use of org.opencastproject.urlsigning.common.Policy in project opencast by opencast.
the class UrlSigningServiceImpl method sign.
@Override
public String sign(final String baseUrl, final DateTime validUntil, final DateTime validFrom, final String ipAddr) throws UrlSigningException {
requireNonNull(baseUrl);
requireNonNull(validUntil);
final Policy policy = Policy.mkPolicyValidFromWithIP(baseUrl, validUntil, validFrom, ipAddr);
for (final UrlSigningProvider provider : signingProviders) {
if (provider.accepts(baseUrl)) {
logger.debug("{} accepted to sign base URL '{}'", provider, baseUrl);
return provider.sign(policy);
}
}
logger.warn("No signing provider accepted to sign URL '{}'", baseUrl);
throw urlNotSupported();
}
use of org.opencastproject.urlsigning.common.Policy in project opencast by opencast.
the class UrlSigningVerifierImplTest method testVerifiesWithSigningProviders.
@Test
public void testVerifiesWithSigningProviders() throws Exception {
String keyId = "theKeyId";
String key = "TheKeyIsThis";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(URL, future);
String queryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, keyId, key);
// Test with no configured keys
UrlSigningVerifierImpl urlSigningVerifierImpl = new UrlSigningVerifierImpl();
ResourceRequest result = urlSigningVerifierImpl.verify(queryString, CLIENT_IP, URL, true);
assertEquals(Status.Forbidden, result.getStatus());
// Test no matching key
urlSigningVerifierImpl = new UrlSigningVerifierImpl();
Properties keys = new Properties();
keys.put(UrlSigningVerifierImpl.ID_PREFIX + ".1", "otherKey");
keys.put(UrlSigningVerifierImpl.KEY_PREFIX + ".1", "ThisIsTheOtherKey");
urlSigningVerifierImpl.updated(keys);
result = urlSigningVerifierImpl.verify(queryString, CLIENT_IP, URL, true);
assertEquals(Status.Forbidden, result.getStatus());
// Test only matching keys
urlSigningVerifierImpl = new UrlSigningVerifierImpl();
keys = new Properties();
keys.put(UrlSigningVerifierImpl.ID_PREFIX + ".1", keyId);
keys.put(UrlSigningVerifierImpl.KEY_PREFIX + ".1", key);
urlSigningVerifierImpl.updated(keys);
result = urlSigningVerifierImpl.verify(queryString, CLIENT_IP, URL, true);
assertEquals(Status.Ok, result.getStatus());
// Test matching and non-matching keys
urlSigningVerifierImpl = new UrlSigningVerifierImpl();
keys = new Properties();
keys.put(UrlSigningVerifierImpl.ID_PREFIX + ".1", "otherKey");
keys.put(UrlSigningVerifierImpl.KEY_PREFIX + ".1", "ThisIsTheOtherKey");
keys.put(UrlSigningVerifierImpl.ID_PREFIX + ".2", keyId);
keys.put(UrlSigningVerifierImpl.KEY_PREFIX + ".2", key);
urlSigningVerifierImpl.updated(keys);
result = urlSigningVerifierImpl.verify(queryString, CLIENT_IP, URL, true);
assertEquals(Status.Ok, result.getStatus());
// Test correct key id and wrong key
urlSigningVerifierImpl = new UrlSigningVerifierImpl();
keys = new Properties();
keys.put(UrlSigningVerifierImpl.ID_PREFIX + ".1", "otherKey");
keys.put(UrlSigningVerifierImpl.KEY_PREFIX + ".1", "ThisIsTheOtherKey");
keys.put(UrlSigningVerifierImpl.ID_PREFIX + ".2", keyId);
keys.put(UrlSigningVerifierImpl.KEY_PREFIX + ".2", "The Wrong Key");
urlSigningVerifierImpl.updated(keys);
result = urlSigningVerifierImpl.verify(queryString, CLIENT_IP, URL, true);
assertEquals(Status.Forbidden, result.getStatus());
}
use of org.opencastproject.urlsigning.common.Policy in project opencast by opencast.
the class UrlSigningFilterTest method testDeniedOnBadRequest.
@Test
public void testDeniedOnBadRequest() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.BadRequest);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.updated(matchAllProperties);
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createMock(FilterChain.class);
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
use of org.opencastproject.urlsigning.common.Policy in project opencast by opencast.
the class UrlSigningFilterTest method testDeniedOnException.
@Test
public void testDeniedOnException() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.Ok);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andThrow(UrlSigningException.internalProviderError());
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.updated(matchAllProperties);
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createStrictMock(FilterChain.class);
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
use of org.opencastproject.urlsigning.common.Policy in project opencast by opencast.
the class UrlSigningFilterTest method testDeniedOnForbidden.
@Test
public void testDeniedOnForbidden() throws Exception {
String encryptionKeyId = "theKey";
String acceptedUrl = "http://accepted.com";
String acceptedKey = "ThisIsTheKey";
String acceptedIp = "10.0.0.1";
DateTime future = new DateTime(4749125399000L);
Policy policy = Policy.mkSimplePolicy(acceptedUrl, future);
String acceptedQueryString = ResourceRequestUtil.policyToResourceRequestQueryString(policy, encryptionKeyId, acceptedKey);
ResourceRequest acceptedRequest = new ResourceRequest();
acceptedRequest.setStatus(Status.Forbidden);
// Setup the Mock Url Signing Service
UrlSigningVerifier urlSigningVerifier = EasyMock.createMock(UrlSigningVerifier.class);
EasyMock.expect(urlSigningVerifier.verify(acceptedQueryString, acceptedIp, acceptedUrl, true)).andReturn(acceptedRequest);
EasyMock.replay(urlSigningVerifier);
UrlSigningFilter filter = new UrlSigningFilter();
filter.updated(matchAllProperties);
filter.setUrlSigningVerifier(urlSigningVerifier);
// Setup the Mock Request
HttpServletRequest request = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(request.getMethod()).andStubReturn("GET");
EasyMock.expect(request.getRequestURL()).andStubReturn(new StringBuffer(acceptedUrl));
EasyMock.expect(request.getQueryString()).andStubReturn(acceptedQueryString);
EasyMock.expect(request.getRemoteAddr()).andStubReturn(acceptedIp);
EasyMock.replay(request);
HttpServletResponse response = EasyMock.createMock(HttpServletResponse.class);
// Setup the mock filter chain.
FilterChain chain = EasyMock.createMock(FilterChain.class);
EasyMock.replay(chain);
filter.doFilter(request, response, chain);
EasyMock.verify(chain);
}
Aggregations