public String getLockedDomainForGadget(Gadget gadget, String container) { container = normalizeContainer(container); if (enabled) { if (gadgetWantsLockedDomain(gadget) || containerRequiresLockedDomain(container)) { return getLockedDomain(gadget, container); } } return null; }
public boolean isSafeForOpenProxy(String host) { if (enabled) { return !hostRequiresLockedDomain(host); } return true; }
@Override public String getLockedDomainForGadget(Gadget gadget, String container) throws GadgetException { container = getContainer(container); if (isEnabled() && !isExcludedFromLockedDomain(gadget, container)) { if (isGadgetReqestingLocking(gadget) || isDomainLockingEnforced(container)) { return getLockedDomain(gadget, container); } } return null; }
@Override public boolean isGadgetValidForHost(String host, Gadget gadget, String container) { container = getContainer(container); if (isEnabled()) { if (isGadgetReqestingLocking(gadget) || isHostUsingLockedDomain(host) || isDomainLockingEnforced(container)) { if (isRefererCheckEnabled() && !isValidReferer(gadget, container)) { return false; } String neededHost; try { neededHost = getLockedDomain(gadget, container); } catch (GadgetException e) { if (LOG.isLoggable(Level.WARNING)) { LOG.log(Level.WARNING, "Invalid host for call.", e); } return false; } return host.equalsIgnoreCase(neededHost); } } return true; }
@Test public void testNotEnabledForGadget() throws GadgetException { replay(); lockedDomainService = new HashLockedDomainService(enabledConfig, true, ldgen); assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080")); assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default")); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default")); assertNull(lockedDomainService.getLockedDomainForGadget(notLocked, "default")); }
@Test public void testNotEnabledForGadget() { replay(); lockedDomainService = new HashLockedDomainService(enabledConfig, true); assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080")); assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default")); assertFalse(lockedDomainService.gadgetCanRender( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default")); assertNull(lockedDomainService.getLockedDomainForGadget(notLocked, "default")); }
@Test public void testDisabledGlobally() { replay(); lockedDomainService = new HashLockedDomainService(requiredConfig, false, ldgen); assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default")); lockedDomainService = new HashLockedDomainService(enabledConfig, false, ldgen); assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default")); }
@Test public void testMissingConfig() throws Exception { ContainerConfig containerMissingConfig = new BasicContainerConfig(); containerMissingConfig.newTransaction().addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER)).commit(); lockedDomainService = new HashLockedDomainService(containerMissingConfig, true, ldgen); assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default")); }
@Test public void testConfigurationChanged() throws Exception { ContainerConfig config = new BasicContainerConfig(); config .newTransaction() .addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER)) .addContainer( makeContainer("container", LOCKED_DOMAIN_REQUIRED_KEY, true, LOCKED_DOMAIN_SUFFIX_KEY, "-a.example.com:8080")) .commit(); lockedDomainService = new HashLockedDomainService(config, true, ldgen); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container")); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); config.newTransaction().addContainer(makeContainer( "other", LOCKED_DOMAIN_REQUIRED_KEY, true, LOCKED_DOMAIN_SUFFIX_KEY, "-a.example.com:8080")) .commit(); lockedDomainService.getConfigObserver().containersChanged( config, ImmutableSet.of("other"), ImmutableSet.<String>of()); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container")); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); config.newTransaction().removeContainer("container").commit(); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container")); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); }
.build()) .commit(); LockedDomainService ldService = new HashLockedDomainService(config, enabled, prefixGen); return new TestDefaultIframeUriManager(config, ldService);
@Test public void testDisabledGlobally() { replay(); lockedDomainService = new HashLockedDomainService(requiredConfig, false); assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", notLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsSecurityToken, "default")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsBoth, "default")); lockedDomainService = new HashLockedDomainService(enabledConfig, false); assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", notLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsSecurityToken, "default")); assertTrue(lockedDomainService.gadgetCanRender("embed.com", wantsBoth, "default")); }
@Test public void testMissingConfig() throws Exception { ContainerConfig containerMissingConfig = mock(ContainerConfig.class); expect(containerMissingConfig.getContainers()) .andReturn(Arrays.asList(ContainerConfig.DEFAULT_CONTAINER)); replay(); lockedDomainService = new HashLockedDomainService(containerMissingConfig, true); assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default")); }
