From 4df12c3113b1b42f733e7ca5f1f70014f5e13f61 Mon Sep 17 00:00:00 2001
From: Ian Young <ian@iay.org.uk>
Date: Wed, 11 Oct 2017 14:15:20 +0100
Subject: [PATCH] Add RejectDomainNamePublicSuffixValidator

---
 ...RejectDomainNamePublicSuffixValidator.java | 42 +++++++++++
 .../uk/org/iay/incommon/mda/beans.xml         |  3 +
 ...ctDomainNamePublicSuffixValidatorTest.java | 71 +++++++++++++++++++
 3 files changed, 116 insertions(+)
 create mode 100644 src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidator.java
 create mode 100644 src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidatorTest.java

diff --git a/src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidator.java b/src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidator.java
new file mode 100644
index 0000000..951e804
--- /dev/null
+++ b/src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidator.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.org.iay.incommon.mda.validate.net;
+
+import javax.annotation.Nonnull;
+
+import com.google.common.net.InternetDomainName;
+
+import net.shibboleth.metadata.Item;
+import net.shibboleth.metadata.validate.Validator;
+import uk.org.iay.incommon.mda.validate.BaseLocalValidator;
+
+/**
+ * A validator that rejects an {@link InternetDomainName} if it is a public suffix.
+ */
+public class RejectDomainNamePublicSuffixValidator extends BaseLocalValidator
+    implements Validator<InternetDomainName> {
+
+    @Override
+    public Action validate(@Nonnull final InternetDomainName domain, @Nonnull final Item<?> item,
+            @Nonnull final String stageId) {
+        if (domain.isPublicSuffix()) {
+            addErrorMessage(domain, item, stageId);
+            return Action.DONE;
+        } else {
+            return Action.CONTINUE;
+        }
+    }
+
+}
diff --git a/src/main/resources/uk/org/iay/incommon/mda/beans.xml b/src/main/resources/uk/org/iay/incommon/mda/beans.xml
index a980855..d6e4cc4 100644
--- a/src/main/resources/uk/org/iay/incommon/mda/beans.xml
+++ b/src/main/resources/uk/org/iay/incommon/mda/beans.xml
@@ -53,6 +53,9 @@
     <bean id="inc.RejectDomainNameNotUnderPublicSuffixValidator" abstract="true" parent="inc.component_parent"
         class="uk.org.iay.incommon.mda.validate.net.RejectDomainNameNotUnderPublicSuffixValidator"/>
 
+    <bean id="inc.RejectDomainNamePublicSuffixValidator" abstract="true" parent="inc.component_parent"
+        class="uk.org.iay.incommon.mda.validate.net.RejectDomainNamePublicSuffixValidator"/>
+
     <bean id="inc.RejectStringRegexValidator" abstract="true" parent="inc.component_parent"
         class="uk.org.iay.incommon.mda.validate.string.RejectStringRegexValidator"/>
 
diff --git a/src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidatorTest.java b/src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidatorTest.java
new file mode 100644
index 0000000..7d4625f
--- /dev/null
+++ b/src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNamePublicSuffixValidatorTest.java
@@ -0,0 +1,71 @@
+package uk.org.iay.incommon.mda.validate.net;
+
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import com.google.common.net.InternetDomainName;
+
+import net.shibboleth.metadata.ErrorStatus;
+import net.shibboleth.metadata.Item;
+import net.shibboleth.metadata.validate.Validator.Action;
+import uk.org.ukfederation.mda.MockItem;
+
+public class RejectDomainNamePublicSuffixValidatorTest {
+
+    @Test
+    public void normal() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNamePublicSuffixValidator val =
+                new RejectDomainNamePublicSuffixValidator();
+        val.setId("validate");
+        val.initialize();
+
+        final InternetDomainName domain = InternetDomainName.from("example.org");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.CONTINUE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
+
+        Assert.assertEquals(val.validate(InternetDomainName.from("ed.ac.uk"), item, "stage"), Action.CONTINUE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
+
+        Assert.assertEquals(val.validate(InternetDomainName.from("complete.nonsense"), item, "stage"), Action.CONTINUE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
+    }
+
+    @Test
+    public void uk() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNamePublicSuffixValidator val =
+                new RejectDomainNamePublicSuffixValidator();
+        val.setId("validate");
+        val.initialize();
+
+        final InternetDomainName domain = InternetDomainName.from("uk");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.DONE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1);
+        Assert.assertTrue(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage().contains("rejected"));
+    }
+
+    @Test
+    public void ac_uk() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNamePublicSuffixValidator val =
+                new RejectDomainNamePublicSuffixValidator();
+        val.setId("validate");
+        val.initialize();
+
+        final InternetDomainName domain = InternetDomainName.from("ac.uk");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.DONE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1);
+        Assert.assertTrue(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage().contains("rejected"));
+    }
+
+}