SEC-559: Throw an initialization exception if configured truststore file doesn't exist.

2007-09-17 21:29:40 +00:00 · 2007-09-17 21:29:40 +00:00 · e872823490
parent 96eb11aadc
commit e872823490
2 changed files with 32 additions and 23 deletions
--- a/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java
+++ b/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java
@ -16,15 +16,16 @@
 package org.acegisecurity.providers.cas.ticketvalidator;

 import org.acegisecurity.providers.cas.TicketValidator;
-
 import org.acegisecurity.ui.cas.ServiceProperties;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

 import org.springframework.beans.factory.InitializingBean;
-
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
+import java.io.File;


 /**
@ -50,9 +51,11 @@ public abstract class AbstractTicketValidator implements TicketValidator, Initia
        Assert.hasLength(casValidate, "A casValidate URL must be set");
        Assert.notNull(serviceProperties, "serviceProperties must be specified");

-        if ((trustStore != null) && (!"".equals(trustStore))) {
-            if (logger.isDebugEnabled()) {
-                logger.debug("Setting system property 'javax.net.ssl.trustStore'" + " to value [" + trustStore + "]");
+        if (StringUtils.hasLength(trustStore)) {
+            logger.info("Setting system property 'javax.net.ssl.trustStore' to value [" + trustStore + "]");
+
+            if (! (new File(trustStore)).exists()) {
+                throw new IllegalArgumentException("Parameter 'trustStore' file does not exist at " + trustStore);
            }

            System.setProperty("javax.net.ssl.trustStore", trustStore);
--- a/core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java
@ -23,6 +23,8 @@ import org.acegisecurity.BadCredentialsException;
 import org.acegisecurity.providers.cas.TicketResponse;

 import org.acegisecurity.ui.cas.ServiceProperties;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ClassPathResource;

 import java.util.Vector;

@ -37,7 +39,6 @@ public class AbstractTicketValidatorTests extends TestCase {
    //~ Constructors ===================================================================================================

    public AbstractTicketValidatorTests() {
-        super();
    }

    public AbstractTicketValidatorTests(String arg0) {
@ -46,14 +47,6 @@ public class AbstractTicketValidatorTests extends TestCase {

    //~ Methods ========================================================================================================

-    public static void main(String[] args) {
-        junit.textui.TestRunner.run(AbstractTicketValidatorTests.class);
-    }
-
-    public final void setUp() throws Exception {
-        super.setUp();
-    }
-
    public void testDetectsMissingCasValidate() throws Exception {
        AbstractTicketValidator tv = new MockAbstractTicketValidator();
        tv.setServiceProperties(new ServiceProperties());
@ -92,21 +85,21 @@ public class AbstractTicketValidatorTests extends TestCase {
        assertEquals("/some/file/cacerts", tv.getTrustStore());
    }

-    public void testSystemPropertySetDuringAfterPropertiesSet()
-        throws Exception {
+    public void testTrustStoreSystemPropertySetDuringAfterPropertiesSet() throws Exception {
        AbstractTicketValidator tv = new MockAbstractTicketValidator();
        tv.setCasValidate("https://company.com/cas/proxyvalidate");
-        assertEquals("https://company.com/cas/proxyvalidate", tv.getCasValidate());
-
        tv.setServiceProperties(new ServiceProperties());
-        assertTrue(tv.getServiceProperties() != null);

-        tv.setTrustStore("/some/file/cacerts");
-        assertEquals("/some/file/cacerts", tv.getTrustStore());
+        // We need an existing file to use as the truststore property
+        Resource r = new ClassPathResource("log4j.properties");
+        String filename = r.getFile().getAbsolutePath();
+
+        tv.setTrustStore(filename);
+        assertEquals(filename, tv.getTrustStore());

        String before = System.getProperty("javax.net.ssl.trustStore");
        tv.afterPropertiesSet();
-        assertEquals("/some/file/cacerts", System.getProperty("javax.net.ssl.trustStore"));
+        assertEquals(filename, System.getProperty("javax.net.ssl.trustStore"));

        if (before == null) {
            System.setProperty("javax.net.ssl.trustStore", "");
@ -115,6 +108,20 @@ public class AbstractTicketValidatorTests extends TestCase {
        }
    }

+    public void testMissingTrustStoreFileCausesException() throws Exception {
+        AbstractTicketValidator tv = new MockAbstractTicketValidator();
+        tv.setServiceProperties(new ServiceProperties());
+        tv.setCasValidate("https://company.com/cas/proxyvalidate");
+        tv.setTrustStore("/non/existent/file");
+
+        try {
+            tv.afterPropertiesSet();
+
+            fail("Expected exception with non-existent truststore");
+        } catch (IllegalArgumentException expected) {
+        }
+    }
+
    //~ Inner Classes ==================================================================================================

    private class MockAbstractTicketValidator extends AbstractTicketValidator {
@ -125,7 +132,6 @@ public class AbstractTicketValidatorTests extends TestCase {
        }

        private MockAbstractTicketValidator() {
-            super();
        }

        public TicketResponse confirmTicketValid(String serviceTicket)