Source Code of org.apache.shindig.gadgets.HashLockedDomainServiceTest

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shindig.gadgets;

import static org.apache.shindig.gadgets.HashLockedDomainService.LOCKED_DOMAIN_REQUIRED_KEY;
import static org.apache.shindig.gadgets.HashLockedDomainService.LOCKED_DOMAIN_SUFFIX_KEY;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.isA;

import java.util.Collection;
import java.util.List;
import java.util.Map;

import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.config.BasicContainerConfig;
import org.apache.shindig.config.ContainerConfig;
import org.apache.shindig.gadgets.features.FeatureRegistry;
import org.apache.shindig.gadgets.spec.GadgetSpec;
import org.apache.shindig.gadgets.uri.HashShaLockedDomainPrefixGenerator;
import org.junit.Before;
import org.junit.Test;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;

public class HashLockedDomainServiceTest extends EasyMockTestCase {

  private HashLockedDomainService lockedDomainService;
  private HashShaLockedDomainPrefixGenerator ldgen = new HashShaLockedDomainPrefixGenerator();
  private Gadget wantsLocked = null;
  private Gadget notLocked = null;
  private Gadget wantsSecurityToken = null;
  private Gadget wantsBoth = null;
  private ContainerConfig requiredConfig;
  private ContainerConfig enabledConfig;

  @SuppressWarnings("unchecked")
  private Gadget makeGadget(boolean wantsLocked, boolean wantsSecurityToken, String url) {

    List<String> gadgetFeatures = Lists.newArrayList();
    String requires = "";
    if (wantsLocked || wantsSecurityToken) {
      gadgetFeatures.add("locked-domain");
      if (wantsLocked) {
        requires += "  <Require feature='locked-domain'/>";
      }
      if (wantsSecurityToken) {
        requires += "  <Require feature='security-token'/>";
        gadgetFeatures.add("security-token");
      }
    }

    String gadgetXml = "<Module><ModulePrefs title=''>" + requires + "</ModulePrefs><Content/></Module>";

    GadgetSpec spec = null;
    try {
      spec = new GadgetSpec(Uri.parse(url), gadgetXml);
    } catch (GadgetException e) {
      return null;
    }

    FeatureRegistry registry = mock(FeatureRegistry.class);
    expect(registry.getFeatures(isA(Collection.class))).andReturn(gadgetFeatures).anyTimes();

    return new Gadget().setSpec(spec).setContext(new GadgetContext()).setGadgetFeatureRegistry(registry);
  }

  @Before
  public void setUp() throws Exception {
    requiredConfig = new BasicContainerConfig();
    requiredConfig.newTransaction().addContainer(
        makeContainer(ContainerConfig.DEFAULT_CONTAINER, LOCKED_DOMAIN_SUFFIX_KEY,
            "-a.example.com:8080", LOCKED_DOMAIN_REQUIRED_KEY, true)).commit();

    enabledConfig = new BasicContainerConfig();
    enabledConfig.newTransaction().addContainer(
        makeContainer(ContainerConfig.DEFAULT_CONTAINER, LOCKED_DOMAIN_SUFFIX_KEY,
            "-a.example.com:8080")).commit();

    wantsLocked = makeGadget(true, false, "http://somehost.com/somegadget.xml");
    notLocked = makeGadget(false, false, "not-locked");
    wantsSecurityToken = makeGadget(false, true, "http://somehost.com/securitytoken.xml");
    wantsBoth =
        makeGadget(true, true, "http://somehost.com/tokenandlocked.xml");
  }

  @Test
  public void testDisabledGlobally() {
    replay();

    lockedDomainService = new HashLockedDomainService(requiredConfig, false, ldgen);
    assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com"));
    assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default"));

    lockedDomainService = new HashLockedDomainService(enabledConfig, false, ldgen);
    assertTrue(lockedDomainService.isSafeForOpenProxy("anywhere.com"));
    assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", notLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsSecurityToken, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("embed.com", wantsBoth, "default"));
  }

  @Test
  public void testEnabledForGadget() throws GadgetException {
    replay();

    lockedDomainService = new HashLockedDomainService(enabledConfig, true, ldgen);
    assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
    assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
    assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));
    assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default"));
    assertFalse(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsSecurityToken, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "h2nlf2a2dqou2lul3n50jb4v7e8t34kc-a.example.com:8080", wantsBoth, "default"));

