Examples with CreateSignatureRequest com.zimbra.soap.account.message.CreateSignatureRequest used on opensource projects

Search in sources :

Example 6 with CreateSignatureRequest

use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfDisabled.

@Test
public void getCreateSigWithAuthAndCsrfDisabled() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.FALSE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 7 with CreateSignatureRequest

use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledNoCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledNoCsrfToken() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
    } catch (SoapFaultException e) {
        assertNotNull(e);
        Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 8 with CreateSignatureRequest

use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken() throws Exception {
    Map<String, Object> attrs = new HashMap<String, Object>();
    attrs.put(Provisioning.A_zimbraCsrfTokenCheckEnabled, "TRUE");
    prov.modifyAttrs(prov.getConfig(), attrs, true);
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
    String temp = transport.getCsrfToken().substring(7);
    transport.setCsrfToken(temp);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNull(sigt);
    } catch (SoapFaultException e) {
        assertNotNull(e);
        Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) HashMap(java.util.HashMap) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 9 with CreateSignatureRequest

use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledAndCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledAndCsrfToken() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 10 with CreateSignatureRequest

use of com.zimbra.soap.account.message.CreateSignatureRequest in project zm-mailbox by Zimbra.

the class TestGetSignature method getSignaturePlainSig.

@Test
public void getSignaturePlainSig() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.FALSE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/plain");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
    GetSignaturesRequest getSigReq = new GetSignaturesRequest();
    sigReq = JaxbUtil.jaxbToElement(getSigReq, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigtContent = element.getElement("signature").getElement("content").getText();
        assertNotNull(sigContent);
        int index = sigtContent.indexOf("alert(\"XSS\")");
        Assert.assertTrue(index > -1);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) GetSignaturesRequest(com.zimbra.soap.account.message.GetSignaturesRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Aggregations

CreateSignatureRequest (com.zimbra.soap.account.message.CreateSignatureRequest)10 Signature (com.zimbra.soap.account.type.Signature)10 Test (org.junit.Test)10 Element (com.zimbra.common.soap.Element)9 SoapFaultException (com.zimbra.common.soap.SoapFaultException)9 SoapProtocol (com.zimbra.common.soap.SoapProtocol)9 SoapTransport (com.zimbra.common.soap.SoapTransport)9 Account (com.zimbra.cs.account.Account)9 GetSignaturesRequest (com.zimbra.soap.account.message.GetSignaturesRequest)2 HashMap (java.util.HashMap)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial