diff options
Diffstat (limited to 'server/sonar-auth-saml')
5 files changed, 237 insertions, 0 deletions
diff --git a/server/sonar-auth-saml/build.gradle b/server/sonar-auth-saml/build.gradle index 5ed7c5d8f9e..955aa9cfd53 100644 --- a/server/sonar-auth-saml/build.gradle +++ b/server/sonar-auth-saml/build.gradle @@ -24,6 +24,7 @@ dependencies { testImplementation 'junit:junit' testImplementation 'org.assertj:assertj-core' testImplementation 'org.junit.jupiter:junit-jupiter-api' + testImplementation 'org.junit.jupiter:junit-jupiter-params' testImplementation 'org.mockito:mockito-core' testImplementation 'org.mockito:mockito-junit-jupiter' testImplementation 'org.sonarsource.api.plugin:sonar-plugin-api-test-fixtures' diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java index bcc4d768027..c8f1ed5dda4 100644 --- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java +++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java @@ -1,3 +1,22 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ package org.sonar.auth.saml; import java.io.ByteArrayInputStream; diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java index 50ccb152e96..836a17fd997 100644 --- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java +++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java @@ -1,3 +1,22 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ package org.sonar.auth.saml; import java.security.KeyFactory; @@ -10,6 +29,7 @@ import org.sonar.api.server.ServerSide; @ServerSide class SamlPrivateKeyConverter { + PrivateKey toPrivateKey(String privateKeyString) { String cleanedPrivateKeyString = sanitizePrivateKeyString(privateKeyString); diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java new file mode 100644 index 00000000000..b9e6457764c --- /dev/null +++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java @@ -0,0 +1,88 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.auth.saml; + +import java.security.cert.X509Certificate; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatRuntimeException; + +class SamlCertificateConverterTest { + private static final String VALID_CERTIFICATE_STRING = """ + -----BEGIN CERTIFICATE----- + MIIDqDCCApCgAwIBAgIGAYcJtZATMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG + A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU + MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEcMBoGCSqGSIb3DQEJ + ARYNaW5mb0Bva3RhLmNvbTAeFw0yMzAzMjIxNDI0MDZaFw0zMzAzMjIxNDI1MDZaMIGUMQswCQYD + VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG + A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEc + MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBALNloIuL4r7mUDkZcD7hdYrUw335hlRGWFjMV1OjRFhI/hMw2NUq+KgQjyte6zpE7a9nMlWw + lRqkEVAuCW7ZcjO/Wk1TECiKwS2nYN3InPuuF6TCk0/gJSFZuiKXdtUUDod5viNJyEXb0Ol8rtIl + TRffbSRiaWPvPykhtDZVObS0QDpBo4wVK1C+G+3e0/P/YCD6g4+zJWFYT4sbY6Ee97xhVwcdO6ZS + jfba6lYtmUCUwRPRLQPkM9xAjKinVu5mmNPY8sXuxIRs/yEvhxnhTOnbvnU5oNU5DWI28vAiMOlD + SpQTUQZjqLDa9AHyvkWT/j0WU5AI1IFgLqB5gg6dY8UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA + DRAEvjil9vPgCMJSYl3x5i83is4JlZ6SeN8mXxJfj35pQb+sLa+XrnITnAk6fnYX4NYYEwDGD+Vq + AnSIRsJEeMYTnQWMGLp5er88IDltDlfIMSs8WgVxWkJ6R66BVGFQRVo9IJQRVuBXrPTahL43ZBn1 + SynJxMl9tceAb6Q18ncyK9DpsLfrgpkerPcLjhjWiCl9iEpfUEzGEeLzin9OyfSwTtMWcPLrqgUb + nWiSEIvNnGzGVQunZaUF4cLxlstgWJzsWLcuzr0cdSO7eIsAtAMVDqXY1ESpewRYqzDeXmj+eKso + k5X4rDjQIGfE0XskScXfKyY7CVklfmW1dCuzdw== + -----END CERTIFICATE----- + """; + + private static final String VALID_CERTIFICATE_STRING_WITHOUT_COMMENTS = """ + MIIDqDCCApCgAwIBAgIGAYcJtZATMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG + A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU + MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEcMBoGCSqGSIb3DQEJ + ARYNaW5mb0Bva3RhLmNvbTAeFw0yMzAzMjIxNDI0MDZaFw0zMzAzMjIxNDI1MDZaMIGUMQswCQYD + VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG + A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEc + MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC + ggEBALNloIuL4r7mUDkZcD7hdYrUw335hlRGWFjMV1OjRFhI/hMw2NUq+KgQjyte6zpE7a9nMlWw + lRqkEVAuCW7ZcjO/Wk1TECiKwS2nYN3InPuuF6TCk0/gJSFZuiKXdtUUDod5viNJyEXb0Ol8rtIl + TRffbSRiaWPvPykhtDZVObS0QDpBo4wVK1C+G+3e0/P/YCD6g4+zJWFYT4sbY6Ee97xhVwcdO6ZS + jfba6lYtmUCUwRPRLQPkM9xAjKinVu5mmNPY8sXuxIRs/yEvhxnhTOnbvnU5oNU5DWI28vAiMOlD + SpQTUQZjqLDa9AHyvkWT/j0WU5AI1IFgLqB5gg6dY8UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA + DRAEvjil9vPgCMJSYl3x5i83is4JlZ6SeN8mXxJfj35pQb+sLa+XrnITnAk6fnYX4NYYEwDGD+Vq + AnSIRsJEeMYTnQWMGLp5er88IDltDlfIMSs8WgVxWkJ6R66BVGFQRVo9IJQRVuBXrPTahL43ZBn1 + SynJxMl9tceAb6Q18ncyK9DpsLfrgpkerPcLjhjWiCl9iEpfUEzGEeLzin9OyfSwTtMWcPLrqgUb + nWiSEIvNnGzGVQunZaUF4cLxlstgWJzsWLcuzr0cdSO7eIsAtAMVDqXY1ESpewRYqzDeXmj+eKso + k5X4rDjQIGfE0XskScXfKyY7CVklfmW1dCuzdw== + """; + + private final SamlCertificateConverter samlCertificateConverter = new SamlCertificateConverter(); + + @ParameterizedTest + @ValueSource(strings = {VALID_CERTIFICATE_STRING, VALID_CERTIFICATE_STRING_WITHOUT_COMMENTS}) + void toX509Certificate_whenStringIsValid_succeeds(String certificate) { + X509Certificate x509Certificate = samlCertificateConverter.toX509Certificate(certificate); + assertThat(x509Certificate).isNotNull(); + } + + @Test + void toX509Certificate_whenStringIsInvalid_throwsException() { + String invalidCertificateString = "invalid"; + assertThatRuntimeException().isThrownBy(() -> samlCertificateConverter.toX509Certificate(invalidCertificateString)); + } + +} diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java new file mode 100644 index 00000000000..ed19072e79e --- /dev/null +++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java @@ -0,0 +1,109 @@ +/* + * SonarQube + * Copyright (C) 2009-2024 SonarSource SA + * mailto:info AT sonarsource DOT com + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 3 of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + */ +package org.sonar.auth.saml; + +import java.security.PrivateKey; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.ValueSource; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatRuntimeException; + +class SamlPrivateKeyConverterTest { + + private static final String VALID_PRIVATE_KEY = """ + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUHbeiASLUJZGK + vuKbBDy0q83Dx+yibRtvhlN/Wo6STPOIrkYEI/mGVN9ABaczVA3rrDsX4yL26qyG + txWerypKiGzMeg7uJsq4734up3LUcwS+lP6xn9E2Tb3pmOyJ8g921I4urgFwwQ3W + MLZ2es5VlybsODHhw0DFaS5qAwgqXFZ5ZuMVSRNQg4XMxjq+IKk27saA6M5d/Hvu + Q6SRKUreA2HYC1SOfUviKGB4BakRYqH4OZkqriUUPcRx/rl7Jye16yxLj3lNxAAQ + LAISqpVA5fJHUnm+TGFriaBuDgmL+jjlVZDZpVFCNEpq9JRf1CFeEFyNZ2LvBQYn + a/hoEGiLAgMBAAECggEACr9AtRgapCYNJDr8rz79Nmg4AjHoduhRSgrDw0Ga1KXK + dwPhb0dFVr2JHCzNJmgdVnIBAnpTJLCKMj8nfMVCPsl/vbJ3fDCB9/HGcmWwhzwW + ovNYnjZLOtWgiCvj3C9kAjDNzWaqkwRtB4urSwB44NRKOBC20kn6x6XHIL7rlH3G + hNMKau+W0LFK2xev8Rm3Ze5j8GRIY92TzSPDSxOvwOKBiAqBTyK+lPFo7KbZ9znf + KFlVJAhoDQvYeApOWcZNkKUDgn87ctt1KcWXW3qMRcYrVIScZv8lvu/Pd8CMIqk8 + varjnYhl76TdvlOrWPbLqRGawfCWWqfZsdwbYegUeQKBgQD6mJXuQMKFLZ2Tz9tD + 2wOwv7zSbRjLA/up60ZODHG1abkPae98xtnhcItaocm5EnczaTe6iaRUHViHMoYB + WXlmMUsizjLvZ/jl3VgudBgDtChZoCwXhdSjzv7g0H5PQDznkEndWKUlkL5DwwiR + kbDCf0ZSrCeC2uYwvp2RGFQseQKBgQDYsLQGwcphjXnty4izrNMmhQMC73G9kUi9 + I+etzewPr47KWcCcQA84C+xdm1l03b30JoDZUds0bEiJ7fWCRfDhjktzMEjYOJpC + ioFmceb4X0IKZRUewKfKtiJASQYKnVs4NLtr7O9njj43cX+PkuDTkRf/MtR07w9F + h9CBSsP0IwKBgQCq+HmqcKKGTGXrF/An7oApEdfY1TgKIrCL8Iop69GUjQoGmyca + wWybo7Zf4mwHibKr78hmy0vDW7Yvn2fP+eSatVzm5TnZHt2wroBgSTKtLDgvVdlf + Px6hmDNK3NSga1piPo42pykdZRB6mND6yCSJvl4TP4NBgul0LkjAWpHrOQKBgEhr + bg9gDxJhZSGrR2m9VehmxeXiPqI7fxLvgAufacioRNGuA2h1JGD34yw5skETptuF + TsTSza8MjYXDiKzcUTAhDWhW99GDwVKB1dN2N9pEg97Tf6aCftGJ45KWlTVQ996m + CQl961kxuetvvFEwpoEu2dVJmKXoC7OSO4Yqhaj/AoGBAMryk5JYtu7HTKNzyJzT + e9Sup0gum+oCtWopK58Oo9cPBJwGgLljrlGJFcirjkEwpcLZ1SAdMN+iebUia893 + 7TjVnhAe+/Y/YzKAZcyggBJo7F2mshT4/0mVsw/hzJCNBbC7OihBtd6qT9YsFsIT + xkGDoWLmoZBN7qeFmjNAS21W + -----END PRIVATE KEY----- + """; + + private static final String VALID_PRIVATE_KEY_WITHOUT_COMMENTS = """ + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUHbeiASLUJZGK + vuKbBDy0q83Dx+yibRtvhlN/Wo6STPOIrkYEI/mGVN9ABaczVA3rrDsX4yL26qyG + txWerypKiGzMeg7uJsq4734up3LUcwS+lP6xn9E2Tb3pmOyJ8g921I4urgFwwQ3W + MLZ2es5VlybsODHhw0DFaS5qAwgqXFZ5ZuMVSRNQg4XMxjq+IKk27saA6M5d/Hvu + Q6SRKUreA2HYC1SOfUviKGB4BakRYqH4OZkqriUUPcRx/rl7Jye16yxLj3lNxAAQ + LAISqpVA5fJHUnm+TGFriaBuDgmL+jjlVZDZpVFCNEpq9JRf1CFeEFyNZ2LvBQYn + a/hoEGiLAgMBAAECggEACr9AtRgapCYNJDr8rz79Nmg4AjHoduhRSgrDw0Ga1KXK + dwPhb0dFVr2JHCzNJmgdVnIBAnpTJLCKMj8nfMVCPsl/vbJ3fDCB9/HGcmWwhzwW + ovNYnjZLOtWgiCvj3C9kAjDNzWaqkwRtB4urSwB44NRKOBC20kn6x6XHIL7rlH3G + hNMKau+W0LFK2xev8Rm3Ze5j8GRIY92TzSPDSxOvwOKBiAqBTyK+lPFo7KbZ9znf + KFlVJAhoDQvYeApOWcZNkKUDgn87ctt1KcWXW3qMRcYrVIScZv8lvu/Pd8CMIqk8 + varjnYhl76TdvlOrWPbLqRGawfCWWqfZsdwbYegUeQKBgQD6mJXuQMKFLZ2Tz9tD + 2wOwv7zSbRjLA/up60ZODHG1abkPae98xtnhcItaocm5EnczaTe6iaRUHViHMoYB + WXlmMUsizjLvZ/jl3VgudBgDtChZoCwXhdSjzv7g0H5PQDznkEndWKUlkL5DwwiR + kbDCf0ZSrCeC2uYwvp2RGFQseQKBgQDYsLQGwcphjXnty4izrNMmhQMC73G9kUi9 + I+etzewPr47KWcCcQA84C+xdm1l03b30JoDZUds0bEiJ7fWCRfDhjktzMEjYOJpC + ioFmceb4X0IKZRUewKfKtiJASQYKnVs4NLtr7O9njj43cX+PkuDTkRf/MtR07w9F + h9CBSsP0IwKBgQCq+HmqcKKGTGXrF/An7oApEdfY1TgKIrCL8Iop69GUjQoGmyca + wWybo7Zf4mwHibKr78hmy0vDW7Yvn2fP+eSatVzm5TnZHt2wroBgSTKtLDgvVdlf + Px6hmDNK3NSga1piPo42pykdZRB6mND6yCSJvl4TP4NBgul0LkjAWpHrOQKBgEhr + bg9gDxJhZSGrR2m9VehmxeXiPqI7fxLvgAufacioRNGuA2h1JGD34yw5skETptuF + TsTSza8MjYXDiKzcUTAhDWhW99GDwVKB1dN2N9pEg97Tf6aCftGJ45KWlTVQ996m + CQl961kxuetvvFEwpoEu2dVJmKXoC7OSO4Yqhaj/AoGBAMryk5JYtu7HTKNzyJzT + e9Sup0gum+oCtWopK58Oo9cPBJwGgLljrlGJFcirjkEwpcLZ1SAdMN+iebUia893 + 7TjVnhAe+/Y/YzKAZcyggBJo7F2mshT4/0mVsw/hzJCNBbC7OihBtd6qT9YsFsIT + xkGDoWLmoZBN7qeFmjNAS21W + """; + + private final SamlPrivateKeyConverter samlPrivateKeyConverter = new SamlPrivateKeyConverter(); + + @ParameterizedTest + @ValueSource(strings = {VALID_PRIVATE_KEY, VALID_PRIVATE_KEY_WITHOUT_COMMENTS}) + void toPrivateKey_whenPrivateKeyIsValid_succeeds(String privateKeyString) { + PrivateKey privateKey = samlPrivateKeyConverter.toPrivateKey(privateKeyString); + assertThat(privateKey).isNotNull(); + } + + @Test + void toPrivateKey_whenPrivateKeyIsInvalid_throwsException() { + assertThatRuntimeException() + .isThrownBy(() -> samlPrivateKeyConverter.toPrivateKey("invalidKey")) + .withMessage("bla"); + } + + +} |