aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/sonar-auth-saml/build.gradle1
-rw-r--r--server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java19
-rw-r--r--server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java20
-rw-r--r--server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java88
-rw-r--r--server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java109
5 files changed, 237 insertions, 0 deletions
diff --git a/server/sonar-auth-saml/build.gradle b/server/sonar-auth-saml/build.gradle
index 5ed7c5d8f9e..955aa9cfd53 100644
--- a/server/sonar-auth-saml/build.gradle
+++ b/server/sonar-auth-saml/build.gradle
@@ -24,6 +24,7 @@ dependencies {
testImplementation 'junit:junit'
testImplementation 'org.assertj:assertj-core'
testImplementation 'org.junit.jupiter:junit-jupiter-api'
+ testImplementation 'org.junit.jupiter:junit-jupiter-params'
testImplementation 'org.mockito:mockito-core'
testImplementation 'org.mockito:mockito-junit-jupiter'
testImplementation 'org.sonarsource.api.plugin:sonar-plugin-api-test-fixtures'
diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java
index bcc4d768027..c8f1ed5dda4 100644
--- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java
+++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlCertificateConverter.java
@@ -1,3 +1,22 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
package org.sonar.auth.saml;
import java.io.ByteArrayInputStream;
diff --git a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java
index 50ccb152e96..836a17fd997 100644
--- a/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java
+++ b/server/sonar-auth-saml/src/main/java/org/sonar/auth/saml/SamlPrivateKeyConverter.java
@@ -1,3 +1,22 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
package org.sonar.auth.saml;
import java.security.KeyFactory;
@@ -10,6 +29,7 @@ import org.sonar.api.server.ServerSide;
@ServerSide
class SamlPrivateKeyConverter {
+
PrivateKey toPrivateKey(String privateKeyString) {
String cleanedPrivateKeyString = sanitizePrivateKeyString(privateKeyString);
diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java
new file mode 100644
index 00000000000..b9e6457764c
--- /dev/null
+++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlCertificateConverterTest.java
@@ -0,0 +1,88 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.auth.saml;
+
+import java.security.cert.X509Certificate;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatRuntimeException;
+
+class SamlCertificateConverterTest {
+ private static final String VALID_CERTIFICATE_STRING = """
+ -----BEGIN CERTIFICATE-----
