tflobbe commented on a change in pull request #575:
URL: https://github.com/apache/solr/pull/575#discussion_r794920612
##########
File path:
solr/core/src/test/org/apache/solr/security/TestPKIAuthenticationPlugin.java
##########
@@ -155,6 +161,70 @@ PublicKey getRemotePublicKey(String ignored) {
mock1.close();
}
+ @SuppressForbidden(reason="PKIAuthentication uses timestamps")
+ public void testParseCipher() {
+ for (String validUser: new String[]{"user1", "$", "some user","some 123"})
{
+ for (long validTimestamp: new long[]{System.currentTimeMillis(),
99999999999L, 9999999999999L}) {
+ String s = validUser + " " + validTimestamp;
+ byte[] payload = s.getBytes(UTF_8);
+ byte[] payloadCipher = aKeyPair.encrypt(ByteBuffer.wrap(payload));
+ String base64Cipher =
Base64.getEncoder().encodeToString(payloadCipher);
+ PKIAuthenticationPlugin.PKIHeaderData header =
PKIAuthenticationPlugin.parseCipher(base64Cipher, aKeyPair.getPublicKey());
+ assertNotNull("Expecting valid header for user " + validUser + " and
timestamp " + validTimestamp, header);
+ assertEquals(validUser, header.userName);
+ assertEquals(validTimestamp, header.timestamp);
+ }
+ }
+ }
+
+ public void testParseCipherInvalidTimestampTooSmall() {
+ long timestamp = 999999999L;
+ String s = "user1 " + timestamp;
+
+ byte[] payload = s.getBytes(UTF_8);
+ byte[] payloadCipher = aKeyPair.encrypt(ByteBuffer.wrap(payload));
+ String base64Cipher = Base64.getEncoder().encodeToString(payloadCipher);
+ assertNull(PKIAuthenticationPlugin.parseCipher(base64Cipher,
aKeyPair.getPublicKey()));
+ }
+
+ public void testParseCipherInvalidTimestampTooBig() {
+ long timestamp = 10000000000000L;
+ String s = "user1 " + timestamp;
+
+ byte[] payload = s.getBytes(UTF_8);
+ byte[] payloadCipher = aKeyPair.encrypt(ByteBuffer.wrap(payload));
+ String base64Cipher = Base64.getEncoder().encodeToString(payloadCipher);
+ assertNull(PKIAuthenticationPlugin.parseCipher(base64Cipher,
aKeyPair.getPublicKey()));
+ }
+
+ @SuppressForbidden(reason="PKIAuthentication uses timestamps")
+ public void testParseCipherInvalidKey() {
+ String s = "user1 " + System.currentTimeMillis();
+ byte[] payload = s.getBytes(UTF_8);
+ byte[] payloadCipher = aKeyPair.encrypt(ByteBuffer.wrap(payload));
+ String base64Cipher = Base64.getEncoder().encodeToString(payloadCipher);
+ assertNull(PKIAuthenticationPlugin.parseCipher(base64Cipher, new
CryptoKeys.RSAKeyPair().getPublicKey()));
Review comment:
I'll add a new test case with an example case of this particular issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
