Examples with SoapProtocol com.zimbra.common.soap.SoapProtocol used on opensource projects

Search in sources :

Example 16 with SoapProtocol

use of com.zimbra.common.soap.SoapProtocol in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledNoCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledNoCsrfToken() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
    } catch (SoapFaultException e) {
        assertNotNull(e);
        Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 17 with SoapProtocol

use of com.zimbra.common.soap.SoapProtocol in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledAndCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledAndCsrfToken() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
    String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 18 with SoapProtocol

use of com.zimbra.common.soap.SoapProtocol in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken() throws Exception {
    Map<String, Object> attrs = new HashMap<String, Object>();
    attrs.put(Provisioning.A_zimbraCsrfTokenCheckEnabled, "TRUE");
    prov.modifyAttrs(prov.getConfig(), attrs, true);
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
    String temp = transport.getCsrfToken().substring(7);
    transport.setCsrfToken(temp);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNull(sigt);
    } catch (SoapFaultException e) {
        assertNotNull(e);
        Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) HashMap(java.util.HashMap) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 19 with SoapProtocol

use of com.zimbra.common.soap.SoapProtocol in project zm-mailbox by Zimbra.

the class CrossServerNotification method getHandler.

@Override
public MessageHandler getHandler() {
    return new MessageHandler() {

        @Override
        public void handle(Message m, String clientId) {
            if (!(m instanceof CrossServerNotification)) {
                return;
            }
            CrossServerNotification message = (CrossServerNotification) m;
            Collection<Session> sessions = SessionCache.getSoapSessions(m.getRecipientAccountId());
            if (sessions == null) {
                log.warn("no active sessions for account %s", m.getRecipientAccountId());
                return;
            }
            RemoteNotifications soapNtfn = null, jsonNtfn = null;
            try {
                org.dom4j.Document dom = org.dom4j.DocumentHelper.parseText(message.getPayload());
                soapNtfn = new RemoteNotifications(Element.convertDOM(dom.getRootElement(), XMLElement.mFactory));
                jsonNtfn = new RemoteNotifications(Element.convertDOM(dom.getRootElement(), JSONElement.mFactory));
            } catch (DocumentException e) {
                log.warn("cannot parse notification from %s", clientId, e);
                return;
            }
            for (Session session : sessions) {
                log.debug("notifying session %s", session.toString());
                SoapSession ss = (SoapSession) session;
                SoapProtocol responseProtocol = ss.getResponseProtocol();
                if (responseProtocol == SoapProtocol.Soap11 || responseProtocol == SoapProtocol.Soap12) {
                    ss.addRemoteNotifications(soapNtfn);
                } else if (responseProtocol == SoapProtocol.SoapJS) {
                    ss.addRemoteNotifications(jsonNtfn);
                }
                ss.forcePush();
            }
        }
    };
}
Also used : SoapSession(com.zimbra.cs.session.SoapSession) RemoteNotifications(com.zimbra.cs.session.SoapSession.RemoteNotifications) DocumentException(org.dom4j.DocumentException) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapSession(com.zimbra.cs.session.SoapSession) Session(com.zimbra.cs.session.Session)

Example 20 with SoapProtocol

use of com.zimbra.common.soap.SoapProtocol in project zm-mailbox by Zimbra.

the class TestGetSignature method getSignaturePlainSig.

@Test
public void getSignaturePlainSig() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.FALSE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/plain");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
    GetSignaturesRequest getSigReq = new GetSignaturesRequest();
    sigReq = JaxbUtil.jaxbToElement(getSigReq, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigtContent = element.getElement("signature").getElement("content").getText();
        assertNotNull(sigContent);
        int index = sigtContent.indexOf("alert(\"XSS\")");
        Assert.assertTrue(index > -1);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) GetSignaturesRequest(com.zimbra.soap.account.message.GetSignaturesRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Aggregations

SoapProtocol (com.zimbra.common.soap.SoapProtocol)22 Element (com.zimbra.common.soap.Element)18 SoapFaultException (com.zimbra.common.soap.SoapFaultException)11 Account (com.zimbra.cs.account.Account)11 SoapTransport (com.zimbra.common.soap.SoapTransport)9 CreateSignatureRequest (com.zimbra.soap.account.message.CreateSignatureRequest)9 Signature (com.zimbra.soap.account.type.Signature)9 Test (org.junit.Test)9 ServiceException (com.zimbra.common.service.ServiceException)3 AuthToken (com.zimbra.cs.account.AuthToken)3 AdminDocumentHandler (com.zimbra.cs.service.admin.AdminDocumentHandler)3 IOException (java.io.IOException)3 HashMap (java.util.HashMap)3 SoapHttpTransport (com.zimbra.common.soap.SoapHttpTransport)2 AccountServiceException (com.zimbra.cs.account.AccountServiceException)2 AuthFailedServiceException (com.zimbra.cs.account.AccountServiceException.AuthFailedServiceException)2 Provisioning (com.zimbra.cs.account.Provisioning)2 Mailbox (com.zimbra.cs.mailbox.Mailbox)2 GetSignaturesRequest (com.zimbra.soap.account.message.GetSignaturesRequest)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial