예제 #1
0
  private Firewall initialisePlugin(String defaultAction, RuleInfo[] rules)
      throws IOException, ConfigurationException {
    // Create sample config file
    File confFile = File.createTempFile(getClass().getSimpleName() + "conffile", null);
    confFile.deleteOnExit();
    BufferedWriter buf = new BufferedWriter(new FileWriter(confFile));
    buf.write("<firewall default-action=\"" + defaultAction + "\">\n");
    if (rules != null) {
      for (RuleInfo rule : rules) {
        buf.write("<rule");
        buf.write(" access=\"" + rule.getAccess() + "\"");
        if (rule.getHostname() != null) {
          buf.write(" hostname=\"" + rule.getHostname() + "\"");
        }
        if (rule.getNetwork() != null) {
          buf.write(" network=\"" + rule.getNetwork() + "\"");
        }
        buf.write("/>\n");
      }
    }
    buf.write("</firewall>");
    buf.close();

    // Configure plugin
    FirewallConfiguration config = new FirewallConfiguration();
    config.setConfiguration("", new XMLConfiguration(confFile));
    Firewall plugin = new Firewall();
    plugin.configure(config);
    return plugin;
  }
예제 #2
0
  public void testDefaultAction() throws Exception {
    // Test simple deny
    Firewall plugin = initialisePlugin("deny");
    assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));

    // Test simple allow
    plugin = initialisePlugin("allow");
    assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
  }
예제 #3
0
  public void testSingleHostWilcardRule() throws Exception {
    RuleInfo rule = new RuleInfo();
    rule.setAccess("allow");
    String hostname = new InetSocketAddress("127.0.0.1", 0).getHostName();
    rule.setHostname(".*" + hostname.subSequence(hostname.length() - 1, hostname.length()) + "*");
    Firewall plugin = initialisePlugin("deny", new RuleInfo[] {rule});

    // Set IP so that we're connected from the right address
    _address = new InetSocketAddress("127.0.0.1", 65535);
    assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
  }
예제 #4
0
  public void testCommaSeperatedNetmask() throws Exception {
    RuleInfo firstRule = new RuleInfo();
    firstRule.setAccess("allow");
    firstRule.setNetwork("10.1.1.1/8, 192.168.23.0/24");
    Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule});

    assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));

    // Set IP so that we're connected from the right address
    _address = new InetSocketAddress("192.168.23.23", 65535);
    assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
  }
예제 #5
0
  public void testCommaSeperatedHostnames() throws Exception {
    RuleInfo firstRule = new RuleInfo();
    firstRule.setAccess("allow");
    firstRule.setHostname("foo, bar, " + new InetSocketAddress("127.0.0.1", 5672).getHostName());
    Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule});

    // Set IP so that we're connected from the right address
    _address = new InetSocketAddress("10.0.0.1", 65535);
    assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));

    // Set IP so that we're connected from the right address
    _address = new InetSocketAddress("127.0.0.1", 65535);
    assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
  }
예제 #6
0
  public void testSeveralLastAllowsAccess() throws Exception {
    RuleInfo firstRule = new RuleInfo();
    firstRule.setAccess("deny");
    firstRule.setHostname("localhost");

    RuleInfo secondRule = new RuleInfo();
    secondRule.setAccess("deny");
    secondRule.setNetwork("192.168.42.42");

    RuleInfo thirdRule = new RuleInfo();
    thirdRule.setAccess("allow");
    thirdRule.setNetwork("192.168.23.23");

    Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule, secondRule, thirdRule});

    assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));

    // Set IP so that we're connected from the right address
    _address = new InetSocketAddress("192.168.23.23", 65535);
    assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
  }