Add RejectDomainNameNotUnderPublicSuffixValidator

src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidator.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package uk.org.iay.incommon.mda.validate.net;
+
+import javax.annotation.Nonnull;
+
+import com.google.common.net.InternetDomainName;
+
+import net.shibboleth.metadata.Item;
+import net.shibboleth.metadata.validate.Validator;
+import uk.org.iay.incommon.mda.validate.BaseLocalValidator;
+
+/**
+ * A validator that checks whether an {@link InternetDomainName} is under a public suffix.
+ *
+ * A domain name which is <em>not</em> under a public suffix might be a public suffix itself,
+ * or might terminate in something which is not a public suffix.
+ */
+public class RejectDomainNameNotUnderPublicSuffixValidator extends BaseLocalValidator
+    implements Validator<InternetDomainName> {
+
+    @Override
+    public Action validate(@Nonnull final InternetDomainName domain, @Nonnull final Item<?> item,
+            @Nonnull final String stageId) {
+        if (domain.isUnderPublicSuffix()) {
+            return Action.CONTINUE;
+        } else {
+            addErrorMessage(domain, item, stageId);
+            return Action.DONE;
+        }
+    }
+
+}

src/main/java/uk/org/iay/incommon/mda/validate/net/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * Classes for validation of network-related object types.
+ */
+package uk.org.iay.incommon.mda.validate.net;

src/main/resources/uk/org/iay/incommon/mda/beans.xml

@@ -50,6 +50,9 @@
     <bean id="inc.RejectAllValidator" abstract="true" parent="inc.component_parent"
         class="uk.org.iay.incommon.mda.validate.RejectAllValidator"/>
 
+    <bean id="inc.RejectDomainNameNotUnderPublicSuffixValidator" abstract="true" parent="inc.component_parent"
+        class="uk.org.iay.incommon.mda.validate.net.RejectDomainNameNotUnderPublicSuffixValidator"/>
+
     <bean id="inc.RejectStringRegexValidator" abstract="true" parent="inc.component_parent"
         class="uk.org.iay.incommon.mda.validate.string.RejectStringRegexValidator"/>
 

src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidatorTest.java

@@ -0,0 +1,89 @@
+package uk.org.iay.incommon.mda.validate.net;
+
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+import com.google.common.net.InternetDomainName;
+
+import net.shibboleth.metadata.ErrorStatus;
+import net.shibboleth.metadata.Item;
+import net.shibboleth.metadata.validate.Validator.Action;
+import uk.org.ukfederation.mda.MockItem;
+
+public class RejectDomainNameNotUnderPublicSuffixValidatorTest {
+
+    @Test
+    public void normal() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNameNotUnderPublicSuffixValidator val =
+                new RejectDomainNameNotUnderPublicSuffixValidator();
+        val.setId("validate");
+        val.initialize();
+
+        final InternetDomainName domain = InternetDomainName.from("example.org");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.CONTINUE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
+
+        Assert.assertEquals(val.validate(InternetDomainName.from("ed.ac.uk"), item, "stage"), Action.CONTINUE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0);
+    }
+
+    @Test
+    public void uk() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNameNotUnderPublicSuffixValidator val =
+                new RejectDomainNameNotUnderPublicSuffixValidator();
+        val.setId("validate");
+        val.initialize();
+
+        final InternetDomainName domain = InternetDomainName.from("uk");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.DONE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1);
+        Assert.assertTrue(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage().contains("rejected"));
+    }
+
+    @Test
+    public void ac_uk() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNameNotUnderPublicSuffixValidator val =
+                new RejectDomainNameNotUnderPublicSuffixValidator();
+        val.setId("validate");
+        val.initialize();
+
+        final InternetDomainName domain = InternetDomainName.from("ac.uk");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.DONE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1);
+        Assert.assertTrue(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage().contains("rejected"));
+    }
+
+    @Test
+    public void wibble_wobble() throws Exception {
+        final Item<String> item = new MockItem("content");
+        final RejectDomainNameNotUnderPublicSuffixValidator val =
+                new RejectDomainNameNotUnderPublicSuffixValidator();
+        val.setId("validate");
+        val.setMessage("scope is not under a public suffix: '%s'");
+        val.initialize();
+
+        // This is (currently) just a nonsense value, so it doesn't have a public suffix
+        // and isn't under one either.
+        final InternetDomainName domain = InternetDomainName.from("wibble.wobble");
+        Assert.assertNotNull(domain);
+        final Action res = val.validate(domain, item, "stage");
+        Assert.assertNotNull(res);
+        Assert.assertEquals(res, Action.DONE);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1);
+        Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage(),
+                "scope is not under a public suffix: 'wibble.wobble'");
+    }
+
+}