From b5d1f06e19193c329c362ca8a5f1572811847a91 Mon Sep 17 00:00:00 2001 From: Florian Limpoeck Date: Wed, 17 Apr 2019 12:33:49 +0200 Subject: [PATCH] updated possible root wildcard combinations. --- pom.xml | 7 +- .../callbacks/DenyWildcardAuthorizer.java | 9 ++- .../callbacks/DenyWildcardAuthorizerTest.java | 77 ++++++++++++++++++- 3 files changed, 87 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index bf79ad8..4ee3976 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ com.hivemq.extension hivemq-deny-wildcard-extension - 4.0.0 + 4.1.0 HiveMQ Extension to deny top level wildcard subscription 2018 @@ -55,6 +55,11 @@ hivemq-extension-sdk 4.0.0 + + commons-lang + commons-lang + 2.6 + org.slf4j slf4j-api diff --git a/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java b/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java index 3a0ac74..e4fc0ee 100644 --- a/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java +++ b/src/main/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizer.java @@ -21,9 +21,12 @@ import com.hivemq.extension.sdk.api.auth.parameter.SubscriptionAuthorizerInput; import com.hivemq.extension.sdk.api.auth.parameter.SubscriptionAuthorizerOutput; import com.hivemq.extension.sdk.api.packets.subscribe.SubackReasonCode; +import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.regex.Pattern; + /** * DenyWildcard-Extension is a extension which denies a wildcard subscription @@ -43,14 +46,14 @@ public class DenyWildcardAuthorizer implements SubscriptionAuthorizer { private DenyWildcardAuthorizer() { } - public static final String WILDCARD = "#"; + public static final String WILDCARD_CHARS = "#/+"; private static Logger logger = LoggerFactory.getLogger(DenyWildcardAuthorizer.class); @Override public void authorizeSubscribe(@NotNull final SubscriptionAuthorizerInput subscriptionAuthorizerInput, @NotNull final SubscriptionAuthorizerOutput subscriptionAuthorizerOutput) { final String topicFilter = subscriptionAuthorizerInput.getSubscription().getTopicFilter(); - if (topicFilter.equals(WILDCARD)) { - logger.debug("Client {} tried to subscribe to an invalid subscription '#'", subscriptionAuthorizerInput.getClientInformation().getClientId()); + if (StringUtils.containsOnly(topicFilter, WILDCARD_CHARS)) { + logger.debug("Client {} tried to subscribe to an denied root wildcard topic filter '{}'", subscriptionAuthorizerInput.getClientInformation().getClientId(), topicFilter); subscriptionAuthorizerOutput.failAuthorization(SubackReasonCode.NOT_AUTHORIZED, REASON_STRING); } else { subscriptionAuthorizerOutput.authorizeSuccessfully(); diff --git a/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java b/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java index 2e7c13c..486c1d7 100644 --- a/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java +++ b/src/test/java/com/hivemq/extension/callbacks/DenyWildcardAuthorizerTest.java @@ -55,13 +55,69 @@ public void setUp() throws Exception { } @Test - public void test_denied() { + public void test_denied_hashtag() { when(input.getSubscription().getTopicFilter()).thenReturn("#"); DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); } + @Test + public void test_denied_plus() { + when(input.getSubscription().getTopicFilter()).thenReturn("+"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + + @Test + public void test_denied_plus_slash() { + when(input.getSubscription().getTopicFilter()).thenReturn("+/"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + + @Test + public void test_denied_hashtag_slash() { + when(input.getSubscription().getTopicFilter()).thenReturn("#/"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + + @Test + public void test_denied_hashtag_plus() { + when(input.getSubscription().getTopicFilter()).thenReturn("#/+"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + + @Test + public void test_denied_plus_hashtag() { + when(input.getSubscription().getTopicFilter()).thenReturn("+/#"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + + @Test + public void test_denied_slash_plus() { + when(input.getSubscription().getTopicFilter()).thenReturn("/+"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + + @Test + public void test_denied_slash_hashtag() { + when(input.getSubscription().getTopicFilter()).thenReturn("/#"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).failAuthorization(SubackReasonCode.NOT_AUTHORIZED, DenyWildcardAuthorizer.REASON_STRING); + } + @Test public void test_success() { when(input.getSubscription().getTopicFilter()).thenReturn("topic"); @@ -71,10 +127,27 @@ public void test_success() { } @Test - public void test_success_non_root_wildcard() { + public void test_success_non_root_hashtag() { when(input.getSubscription().getTopicFilter()).thenReturn("topic/#"); DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); verify(output).authorizeSuccessfully(); } + + @Test + public void test_success_non_root_plus() { + when(input.getSubscription().getTopicFilter()).thenReturn("topic/+"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).authorizeSuccessfully(); + } + + @Test + public void test_success_non_trailing_plus() { + when(input.getSubscription().getTopicFilter()).thenReturn("+/topic"); + DenyWildcardAuthorizer.INSTANCE.authorizeSubscribe(input, output); + + verify(output).authorizeSuccessfully(); + } + }