+ MIIDqDCCApCgAwIBAgIGAYcJtZATMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+ A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+ MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEcMBoGCSqGSIb3DQEJ
+ ARYNaW5mb0Bva3RhLmNvbTAeFw0yMzAzMjIxNDI0MDZaFw0zMzAzMjIxNDI1MDZaMIGUMQswCQYD
+ VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+ A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEc
+ MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBALNloIuL4r7mUDkZcD7hdYrUw335hlRGWFjMV1OjRFhI/hMw2NUq+KgQjyte6zpE7a9nMlWw
+ lRqkEVAuCW7ZcjO/Wk1TECiKwS2nYN3InPuuF6TCk0/gJSFZuiKXdtUUDod5viNJyEXb0Ol8rtIl
+ TRffbSRiaWPvPykhtDZVObS0QDpBo4wVK1C+G+3e0/P/YCD6g4+zJWFYT4sbY6Ee97xhVwcdO6ZS
+ jfba6lYtmUCUwRPRLQPkM9xAjKinVu5mmNPY8sXuxIRs/yEvhxnhTOnbvnU5oNU5DWI28vAiMOlD
+ SpQTUQZjqLDa9AHyvkWT/j0WU5AI1IFgLqB5gg6dY8UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+ DRAEvjil9vPgCMJSYl3x5i83is4JlZ6SeN8mXxJfj35pQb+sLa+XrnITnAk6fnYX4NYYEwDGD+Vq
+ AnSIRsJEeMYTnQWMGLp5er88IDltDlfIMSs8WgVxWkJ6R66BVGFQRVo9IJQRVuBXrPTahL43ZBn1
+ SynJxMl9tceAb6Q18ncyK9DpsLfrgpkerPcLjhjWiCl9iEpfUEzGEeLzin9OyfSwTtMWcPLrqgUb
+ nWiSEIvNnGzGVQunZaUF4cLxlstgWJzsWLcuzr0cdSO7eIsAtAMVDqXY1ESpewRYqzDeXmj+eKso
+ k5X4rDjQIGfE0XskScXfKyY7CVklfmW1dCuzdw==
+ -----END CERTIFICATE-----
+ """;
+
+ private static final String VALID_CERTIFICATE_STRING_WITHOUT_COMMENTS = """
+ MIIDqDCCApCgAwIBAgIGAYcJtZATMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJVUzETMBEG
+ A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
+ MBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEcMBoGCSqGSIb3DQEJ
+ ARYNaW5mb0Bva3RhLmNvbTAeFw0yMzAzMjIxNDI0MDZaFw0zMzAzMjIxNDI1MDZaMIGUMQswCQYD
+ VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsG
+ A1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxFTATBgNVBAMMDGRldi05ODIxMjUzNzEc
+ MBoGCSqGSIb3DQEJARYNaW5mb0Bva3RhLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ ggEBALNloIuL4r7mUDkZcD7hdYrUw335hlRGWFjMV1OjRFhI/hMw2NUq+KgQjyte6zpE7a9nMlWw
+ lRqkEVAuCW7ZcjO/Wk1TECiKwS2nYN3InPuuF6TCk0/gJSFZuiKXdtUUDod5viNJyEXb0Ol8rtIl
+ TRffbSRiaWPvPykhtDZVObS0QDpBo4wVK1C+G+3e0/P/YCD6g4+zJWFYT4sbY6Ee97xhVwcdO6ZS
+ jfba6lYtmUCUwRPRLQPkM9xAjKinVu5mmNPY8sXuxIRs/yEvhxnhTOnbvnU5oNU5DWI28vAiMOlD
+ SpQTUQZjqLDa9AHyvkWT/j0WU5AI1IFgLqB5gg6dY8UCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+ DRAEvjil9vPgCMJSYl3x5i83is4JlZ6SeN8mXxJfj35pQb+sLa+XrnITnAk6fnYX4NYYEwDGD+Vq
+ AnSIRsJEeMYTnQWMGLp5er88IDltDlfIMSs8WgVxWkJ6R66BVGFQRVo9IJQRVuBXrPTahL43ZBn1
+ SynJxMl9tceAb6Q18ncyK9DpsLfrgpkerPcLjhjWiCl9iEpfUEzGEeLzin9OyfSwTtMWcPLrqgUb
+ nWiSEIvNnGzGVQunZaUF4cLxlstgWJzsWLcuzr0cdSO7eIsAtAMVDqXY1ESpewRYqzDeXmj+eKso
+ k5X4rDjQIGfE0XskScXfKyY7CVklfmW1dCuzdw==
+ """;
+
+ private final SamlCertificateConverter samlCertificateConverter = new SamlCertificateConverter();
