1 19 20 package com.sslexplorer.security; 21 22 import static org.junit.Assert.assertFalse; 23 import static org.junit.Assert.assertTrue; 24 25 import org.junit.After; 26 import org.junit.Before; 27 import org.junit.BeforeClass; 28 import org.junit.Test; 29 30 import com.sslexplorer.testcontainer.AbstractTest; 31 32 34 public class IpRestrictionsTest extends AbstractTest { 35 36 39 @BeforeClass 40 public static void oneTimeSetUp() throws Exception { 41 setUp(""); 42 } 43 44 47 @Before 48 @After 49 public void intialize() throws Exception { 50 for (IpRestriction ipRestriction : getIpRestrictions()) { 51 deleteIpRestriction(ipRestriction); 52 } 53 } 54 55 58 @Test 59 public void localLoopback() throws Exception { 60 addIpRestriction("*.*.*.*", true); 61 assertTrue(isValid("localhost")); 62 } 63 64 67 @Test 68 public void localHost() throws Exception { 69 addIpRestriction("*.*.*.*", true); 70 assertTrue(isValid("127.0.0.1")); 71 } 72 73 76 @Test 77 public void noIpRestrictions() throws Exception { 78 addIpRestriction("*.*.*.*", true); 79 assertTrue(isValid("192.168.1.16")); 80 } 81 82 85 @Test 86 public void deniedAddress() throws Exception { 87 addIpRestriction("*.*.*.*", true); 88 addIpRestriction("192.168.1.16", false); 89 assertFalse(isValid("192.168.1.16")); 90 assertTrue(isValid("192.168.1.17")); 91 } 92 93 96 @Test 97 public void deniedAndAllowedAddress() throws Exception { 98 addIpRestriction("*.*.*.*", true); 99 addIpRestriction("192.168.1.16", false); 100 assertFalse(isValid("192.168.1.16")); 101 addIpRestriction("192.168.1.16", true); 102 assertTrue(isValid("192.168.1.16")); 103 } 104 105 108 @Test 109 public void allowedAddress() throws Exception { 110 addIpRestriction("*.*.*.*", true); 111 addIpRestriction("192.168.1.17", false); 112 assertTrue("Allowed", isValid("192.168.1.16")); 113 assertFalse("Denied", isValid("192.168.1.17")); 114 } 115 116 119 @Test 120 public void allowedThenDeniedThenAllowedAddress() throws Exception { 121 addIpRestriction("*.*.*.*", true); 122 addIpRestriction("192.168.1.*", false); 123 addIpRestriction("192.168.1.14", true); 124 assertTrue("Allowed", isValid("192.168.1.14")); 125 assertFalse("Denied", isValid("192.168.1.17")); 126 } 127 128 131 @Test 132 public void noAllowedWithDeniedAddress() throws Exception { 133 addIpRestriction("*.*.*.*", true); 134 addIpRestriction("192.168.1.16", false); 135 assertFalse(isValid("192.168.1.16")); 136 assertTrue(isValid("192.168.1.17")); 137 } 138 139 142 @Test 143 public void exactMatch() throws Exception { 144 addIpRestriction("*.*.*.*", true); 145 addIpRestriction("192.168.1.16", false); 146 assertFalse(isValid("192.168.1.16")); 147 assertTrue(isValid("192.168.1.17")); 148 } 149 150 153 @Test 154 public void wildcardMatch() throws Exception { 155 addIpRestriction("*.*.*.*", true); 156 addIpRestriction("192.168.1.*", false); 157 assertFalse(isValid("192.168.1.16")); 158 assertFalse(isValid("192.168.1.17")); 159 assertTrue(isValid("192.168.10.16")); 160 } 161 162 165 @Test 166 public void wildcardInMiddleMatch() throws Exception { 167 addIpRestriction("*.*.*.*", true); 168 addIpRestriction("192.168.*.16", false); 169 assertFalse(isValid("192.168.1.16")); 170 assertFalse(isValid("192.168.10.16")); 171 assertTrue(isValid("192.168.1.17")); 172 } 173 174 177 @Test 178 public void wildcardAtStartMatch() throws Exception { 179 addIpRestriction("*.*.*.*", true); 180 addIpRestriction("*.168.1.16", false); 181 assertFalse(isValid("192.168.1.16")); 182 assertFalse(isValid("193.168.1.16")); 183 assertTrue(isValid("192.168.1.17")); 184 } 185 186 189 @Test 190 public void cidrEightMatch() throws Exception { 191 addIpRestriction("*.*.*.*", true); 192 addIpRestriction("192.168.1.0/8", false); 193 assertFalse(isValid("192.168.1.16")); 194 assertFalse(isValid("192.168.1.17")); 195 assertTrue(isValid("193.168.1.16")); 196 } 197 198 201 @Test 202 public void cidrSixteenMatch() throws Exception { 203 addIpRestriction("*.*.*.*", true); 204 addIpRestriction("192.168.1.0/16", false); 205 assertFalse(isValid("192.168.1.16")); 206 assertFalse(isValid("192.168.1.17")); 207 assertTrue(isValid("192.169.1.16")); 208 } 209 210 213 @Test 214 public void cidrTwentyFourMatch() throws Exception { 215 addIpRestriction("*.*.*.*", true); 216 addIpRestriction("192.168.1.0/24", false); 217 assertFalse(isValid("192.168.1.16")); 218 assertFalse(isValid("192.168.1.17")); 219 assertTrue(isValid("192.168.10.16")); 220 } 221 222 225 @Test 226 public void cidrThirtyTwoMatch() throws Exception { 227 addIpRestriction("*.*.*.*", true); 228 addIpRestriction("192.168.0.8/30", false); 229 assertFalse(isValid("192.168.0.9")); 230 assertFalse(isValid("192.168.0.10")); 231 assertFalse(isValid("192.168.0.11")); 232 assertTrue(isValid("192.168.0.12")); 233 assertTrue(isValid("192.168.0.13")); 234 assertTrue(isValid("192.168.0.14")); 235 assertTrue(isValid("192.168.0.15")); 236 assertTrue(isValid("192.168.0.16")); 237 } 238 239 241 @Test 242 public void z() { 243 } 244 245 private static boolean isValid(String ipAddress) throws Exception { 246 return getSystemDatabase().verifyIPAddress(ipAddress); 247 } 248 249 private static IpRestriction[] getIpRestrictions() throws Exception { 250 return getSystemDatabase().getIpRestrictions(); 251 } 252 253 private static void addIpRestriction(String ipAddress, boolean isGrant) throws Exception { 254 getSystemDatabase().addIpRestriction(ipAddress, IpRestriction.getType(ipAddress, isGrant)); 255 } 256 257 private static void deleteIpRestriction(IpRestriction ipRestriction) throws Exception { 258 getSystemDatabase().removeIpRestriction(ipRestriction.getID()); 259 } 260 261 private static SystemDatabase getSystemDatabase() { 262 return SystemDatabaseFactory.getInstance(); 263 } 264 } 265 | Popular Tags |