private Firewall initialisePlugin(String defaultAction, RuleInfo[] rules) throws IOException, ConfigurationException { // Create sample config file File confFile = File.createTempFile(getClass().getSimpleName() + "conffile", null); confFile.deleteOnExit(); BufferedWriter buf = new BufferedWriter(new FileWriter(confFile)); buf.write("<firewall default-action=\"" + defaultAction + "\">\n"); if (rules != null) { for (RuleInfo rule : rules) { buf.write("<rule"); buf.write(" access=\"" + rule.getAccess() + "\""); if (rule.getHostname() != null) { buf.write(" hostname=\"" + rule.getHostname() + "\""); } if (rule.getNetwork() != null) { buf.write(" network=\"" + rule.getNetwork() + "\""); } buf.write("/>\n"); } } buf.write("</firewall>"); buf.close(); // Configure plugin FirewallConfiguration config = new FirewallConfiguration(); config.setConfiguration("", new XMLConfiguration(confFile)); Firewall plugin = new Firewall(); plugin.configure(config); return plugin; }
public void testDefaultAction() throws Exception { // Test simple deny Firewall plugin = initialisePlugin("deny"); assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Test simple allow plugin = initialisePlugin("allow"); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); }
public void testSingleHostWilcardRule() throws Exception { RuleInfo rule = new RuleInfo(); rule.setAccess("allow"); String hostname = new InetSocketAddress("127.0.0.1", 0).getHostName(); rule.setHostname(".*" + hostname.subSequence(hostname.length() - 1, hostname.length()) + "*"); Firewall plugin = initialisePlugin("deny", new RuleInfo[] {rule}); // Set IP so that we're connected from the right address _address = new InetSocketAddress("127.0.0.1", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); }
public void testCommaSeperatedNetmask() throws Exception { RuleInfo firstRule = new RuleInfo(); firstRule.setAccess("allow"); firstRule.setNetwork("10.1.1.1/8, 192.168.23.0/24"); Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule}); assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); }
public void testCommaSeperatedHostnames() throws Exception { RuleInfo firstRule = new RuleInfo(); firstRule.setAccess("allow"); firstRule.setHostname("foo, bar, " + new InetSocketAddress("127.0.0.1", 5672).getHostName()); Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule}); // Set IP so that we're connected from the right address _address = new InetSocketAddress("10.0.0.1", 65535); assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address _address = new InetSocketAddress("127.0.0.1", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); }
public void testSeveralLastAllowsAccess() throws Exception { RuleInfo firstRule = new RuleInfo(); firstRule.setAccess("deny"); firstRule.setHostname("localhost"); RuleInfo secondRule = new RuleInfo(); secondRule.setAccess("deny"); secondRule.setNetwork("192.168.42.42"); RuleInfo thirdRule = new RuleInfo(); thirdRule.setAccess("allow"); thirdRule.setNetwork("192.168.23.23"); Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule, secondRule, thirdRule}); assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address)); // Set IP so that we're connected from the right address _address = new InetSocketAddress("192.168.23.23", 65535); assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address)); }