    String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
    assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);

    target = lockedDomainService.getLockedDomainForGadget(wantsBoth, "default");
    assertEquals("h2nlf2a2dqou2lul3n50jb4v7e8t34kc-a.example.com:8080", target);

    lockedDomainService.setLockSecurityTokens(true);
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "lrrq12l8s5flpqcjoj1h1872lp9p93nk-a.example.com:8080", wantsSecurityToken, "default"));
    target = lockedDomainService.getLockedDomainForGadget(wantsSecurityToken, "default");
    assertEquals("lrrq12l8s5flpqcjoj1h1872lp9p93nk-a.example.com:8080", target);

    // Direct includes work as before.
    target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
    assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);

    target = lockedDomainService.getLockedDomainForGadget(wantsBoth, "default");
    assertEquals("h2nlf2a2dqou2lul3n50jb4v7e8t34kc-a.example.com:8080", target);
  }

  @Test
  public void testNotEnabledForGadget() throws GadgetException {
    replay();

    lockedDomainService = new HashLockedDomainService(enabledConfig, true, ldgen);

    assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
    assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
    assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));

    assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default"));
    assertFalse(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default"));
    assertNull(lockedDomainService.getLockedDomainForGadget(notLocked, "default"));
  }

  @Test
  public void testRequiredForContainer() throws GadgetException {
    replay();

    lockedDomainService = new HashLockedDomainService(requiredConfig, true, ldgen);

    assertFalse(lockedDomainService.isSafeForOpenProxy("images-a.example.com:8080"));
    assertFalse(lockedDomainService.isSafeForOpenProxy("-a.example.com:8080"));
    assertTrue(lockedDomainService.isSafeForOpenProxy("embed.com"));

    assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default"));
    assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default"));

    String target = lockedDomainService.getLockedDomainForGadget(wantsLocked, "default");
    assertEquals("8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", target);
    target = lockedDomainService.getLockedDomainForGadget(notLocked, "default");
    assertEquals("auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", target);

    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "default"));
    assertFalse(lockedDomainService.isGadgetValidForHost(
        "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", wantsLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "auvn86n7q0l4ju2tq5cq8akotcjlda66-a.example.com:8080", notLocked, "default"));
    assertFalse(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", notLocked, "default"));

  }

  @Test
  public void testMissingConfig() throws Exception {
    ContainerConfig containerMissingConfig = new BasicContainerConfig();
    containerMissingConfig.newTransaction().addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER)).commit();

    lockedDomainService = new HashLockedDomainService(containerMissingConfig, true, ldgen);
    assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "default"));
    assertTrue(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "default"));
  }

  @Test
  public void testMultiContainer() throws Exception {
    ContainerConfig inheritsConfig = new BasicContainerConfig();
    inheritsConfig
        .newTransaction()
        .addContainer(
            makeContainer(ContainerConfig.DEFAULT_CONTAINER, LOCKED_DOMAIN_SUFFIX_KEY,
                "-a.example.com:8080", LOCKED_DOMAIN_REQUIRED_KEY, true))
        .addContainer(makeContainer("other"))
        .commit();

    lockedDomainService = new HashLockedDomainService(inheritsConfig, true, ldgen);
    assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", wantsLocked, "other"));
    assertFalse(lockedDomainService.isGadgetValidForHost("www.example.com", notLocked, "other"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
  }

  @Test
  public void testConfigurationChanged() throws Exception {
    ContainerConfig config = new BasicContainerConfig();
    config
        .newTransaction()
        .addContainer(makeContainer(ContainerConfig.DEFAULT_CONTAINER))
        .addContainer(
            makeContainer("container", LOCKED_DOMAIN_REQUIRED_KEY, true, LOCKED_DOMAIN_SUFFIX_KEY,
                "-a.example.com:8080"))
        .commit();

    lockedDomainService = new HashLockedDomainService(config, true, ldgen);
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container"));
    assertFalse(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));

    config.newTransaction().addContainer(makeContainer(
        "other", LOCKED_DOMAIN_REQUIRED_KEY, true, LOCKED_DOMAIN_SUFFIX_KEY, "-a.example.com:8080"))
        .commit();
    lockedDomainService.getConfigObserver().containersChanged(
        config, ImmutableSet.of("other"), ImmutableSet.<String>of());
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));

    config.newTransaction().removeContainer("container").commit();
    assertFalse(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "container"));
    assertTrue(lockedDomainService.isGadgetValidForHost(
        "8uhr00296d2o3sfhqilj387krjmgjv3v-a.example.com:8080", wantsLocked, "other"));
  }

  private Map<String, Object> makeContainer(String name, Object... props) {
    ImmutableMap.Builder<String, Object> builder =
        ImmutableMap.<String, Object>builder().put(ContainerConfig.CONTAINER_KEY, name);
    for (int i = 0; i < props.length; i += 2) {
      builder.put((String) props[i], props[i + 1]);
    }
    return builder.build();
  }
}