+
+ @ParameterizedTest
+ @ValueSource(strings = {VALID_CERTIFICATE_STRING, VALID_CERTIFICATE_STRING_WITHOUT_COMMENTS})
+ void toX509Certificate_whenStringIsValid_succeeds(String certificate) {
+ X509Certificate x509Certificate = samlCertificateConverter.toX509Certificate(certificate);
+ assertThat(x509Certificate).isNotNull();
+ }
+
+ @Test
+ void toX509Certificate_whenStringIsInvalid_throwsException() {
+ String invalidCertificateString = "invalid";
+ assertThatRuntimeException().isThrownBy(() -> samlCertificateConverter.toX509Certificate(invalidCertificateString));
+ }
+
+}
diff --git a/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java
new file mode 100644
index 00000000000..ed19072e79e
--- /dev/null
+++ b/server/sonar-auth-saml/src/test/java/org/sonar/auth/saml/SamlPrivateKeyConverterTest.java
@@ -0,0 +1,109 @@
+/*
+ * SonarQube
+ * Copyright (C) 2009-2024 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package org.sonar.auth.saml;
+
+import java.security.PrivateKey;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatRuntimeException;
+
+class SamlPrivateKeyConverterTest {
+
+ private static final String VALID_PRIVATE_KEY = """
+ -----BEGIN PRIVATE KEY-----
+ MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUHbeiASLUJZGK
+ vuKbBDy0q83Dx+yibRtvhlN/Wo6STPOIrkYEI/mGVN9ABaczVA3rrDsX4yL26qyG
+ txWerypKiGzMeg7uJsq4734up3LUcwS+lP6xn9E2Tb3pmOyJ8g921I4urgFwwQ3W
+ MLZ2es5VlybsODHhw0DFaS5qAwgqXFZ5ZuMVSRNQg4XMxjq+IKk27saA6M5d/Hvu
+ Q6SRKUreA2HYC1SOfUviKGB4BakRYqH4OZkqriUUPcRx/rl7Jye16yxLj3lNxAAQ
+ LAISqpVA5fJHUnm+TGFriaBuDgmL+jjlVZDZpVFCNEpq9JRf1CFeEFyNZ2LvBQYn
+ a/hoEGiLAgMBAAECggEACr9AtRgapCYNJDr8rz79Nmg4AjHoduhRSgrDw0Ga1KXK
+ dwPhb0dFVr2JHCzNJmgdVnIBAnpTJLCKMj8nfMVCPsl/vbJ3fDCB9/HGcmWwhzwW
+ ovNYnjZLOtWgiCvj3C9kAjDNzWaqkwRtB4urSwB44NRKOBC20kn6x6XHIL7rlH3G
+ hNMKau+W0LFK2xev8Rm3Ze5j8GRIY92TzSPDSxOvwOKBiAqBTyK+lPFo7KbZ9znf
+ KFlVJAhoDQvYeApOWcZNkKUDgn87ctt1KcWXW3qMRcYrVIScZv8lvu/Pd8CMIqk8
+ varjnYhl76TdvlOrWPbLqRGawfCWWqfZsdwbYegUeQKBgQD6mJXuQMKFLZ2Tz9tD
+ 2wOwv7zSbRjLA/up60ZODHG1abkPae98xtnhcItaocm5EnczaTe6iaRUHViHMoYB
+ WXlmMUsizjLvZ/jl3VgudBgDtChZoCwXhdSjzv7g0H5PQDznkEndWKUlkL5DwwiR
+ kbDCf0ZSrCeC2uYwvp2RGFQseQKBgQDYsLQGwcphjXnty4izrNMmhQMC73G9kUi9
+ I+etzewPr47KWcCcQA84C+xdm1l03b30JoDZUds0bEiJ7fWCRfDhjktzMEjYOJpC
+ ioFmceb4X0IKZRUewKfKtiJASQYKnVs4NLtr7O9njj43cX+PkuDTkRf/MtR07w9F
+ h9CBSsP0IwKBgQCq+HmqcKKGTGXrF/An7oApEdfY1TgKIrCL8Iop69GUjQoGmyca
+ wWybo7Zf4mwHibKr78hmy0vDW7Yvn2fP+eSatVzm5TnZHt2wroBgSTKtLDgvVdlf
+ Px6hmDNK3NSga1piPo42pykdZRB6mND6yCSJvl4TP4NBgul0LkjAWpHrOQKBgEhr
+ bg9gDxJhZSGrR2m9VehmxeXiPqI7fxLvgAufacioRNGuA2h1JGD34yw5skETptuF
+ TsTSza8MjYXDiKzcUTAhDWhW99GDwVKB1dN2N9pEg97Tf6aCftGJ45KWlTVQ996m
