Search in sources :

Example 6 with Signature

use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledNoCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledNoCsrfToken() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
    } catch (SoapFaultException e) {
        assertNotNull(e);
        Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 7 with Signature

use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledAndCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledAndCsrfToken() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
    String sigContent = "xss<script>alert(\"XSS\")</script><a href=javascript:alert(\"XSS\")><";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 8 with Signature

use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.

the class TestCsrfRequest method getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken.

@Test
public void getCreateSigWithAuthAndCsrfEnabledAndInvalidCsrfToken() throws Exception {
    Map<String, Object> attrs = new HashMap<String, Object>();
    attrs.put(Provisioning.A_zimbraCsrfTokenCheckEnabled, "TRUE");
    prov.modifyAttrs(prov.getConfig(), attrs, true);
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.TRUE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.TRUE);
    String temp = transport.getCsrfToken().substring(7);
    transport.setCsrfToken(temp);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/html");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNull(sigt);
    } catch (SoapFaultException e) {
        assertNotNull(e);
        Assert.assertEquals(true, e.getCode().contains("AUTH_REQUIRED"));
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) HashMap(java.util.HashMap) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Example 9 with Signature

use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.

the class TestAccess method CreateSignature.

@Test
public void CreateSignature() throws Exception {
    String signatureName = genSignatureName(seq);
    Signature sig = new Signature((String) null, signatureName, (String) null, (String) null);
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    /*
        XMLElement req = new XMLElement(AccountConstants.CREATE_SIGNATURE_REQUEST);
        Element signature = req.addElement(AccountConstants.E_SIGNATURE);
        signature.addAttribute(AccountConstants.A_NAME, signatureName);
        */
    accessTest(Perm.PERM_SELF_ONLY, req);
}
Also used : CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) Signature(com.zimbra.soap.account.type.Signature) Test(org.junit.Test)

Example 10 with Signature

use of com.zimbra.soap.account.type.Signature in project zm-mailbox by Zimbra.

the class TestGetSignature method getSignaturePlainSig.

@Test
public void getSignaturePlainSig() throws Exception {
    Account acct = provUtil.createAccount(genAcctNameLocalPart(), domain);
    boolean csrfEnabled = Boolean.FALSE;
    SoapTransport transport = authUser(acct.getName(), csrfEnabled, Boolean.FALSE);
    String sigContent = "xss&lt;script&gt;alert(\"XSS\")&lt;/script&gt;&lt;a href=javascript:alert(\"XSS\")&gt;&lt;";
    Signature sig = new Signature(null, "testSig", sigContent, "text/plain");
    CreateSignatureRequest req = new CreateSignatureRequest(sig);
    SoapProtocol proto = SoapProtocol.Soap12;
    Element sigReq = JaxbUtil.jaxbToElement(req, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigt = element.getElement("signature").getAttribute("id");
        assertNotNull(sigt);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
    GetSignaturesRequest getSigReq = new GetSignaturesRequest();
    sigReq = JaxbUtil.jaxbToElement(getSigReq, proto.getFactory());
    try {
        Element element = transport.invoke(sigReq, false, false, null);
        String sigtContent = element.getElement("signature").getElement("content").getText();
        assertNotNull(sigContent);
        int index = sigtContent.indexOf("alert(\"XSS\")");
        Assert.assertTrue(index > -1);
    } catch (SoapFaultException e) {
        e.printStackTrace();
        assertNull(e);
    }
}
Also used : Account(com.zimbra.cs.account.Account) CreateSignatureRequest(com.zimbra.soap.account.message.CreateSignatureRequest) GetSignaturesRequest(com.zimbra.soap.account.message.GetSignaturesRequest) Signature(com.zimbra.soap.account.type.Signature) Element(com.zimbra.common.soap.Element) SoapProtocol(com.zimbra.common.soap.SoapProtocol) SoapTransport(com.zimbra.common.soap.SoapTransport) SoapFaultException(com.zimbra.common.soap.SoapFaultException) Test(org.junit.Test)

Aggregations

CreateSignatureRequest (com.zimbra.soap.account.message.CreateSignatureRequest)10 Signature (com.zimbra.soap.account.type.Signature)10 Test (org.junit.Test)10 Element (com.zimbra.common.soap.Element)9 SoapFaultException (com.zimbra.common.soap.SoapFaultException)9 SoapProtocol (com.zimbra.common.soap.SoapProtocol)9 SoapTransport (com.zimbra.common.soap.SoapTransport)9 Account (com.zimbra.cs.account.Account)9 GetSignaturesRequest (com.zimbra.soap.account.message.GetSignaturesRequest)2 HashMap (java.util.HashMap)2