[CXF-5390] DeflaterEncoderDecoder needs to throw the exception if the…

… inflator can not finish the process git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1543030 13f79535-47bb-0310-9956-ffa450edef68
apache · Nov 18, 2013 · 0b3894f · 0b3894f
1 parent 11bccec
commit 0b3894f
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 1 deletion.
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
@@ -38,6 +38,15 @@ public InputStream inflateToken(byte[] deflatedToken)
         while (!inflater.finished()) {
             inputLen = inflater.inflate(input);
             if (!inflater.finished()) {
+
+                if (inputLen == 0) {
+                    if (inflater.needsInput()) {
+                        throw new DataFormatException("Inflater can not inflate all the token bytes");
+                    } else {
+                        break;
+                    }
+                }
+
                 inflatedToken = new byte[input.length + inflatedLen];
                 System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
                 inflatedLen += inputLen;
@@ -57,9 +66,10 @@ public byte[] deflateToken(byte[] tokenBytes) {
         compresser.setInput(tokenBytes);
         compresser.finish();
 
-        byte[] output = new byte[tokenBytes.length];
+        byte[] output = new byte[tokenBytes.length * 2];
 
         int compressedDataLength = compresser.deflate(output);
+
         byte[] result = new byte[compressedDataLength];
         System.arraycopy(output, 0, result, 0, compressedDataLength);
         return result;

diff --git a/...security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java b/...security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml;
+
+import java.io.InputStream;
+import java.util.zip.DataFormatException;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.IOUtils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class DeflateEncoderDecoderTest extends Assert {
+
+    @Test(expected = DataFormatException.class) 
+    public void testInvalidContent() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        inflater.inflateToken("invalid_grant".getBytes());
+    }
+
+    @Test(expected = DataFormatException.class)
+    public void testInvalidContentAfterBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] base64decoded = Base64Utility.decode("invalid_grant");
+        inflater.inflateToken(base64decoded);
+    }
+
+    @Test
+    public void testInflateDeflate() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        InputStream is = inflater.inflateToken(deflated);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+
+    @Test
+    public void testInflateDeflateBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        String base64String = Base64Utility.encode(deflated);
+        byte[] base64decoded = Base64Utility.decode(base64String);
+        InputStream is = inflater.inflateToken(base64decoded);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+
+}
diff --git a/...s/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java b/...s/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
@@ -27,6 +27,7 @@
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -76,6 +77,24 @@ public void testGetBookSAMLTokenAsHeader() throws Exception {
 
     }
 
+    @Test
+    public void testInvalidSAMLTokenAsHeader() throws Exception {
+        String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
+
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSSamlTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        WebClient wc = bean.createWebClient();
+        wc.header("Authorization", "SAML invalid_grant");
+        Response r = wc.get();
+        assertEquals(401, r.getStatus());
+    }
+
     @Test
     public void testGetBookSAMLTokenInForm() throws Exception {
         String address = "https://localhost:" + PORT + "/samlform/bookstore/books";