+ CQl961kxuetvvFEwpoEu2dVJmKXoC7OSO4Yqhaj/AoGBAMryk5JYtu7HTKNzyJzT
+ e9Sup0gum+oCtWopK58Oo9cPBJwGgLljrlGJFcirjkEwpcLZ1SAdMN+iebUia893
+ 7TjVnhAe+/Y/YzKAZcyggBJo7F2mshT4/0mVsw/hzJCNBbC7OihBtd6qT9YsFsIT
+ xkGDoWLmoZBN7qeFmjNAS21W
+ -----END PRIVATE KEY-----
+ """;
+
+ private static final String VALID_PRIVATE_KEY_WITHOUT_COMMENTS = """
+ MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDUHbeiASLUJZGK
+ vuKbBDy0q83Dx+yibRtvhlN/Wo6STPOIrkYEI/mGVN9ABaczVA3rrDsX4yL26qyG
+ txWerypKiGzMeg7uJsq4734up3LUcwS+lP6xn9E2Tb3pmOyJ8g921I4urgFwwQ3W
+ MLZ2es5VlybsODHhw0DFaS5qAwgqXFZ5ZuMVSRNQg4XMxjq+IKk27saA6M5d/Hvu
+ Q6SRKUreA2HYC1SOfUviKGB4BakRYqH4OZkqriUUPcRx/rl7Jye16yxLj3lNxAAQ
+ LAISqpVA5fJHUnm+TGFriaBuDgmL+jjlVZDZpVFCNEpq9JRf1CFeEFyNZ2LvBQYn
+ a/hoEGiLAgMBAAECggEACr9AtRgapCYNJDr8rz79Nmg4AjHoduhRSgrDw0Ga1KXK
+ dwPhb0dFVr2JHCzNJmgdVnIBAnpTJLCKMj8nfMVCPsl/vbJ3fDCB9/HGcmWwhzwW
+ ovNYnjZLOtWgiCvj3C9kAjDNzWaqkwRtB4urSwB44NRKOBC20kn6x6XHIL7rlH3G
+ hNMKau+W0LFK2xev8Rm3Ze5j8GRIY92TzSPDSxOvwOKBiAqBTyK+lPFo7KbZ9znf
+ KFlVJAhoDQvYeApOWcZNkKUDgn87ctt1KcWXW3qMRcYrVIScZv8lvu/Pd8CMIqk8
+ varjnYhl76TdvlOrWPbLqRGawfCWWqfZsdwbYegUeQKBgQD6mJXuQMKFLZ2Tz9tD
+ 2wOwv7zSbRjLA/up60ZODHG1abkPae98xtnhcItaocm5EnczaTe6iaRUHViHMoYB
+ WXlmMUsizjLvZ/jl3VgudBgDtChZoCwXhdSjzv7g0H5PQDznkEndWKUlkL5DwwiR
+ kbDCf0ZSrCeC2uYwvp2RGFQseQKBgQDYsLQGwcphjXnty4izrNMmhQMC73G9kUi9
+ I+etzewPr47KWcCcQA84C+xdm1l03b30JoDZUds0bEiJ7fWCRfDhjktzMEjYOJpC
+ ioFmceb4X0IKZRUewKfKtiJASQYKnVs4NLtr7O9njj43cX+PkuDTkRf/MtR07w9F
+ h9CBSsP0IwKBgQCq+HmqcKKGTGXrF/An7oApEdfY1TgKIrCL8Iop69GUjQoGmyca
+ wWybo7Zf4mwHibKr78hmy0vDW7Yvn2fP+eSatVzm5TnZHt2wroBgSTKtLDgvVdlf
+ Px6hmDNK3NSga1piPo42pykdZRB6mND6yCSJvl4TP4NBgul0LkjAWpHrOQKBgEhr
+ bg9gDxJhZSGrR2m9VehmxeXiPqI7fxLvgAufacioRNGuA2h1JGD34yw5skETptuF
+ TsTSza8MjYXDiKzcUTAhDWhW99GDwVKB1dN2N9pEg97Tf6aCftGJ45KWlTVQ996m
+ CQl961kxuetvvFEwpoEu2dVJmKXoC7OSO4Yqhaj/AoGBAMryk5JYtu7HTKNzyJzT
+ e9Sup0gum+oCtWopK58Oo9cPBJwGgLljrlGJFcirjkEwpcLZ1SAdMN+iebUia893
+ 7TjVnhAe+/Y/YzKAZcyggBJo7F2mshT4/0mVsw/hzJCNBbC7OihBtd6qT9YsFsIT
+ xkGDoWLmoZBN7qeFmjNAS21W
+ """;
+
+ private final SamlPrivateKeyConverter samlPrivateKeyConverter = new SamlPrivateKeyConverter();
+
+ @ParameterizedTest
+ @ValueSource(strings = {VALID_PRIVATE_KEY, VALID_PRIVATE_KEY_WITHOUT_COMMENTS})
+ void toPrivateKey_whenPrivateKeyIsValid_succeeds(String privateKeyString) {
+ PrivateKey privateKey = samlPrivateKeyConverter.toPrivateKey(privateKeyString);
+ assertThat(privateKey).isNotNull();
+ }
+
+ @Test
+ void toPrivateKey_whenPrivateKeyIsInvalid_throwsException() {
+ assertThatRuntimeException()
+ .isThrownBy(() -> samlPrivateKeyConverter.toPrivateKey("invalidKey"))
+ .withMessage("bla");
+ }
+
+
+}