@Test public void testNotEnabledForGadget() throws GadgetException { replay(); lockedDomainService = new HashLockedDomainService(enabledConfig, true, ldgen); assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080")); assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default")); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default")); assertNull(lockedDomainService.getLockedDomainForGadget(notLocked, "default")); }
@Test public void testRequiredForContainer() { replay(); lockedDomainService = new HashLockedDomainService(requiredConfig, true); assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080")); assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "default")); assertFalse(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "default")); String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default"); assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target); target = lockedDomainService.getLockedDomainForGadget(notLocked, "default"); assertEquals("auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", target); assertTrue(lockedDomainService.gadgetCanRender( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default")); assertFalse(lockedDomainService.gadgetCanRender( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", wantsLocked, "default")); assertTrue(lockedDomainService.gadgetCanRender( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default")); assertFalse(lockedDomainService.gadgetCanRender( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default")); }
@Test public void testDisabledGlobally() { replay(); lockedDomainService = new HashLockedDomainService(requiredConfig, false, ldgen); assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default")); lockedDomainService = new HashLockedDomainService(enabledConfig, false, ldgen); assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default")); }
@Test public void testMissingConfig() throws Exception { ContainerConfig containerMissingConfig = new BasicContainerConfig(); containerMissingConfig.newTransaction().addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER)).commit(); lockedDomainService = new HashLockedDomainService(containerMissingConfig, true, ldgen); assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default")); }
@Test public void testConfigurationChanged() throws Exception { ContainerConfig config = new BasicContainerConfig(); config .newTransaction() .addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER)) .addContainer( makeContainer("container", LOCKED_DOMAIN_REQUIRED_KEY, true, LOCKED_DOMAIN_SUFFIX_KEY, "-a.example.com:8080")) .commit(); lockedDomainService = new HashLockedDomainService(config, true, ldgen); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container")); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); config.newTransaction().addContainer(makeContainer( "other", LOCKED_DOMAIN_REQUIRED_KEY, true, LOCKED_DOMAIN_SUFFIX_KEY, "-a.example.com:8080")) .commit(); lockedDomainService.getConfigObserver().containersChanged( config, ImmutableSet.of("other"), ImmutableSet.<String>of()); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container")); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); config.newTransaction().removeContainer("container").commit(); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container")); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); }
.build()) .commit(); LockedDomainService ldService = new HashLockedDomainService(config, enabled, prefixGen); return new TestDefaultIframeUriManager(config, ldService);
@Test public void testMultiContainer() throws Exception { ContainerConfig inheritsConfig = mock(ContainerConfig.class); expect(inheritsConfig.getContainers()) .andReturn(Arrays.asList(ContainerConfig.DEFAULT_CONTAINER, "other")); expect(inheritsConfig.getBool(isA(String.class), eq(LOCKED_DOMAIN_REQUIRED_KEY))) .andReturn(true).anyTimes(); expect(inheritsConfig.getString(isA(String.class), eq(LOCKED_DOMAIN_SUFFIX_KEY))) .andReturn("-a.example.com:8080").anyTimes(); replay(); lockedDomainService = new HashLockedDomainService(inheritsConfig, true); assertFalse(lockedDomainService.gadgetCanRender("www.example.com", wantsLocked, "other")); assertFalse(lockedDomainService.gadgetCanRender("www.example.com", notLocked, "other")); assertTrue(lockedDomainService.gadgetCanRender( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other")); } }
@Test public void testRequiredForContainer() throws GadgetException { replay(); lockedDomainService = new HashLockedDomainService(requiredConfig, true, ldgen); assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080")); assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080")); assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com")); assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default")); assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default")); String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default"); assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target); target = lockedDomainService.getLockedDomainForGadget(notLocked, "default"); assertEquals("auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", target); assertTrue(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default")); assertFalse(lockedDomainService.isGadgetValidForHost( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", wantsLocked, "default")); assertTrue(lockedDomainService.isGadgetValidForHost( "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default")); assertFalse(lockedDomainService.isGadgetValidForHost( "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default")); }