From c30bd08709a25ea81e6aac4947d13ccbc4b0eb44 Mon Sep 17 00:00:00 2001 From: Ian Young Date: Tue, 10 Oct 2017 18:09:44 +0100 Subject: [PATCH] Add RejectDomainNameNotUnderPublicSuffixValidator --- ...mainNameNotUnderPublicSuffixValidator.java | 45 ++++++++++ .../mda/validate/net/package-info.java | 18 ++++ .../uk/org/iay/incommon/mda/beans.xml | 3 + ...NameNotUnderPublicSuffixValidatorTest.java | 89 +++++++++++++++++++ 4 files changed, 155 insertions(+) create mode 100644 src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidator.java create mode 100644 src/main/java/uk/org/iay/incommon/mda/validate/net/package-info.java create mode 100644 src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidatorTest.java diff --git a/src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidator.java b/src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidator.java new file mode 100644 index 0000000..08cc901 --- /dev/null +++ b/src/main/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidator.java @@ -0,0 +1,45 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package uk.org.iay.incommon.mda.validate.net; + +import javax.annotation.Nonnull; + +import com.google.common.net.InternetDomainName; + +import net.shibboleth.metadata.Item; +import net.shibboleth.metadata.validate.Validator; +import uk.org.iay.incommon.mda.validate.BaseLocalValidator; + +/** + * A validator that checks whether an {@link InternetDomainName} is under a public suffix. + * + * A domain name which is not under a public suffix might be a public suffix itself, + * or might terminate in something which is not a public suffix. + */ +public class RejectDomainNameNotUnderPublicSuffixValidator extends BaseLocalValidator + implements Validator { + + @Override + public Action validate(@Nonnull final InternetDomainName domain, @Nonnull final Item item, + @Nonnull final String stageId) { + if (domain.isUnderPublicSuffix()) { + return Action.CONTINUE; + } else { + addErrorMessage(domain, item, stageId); + return Action.DONE; + } + } + +} diff --git a/src/main/java/uk/org/iay/incommon/mda/validate/net/package-info.java b/src/main/java/uk/org/iay/incommon/mda/validate/net/package-info.java new file mode 100644 index 0000000..fce709b --- /dev/null +++ b/src/main/java/uk/org/iay/incommon/mda/validate/net/package-info.java @@ -0,0 +1,18 @@ +/* + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * Classes for validation of network-related object types. + */ +package uk.org.iay.incommon.mda.validate.net; diff --git a/src/main/resources/uk/org/iay/incommon/mda/beans.xml b/src/main/resources/uk/org/iay/incommon/mda/beans.xml index 101f273..a980855 100644 --- a/src/main/resources/uk/org/iay/incommon/mda/beans.xml +++ b/src/main/resources/uk/org/iay/incommon/mda/beans.xml @@ -50,6 +50,9 @@ + + diff --git a/src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidatorTest.java b/src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidatorTest.java new file mode 100644 index 0000000..57918f2 --- /dev/null +++ b/src/test/java/uk/org/iay/incommon/mda/validate/net/RejectDomainNameNotUnderPublicSuffixValidatorTest.java @@ -0,0 +1,89 @@ +package uk.org.iay.incommon.mda.validate.net; + +import org.testng.Assert; +import org.testng.annotations.Test; + +import com.google.common.net.InternetDomainName; + +import net.shibboleth.metadata.ErrorStatus; +import net.shibboleth.metadata.Item; +import net.shibboleth.metadata.validate.Validator.Action; +import uk.org.ukfederation.mda.MockItem; + +public class RejectDomainNameNotUnderPublicSuffixValidatorTest { + + @Test + public void normal() throws Exception { + final Item item = new MockItem("content"); + final RejectDomainNameNotUnderPublicSuffixValidator val = + new RejectDomainNameNotUnderPublicSuffixValidator(); + val.setId("validate"); + val.initialize(); + + final InternetDomainName domain = InternetDomainName.from("example.org"); + Assert.assertNotNull(domain); + final Action res = val.validate(domain, item, "stage"); + Assert.assertNotNull(res); + Assert.assertEquals(res, Action.CONTINUE); + Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0); + + Assert.assertEquals(val.validate(InternetDomainName.from("ed.ac.uk"), item, "stage"), Action.CONTINUE); + Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 0); + } + + @Test + public void uk() throws Exception { + final Item item = new MockItem("content"); + final RejectDomainNameNotUnderPublicSuffixValidator val = + new RejectDomainNameNotUnderPublicSuffixValidator(); + val.setId("validate"); + val.initialize(); + + final InternetDomainName domain = InternetDomainName.from("uk"); + Assert.assertNotNull(domain); + final Action res = val.validate(domain, item, "stage"); + Assert.assertNotNull(res); + Assert.assertEquals(res, Action.DONE); + Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1); + Assert.assertTrue(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage().contains("rejected")); + } + + @Test + public void ac_uk() throws Exception { + final Item item = new MockItem("content"); + final RejectDomainNameNotUnderPublicSuffixValidator val = + new RejectDomainNameNotUnderPublicSuffixValidator(); + val.setId("validate"); + val.initialize(); + + final InternetDomainName domain = InternetDomainName.from("ac.uk"); + Assert.assertNotNull(domain); + final Action res = val.validate(domain, item, "stage"); + Assert.assertNotNull(res); + Assert.assertEquals(res, Action.DONE); + Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1); + Assert.assertTrue(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage().contains("rejected")); + } + + @Test + public void wibble_wobble() throws Exception { + final Item item = new MockItem("content"); + final RejectDomainNameNotUnderPublicSuffixValidator val = + new RejectDomainNameNotUnderPublicSuffixValidator(); + val.setId("validate"); + val.setMessage("scope is not under a public suffix: '%s'"); + val.initialize(); + + // This is (currently) just a nonsense value, so it doesn't have a public suffix + // and isn't under one either. + final InternetDomainName domain = InternetDomainName.from("wibble.wobble"); + Assert.assertNotNull(domain); + final Action res = val.validate(domain, item, "stage"); + Assert.assertNotNull(res); + Assert.assertEquals(res, Action.DONE); + Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).size(), 1); + Assert.assertEquals(item.getItemMetadata().get(ErrorStatus.class).get(0).getStatusMessage(), + "scope is not under a public suffix: 'wibble.wobble'"); + } + +}