From e872823490929ba0785d3c65cf285ebdf71c54cd Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Mon, 17 Sep 2007 21:29:40 +0000 Subject: [PATCH] SEC-559: Throw an initialization exception if configured truststore file doesn't exist. --- .../AbstractTicketValidator.java | 13 +++--- .../AbstractTicketValidatorTests.java | 42 +++++++++++-------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java b/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java index 6c22d123f7..03af91d030 100644 --- a/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java +++ b/core/src/main/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidator.java @@ -16,15 +16,16 @@ package org.acegisecurity.providers.cas.ticketvalidator; import org.acegisecurity.providers.cas.TicketValidator; - import org.acegisecurity.ui.cas.ServiceProperties; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.InitializingBean; - import org.springframework.util.Assert; +import org.springframework.util.StringUtils; + +import java.io.File; /** @@ -50,9 +51,11 @@ public abstract class AbstractTicketValidator implements TicketValidator, Initia Assert.hasLength(casValidate, "A casValidate URL must be set"); Assert.notNull(serviceProperties, "serviceProperties must be specified"); - if ((trustStore != null) && (!"".equals(trustStore))) { - if (logger.isDebugEnabled()) { - logger.debug("Setting system property 'javax.net.ssl.trustStore'" + " to value [" + trustStore + "]"); + if (StringUtils.hasLength(trustStore)) { + logger.info("Setting system property 'javax.net.ssl.trustStore' to value [" + trustStore + "]"); + + if (! (new File(trustStore)).exists()) { + throw new IllegalArgumentException("Parameter 'trustStore' file does not exist at " + trustStore); } System.setProperty("javax.net.ssl.trustStore", trustStore); diff --git a/core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java b/core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java index 08a88a1183..54edc1f5a1 100644 --- a/core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java +++ b/core/src/test/java/org/acegisecurity/providers/cas/ticketvalidator/AbstractTicketValidatorTests.java @@ -23,6 +23,8 @@ import org.acegisecurity.BadCredentialsException; import org.acegisecurity.providers.cas.TicketResponse; import org.acegisecurity.ui.cas.ServiceProperties; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ClassPathResource; import java.util.Vector; @@ -37,7 +39,6 @@ public class AbstractTicketValidatorTests extends TestCase { //~ Constructors =================================================================================================== public AbstractTicketValidatorTests() { - super(); } public AbstractTicketValidatorTests(String arg0) { @@ -46,14 +47,6 @@ public class AbstractTicketValidatorTests extends TestCase { //~ Methods ======================================================================================================== - public static void main(String[] args) { - junit.textui.TestRunner.run(AbstractTicketValidatorTests.class); - } - - public final void setUp() throws Exception { - super.setUp(); - } - public void testDetectsMissingCasValidate() throws Exception { AbstractTicketValidator tv = new MockAbstractTicketValidator(); tv.setServiceProperties(new ServiceProperties()); @@ -92,21 +85,21 @@ public class AbstractTicketValidatorTests extends TestCase { assertEquals("/some/file/cacerts", tv.getTrustStore()); } - public void testSystemPropertySetDuringAfterPropertiesSet() - throws Exception { + public void testTrustStoreSystemPropertySetDuringAfterPropertiesSet() throws Exception { AbstractTicketValidator tv = new MockAbstractTicketValidator(); tv.setCasValidate("https://company.com/cas/proxyvalidate"); - assertEquals("https://company.com/cas/proxyvalidate", tv.getCasValidate()); - tv.setServiceProperties(new ServiceProperties()); - assertTrue(tv.getServiceProperties() != null); - tv.setTrustStore("/some/file/cacerts"); - assertEquals("/some/file/cacerts", tv.getTrustStore()); + // We need an existing file to use as the truststore property + Resource r = new ClassPathResource("log4j.properties"); + String filename = r.getFile().getAbsolutePath(); + + tv.setTrustStore(filename); + assertEquals(filename, tv.getTrustStore()); String before = System.getProperty("javax.net.ssl.trustStore"); tv.afterPropertiesSet(); - assertEquals("/some/file/cacerts", System.getProperty("javax.net.ssl.trustStore")); + assertEquals(filename, System.getProperty("javax.net.ssl.trustStore")); if (before == null) { System.setProperty("javax.net.ssl.trustStore", ""); @@ -115,6 +108,20 @@ public class AbstractTicketValidatorTests extends TestCase { } } + public void testMissingTrustStoreFileCausesException() throws Exception { + AbstractTicketValidator tv = new MockAbstractTicketValidator(); + tv.setServiceProperties(new ServiceProperties()); + tv.setCasValidate("https://company.com/cas/proxyvalidate"); + tv.setTrustStore("/non/existent/file"); + + try { + tv.afterPropertiesSet(); + + fail("Expected exception with non-existent truststore"); + } catch (IllegalArgumentException expected) { + } + } + //~ Inner Classes ================================================================================================== private class MockAbstractTicketValidator extends AbstractTicketValidator { @@ -125,7 +132,6 @@ public class AbstractTicketValidatorTests extends TestCase { } private MockAbstractTicketValidator() { - super(); } public TicketResponse confirmTicketValid(String serviceTicket)