private Firewall initialisePlugin(String defaultAction, RuleInfo[] rules)
throws IOException, ConfigurationException {
// Create sample config file
File confFile = File.createTempFile(getClass().getSimpleName() + "conffile", null);
confFile.deleteOnExit();
BufferedWriter buf = new BufferedWriter(new FileWriter(confFile));
buf.write("<firewall default-action=\"" + defaultAction + "\">\n");
if (rules != null) {
for (RuleInfo rule : rules) {
buf.write("<rule");
buf.write(" access=\"" + rule.getAccess() + "\"");
if (rule.getHostname() != null) {
buf.write(" hostname=\"" + rule.getHostname() + "\"");
}
if (rule.getNetwork() != null) {
buf.write(" network=\"" + rule.getNetwork() + "\"");
}
buf.write("/>\n");
}
}
buf.write("</firewall>");
buf.close();
// Configure plugin
FirewallConfiguration config = new FirewallConfiguration();
config.setConfiguration("", new XMLConfiguration(confFile));
Firewall plugin = new Firewall();
plugin.configure(config);
return plugin;
}
public void testDefaultAction() throws Exception {
// Test simple deny
Firewall plugin = initialisePlugin("deny");
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Test simple allow
plugin = initialisePlugin("allow");
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
public void testSingleHostWilcardRule() throws Exception {
RuleInfo rule = new RuleInfo();
rule.setAccess("allow");
String hostname = new InetSocketAddress("127.0.0.1", 0).getHostName();
rule.setHostname(".*" + hostname.subSequence(hostname.length() - 1, hostname.length()) + "*");
Firewall plugin = initialisePlugin("deny", new RuleInfo[] {rule});
// Set IP so that we're connected from the right address
_address = new InetSocketAddress("127.0.0.1", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
public void testCommaSeperatedNetmask() throws Exception {
RuleInfo firstRule = new RuleInfo();
firstRule.setAccess("allow");
firstRule.setNetwork("10.1.1.1/8, 192.168.23.0/24");
Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule});
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
_address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
public void testCommaSeperatedHostnames() throws Exception {
RuleInfo firstRule = new RuleInfo();
firstRule.setAccess("allow");
firstRule.setHostname("foo, bar, " + new InetSocketAddress("127.0.0.1", 5672).getHostName());
Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule});
// Set IP so that we're connected from the right address
_address = new InetSocketAddress("10.0.0.1", 65535);
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
_address = new InetSocketAddress("127.0.0.1", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}
public void testSeveralLastAllowsAccess() throws Exception {
RuleInfo firstRule = new RuleInfo();
firstRule.setAccess("deny");
firstRule.setHostname("localhost");
RuleInfo secondRule = new RuleInfo();
secondRule.setAccess("deny");
secondRule.setNetwork("192.168.42.42");
RuleInfo thirdRule = new RuleInfo();
thirdRule.setAccess("allow");
thirdRule.setNetwork("192.168.23.23");
Firewall plugin = initialisePlugin("deny", new RuleInfo[] {firstRule, secondRule, thirdRule});
assertEquals(Result.DENIED, plugin.access(ObjectType.VIRTUALHOST, _address));
// Set IP so that we're connected from the right address
_address = new InetSocketAddress("192.168.23.23", 65535);
assertEquals(Result.ALLOWED, plugin.access(ObjectType.VIRTUALHOST, _address));
}