Line 0
Link Here
|
|
|
1 |
/* |
2 |
* Licensed to the Apache Software Foundation (ASF) under one or more |
3 |
* contributor license agreements. See the NOTICE file distributed with |
4 |
* this work for additional information regarding copyright ownership. |
5 |
* The ASF licenses this file to You under the Apache License, Version 2.0 |
6 |
* (the "License"); you may not use this file except in compliance with |
7 |
* the License. You may obtain a copy of the License at |
8 |
* |
9 |
* http://www.apache.org/licenses/LICENSE-2.0 |
10 |
* |
11 |
* Unless required by applicable law or agreed to in writing, software |
12 |
* distributed under the License is distributed on an "AS IS" BASIS, |
13 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
14 |
* See the License for the specific language governing permissions and |
15 |
* limitations under the License. |
16 |
*/ |
17 |
package org.apache.catalina.filters; |
18 |
|
19 |
import java.io.IOException; |
20 |
import java.util.HashMap; |
21 |
import java.util.List; |
22 |
import java.util.Map; |
23 |
|
24 |
import javax.servlet.ServletException; |
25 |
import javax.servlet.http.HttpServlet; |
26 |
import javax.servlet.http.HttpServletRequest; |
27 |
import javax.servlet.http.HttpServletResponse; |
28 |
|
29 |
import org.junit.Assert; |
30 |
import org.junit.Test; |
31 |
|
32 |
import org.apache.catalina.Context; |
33 |
import org.apache.catalina.deploy.FilterDef; |
34 |
import org.apache.catalina.deploy.FilterMap; |
35 |
import org.apache.catalina.startup.Tomcat; |
36 |
import org.apache.catalina.startup.TomcatBaseTest; |
37 |
import org.apache.tomcat.util.buf.ByteChunk; |
38 |
|
39 |
public class TestHstsFilter extends TomcatBaseTest { |
40 |
|
41 |
@Test |
42 |
public void testIncludeDomainsTrue() throws Exception { |
43 |
doTest("0", "true", true, true, "max-age=0 ; includeSubDomains"); |
44 |
} |
45 |
|
46 |
@Test |
47 |
public void testIncludeDomainsFalse() throws Exception { |
48 |
doTest("0", "false", true, true, "max-age=0"); |
49 |
} |
50 |
|
51 |
@Test |
52 |
public void testNonZeroMaxAge() throws Exception { |
53 |
doTest("31536000", "true", true, true, |
54 |
"max-age=31536000 ; includeSubDomains"); |
55 |
} |
56 |
|
57 |
@Test |
58 |
public void testNoParameters() throws Exception { |
59 |
doTest(null, null, true, true, "max-age=0"); |
60 |
} |
61 |
|
62 |
@Test |
63 |
public void testNoMaxAgeParameter() throws Exception { |
64 |
doTest(null, "true", true, true, "max-age=0 ; includeSubDomains"); |
65 |
} |
66 |
|
67 |
@Test |
68 |
public void testNoIncludeSubDomainsParameter() throws Exception { |
69 |
doTest("0", null, true, true, "max-age=0"); |
70 |
} |
71 |
|
72 |
@Test |
73 |
public void testNonSecure() throws Exception { |
74 |
doTest("0", "false", false, false, null); |
75 |
} |
76 |
|
77 |
public void doTest(String maxAge, String includeSubDomains, boolean secure, |
78 |
boolean expectHeader, String expectedDirectives) throws Exception { |
79 |
Tomcat tomcat = getTomcatInstance(); |
80 |
tomcat.getConnector().setSecure(secure); |
81 |
|
82 |
Context ctx = tomcat.addContext("", |
83 |
System.getProperty("java.io.tmpdir")); |
84 |
|
85 |
HttpServlet servlet = new HttpServlet() { |
86 |
private static final long serialVersionUID = 1L; |
87 |
|
88 |
@Override |
89 |
protected void service(HttpServletRequest request, |
90 |
HttpServletResponse response) throws ServletException, |
91 |
IOException { |
92 |
response.setContentType("text/plain"); |
93 |
} |
94 |
}; |
95 |
Tomcat.addServlet(ctx, "servlet", servlet); |
96 |
ctx.addServletMapping("/", "servlet"); |
97 |
|
98 |
FilterDef filterDef = new FilterDef(); |
99 |
filterDef.setFilterClass(HstsFilter.class.getName()); |
100 |
filterDef.setFilterName("filter"); |
101 |
if (maxAge != null) { |
102 |
filterDef.addInitParameter("maxAgeSeconds", maxAge); |
103 |
} |
104 |
if (includeSubDomains != null) { |
105 |
filterDef.addInitParameter("includeSubDomains", includeSubDomains); |
106 |
} |
107 |
ctx.addFilterDef(filterDef); |
108 |
FilterMap filterMap = new FilterMap(); |
109 |
filterMap.setFilterName("filter"); |
110 |
filterMap.addServletName("servlet"); |
111 |
ctx.addFilterMap(filterMap); |
112 |
|
113 |
tomcat.start(); |
114 |
|
115 |
Map<String, List<String>> headers = new HashMap<>(); |
116 |
getUrl("http://localhost:" + getPort() + "/", new ByteChunk(), headers); |
117 |
|
118 |
List<String> stsHeaders = headers.get("Strict-Transport-Security"); |
119 |
if (expectHeader) { |
120 |
Assert.assertNotNull("No Strict-Transport-Security header added", |
121 |
stsHeaders); |
122 |
Assert.assertEquals( |
123 |
"Multiple Strict-Transport-Security headers added", 1, |
124 |
stsHeaders.size()); |
125 |
String directives = stsHeaders.get(0); |
126 |
Assert.assertEquals( |
127 |
"Incorrect Strict-Transport-Security directives", |
128 |
expectedDirectives, directives); |
129 |
} else { |
130 |
Assert.assertNull( |
131 |
"Strict-Transport-Security header added when it shouldn't have been", |
132 |
stsHeaders); |
133 |
} |
134 |
} |
135 |
|
136 |
} |