Exception {
        IPAddressPermission permission = IPAddressPermissionFactory.getIPAddressMask("101:102:103:104:105:106:107:FFFE/127");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 254})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 255})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 253})));

        permission = IPAddressPermissionFactory.getIPAddressMask("101:102:103:104:105:106:107:FFFE/FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFE");
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 254})));
        assertTrue(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 255})));
        assertFalse(permission.implies(InetAddress.getByAddress(new byte[]{1, 1, 1, 2, 1, 3, 1, 4, 1, 5, 1, 6, 1, 7, (byte) 255, (byte) 253})));
    }

    //    public void testServiceOKWithInit() throws Exception {
    //        Properties properties = new Properties();
    //        properties.put("only_from", "121.122.{56,57}");
    //
    //        MockServerService mockServerService = new MockServerService();
    //        ServiceAccessController controller = new ServiceAccessController(mockServerService);
    //        controller.init(properties);
    //
    //        executeTestServiceOK(mockServerService, controller);
    //    }
    //
    //    public void testServiceNOKWithInit() throws Exception {
    //        Properties properties = new Properties();
    //        properties.put("only_from", "121.122.{56,57}");
    //
    //        MockServerService mockServerService = new MockServerService();
    //        ServiceAccessController controller = new ServiceAccessController(mockServerService);
    //        controller.init(properties);
    //
    //        executeTestServiceOK(mockServerService, controller);
    //    }

    private void executeTestServiceOK(final MockServerService mockServerService, final ServiceAccessController controller) throws ServiceException, IOException {
        MockSocket mockSocket = new MockSocket(InetAddress.getByAddress(new byte[]{121, 122, 56, 123}));
        controller.service(mockSocket);
        assertSame(mockSocket, mockServerService.socket);

        mockSocket = new MockSocket(InetAddress.getByAddress(new byte[]{121, 122, 57, 123}));
        controller.service(mockSocket);
        assertSame(mockSocket, mockServerService.socket);
    }

    private void executeTestServiceNOK(final ServiceAccessController controller) throws ServiceException, IOException {
        final MockSocket mockSocket = new MockSocket(InetAddress.getByAddress(new byte[]{121, 122, 58, 123}));
        try {
            controller.service(mockSocket);
            fail();
        } catch (SecurityException e) {
        }
    }

    private static class MockSocket extends Socket {

        private final InetAddress address;

        private MockSocket(final InetAddress address) {
            this.address = address;
        }

        @Override
        public InetAddress getInetAddress() {
            return address;
        }
    }

    private static class MockServerService implements ServerService {

        private Socket socket;

        @Override
        public void init(final Properties props) throws Exception {
        }

        @Override
        public void start() throws ServiceException {
            throw new AssertionError();
        }

        @Override
        public void stop() throws ServiceException {
            throw new AssertionError();
        }

        @Override
        public String getIP() {
            throw new AssertionError();
        }

        @Override
        public int getPort() {
            throw new AssertionError();
        }

        @Override
        public void service(final Socket socket) throws ServiceException, IOException {
            this.socket = socket;
        }

        @Override
        public void service(final InputStream in, final OutputStream out) throws ServiceException, IOException {
        }

        @Override
        public String getName() {
            throw new AssertionError();
        }
    }
}