From f6a39e1002a01b805f7afac4438b01db0301b3c5 Mon Sep 17 00:00:00 2001 From: Jamie Li Date: Tue, 13 Jun 2023 16:50:22 -0700 Subject: [PATCH 1/4] Add homeDomain and webAuthDomain validation --- .../platform/config/PropertySep10Config.java | 26 ++++++++++++++++++- .../anchor/platform/config/Sep10ConfigTest.kt | 17 +++++++++--- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java index 8d81fbafa8..e7cb33d7e8 100644 --- a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java +++ b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java @@ -16,7 +16,7 @@ import org.stellar.anchor.config.Sep10Config; import org.stellar.anchor.util.ListHelper; import org.stellar.anchor.util.NetUtil; -import org.stellar.sdk.KeyPair; +import org.stellar.sdk.*; @Data public class PropertySep10Config implements Sep10Config, Validator { @@ -117,6 +117,30 @@ void validateConfig(Errors errors) { "sep10-jwt-timeout-invalid", "The sep10.jwt_timeout must be greater than 0"); } + + byte[] nonce = new byte[64]; + + try { + new ManageDataOperation.Builder(String.format("%s %s", homeDomain, "auth"), nonce).build(); + } catch (IllegalArgumentException iaex) { + errors.rejectValue( + "homeDomain", + "sep10-home-domain-invalid", + format( + "The sep10.home_domain (%s) does not have valid format. Please make sure it is a valid domain name. Error=%s", + homeDomain, iaex)); + } + + try { + if (webAuthDomain != null) new ManageDataOperation.Builder(webAuthDomain, nonce).build(); + } catch (IllegalArgumentException iaex) { + errors.rejectValue( + "webAuthDomain", + "sep10-web-auth-domain-invalid", + format( + "The sep10.web_auth_domain (%s) does not have valid format. Please make sure it is a valid domain name. Error=%s", + webAuthDomain, iaex)); + } } void validateClientAttribution(Errors errors) { diff --git a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt index 301aabf0cb..3f7b55d06a 100644 --- a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt +++ b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt @@ -138,13 +138,22 @@ class Sep10ConfigTest { } @ParameterizedTest - @ValueSource(strings = ["stellar .org", "abc", "299.0.0.1"]) + @ValueSource( + strings = + [ + "stellar .org", + "abc", + "299.0.0.1", + "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org" + ] + ) fun `test invalid web auth domains`(value: String) { config.webAuthDomain = value config.validateConfig(errors) assertTrue(errors.hasErrors()) assertErrorCode(errors, "sep10-web-auth-domain-invalid") } + @ParameterizedTest @ValueSource( strings = @@ -154,7 +163,8 @@ class Sep10ConfigTest { "299.0.0.1", "http://stellar.org", "https://stellar.org", - "://stellar.org" + "://stellar.org", + "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-home-domain.stellar.org" ] ) fun `test invalid home domains`(value: String) { @@ -163,6 +173,7 @@ class Sep10ConfigTest { assertTrue(errors.hasErrors()) assertErrorCode(errors, "sep10-home-domain-invalid") } + @Test fun `test if web_auth_domain is not set, default to the domain of the host_url`() { config.webAuthDomain = null @@ -172,7 +183,7 @@ class Sep10ConfigTest { } @Test - fun `test if web_auth_domain is set, it is not default to the domain of the host_url`() { + fun `test if web_auth_domain is set, it is not default to the domain of the host_url`() { config.webAuthDomain = "localhost:8080" config.homeDomain = "www.stellar.org" config.postConstruct() From b23c02b78fd33e7cde037e7944677d0194536f95 Mon Sep 17 00:00:00 2001 From: Jamie Li Date: Tue, 13 Jun 2023 17:00:32 -0700 Subject: [PATCH 2/4] Modify the length validation error message --- .../stellar/anchor/platform/config/PropertySep10Config.java | 4 ++-- .../org/stellar/anchor/platform/config/Sep10ConfigTest.kt | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java index e7cb33d7e8..c67e6b7c7e 100644 --- a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java +++ b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java @@ -127,7 +127,7 @@ void validateConfig(Errors errors) { "homeDomain", "sep10-home-domain-invalid", format( - "The sep10.home_domain (%s) does not have valid format. Please make sure it is a valid domain name. Error=%s", + "The sep10.home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", homeDomain, iaex)); } @@ -138,7 +138,7 @@ void validateConfig(Errors errors) { "webAuthDomain", "sep10-web-auth-domain-invalid", format( - "The sep10.web_auth_domain (%s) does not have valid format. Please make sure it is a valid domain name. Error=%s", + "The sep10.web_auth_home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", webAuthDomain, iaex)); } } diff --git a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt index 3f7b55d06a..6400c2582f 100644 --- a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt +++ b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt @@ -144,6 +144,7 @@ class Sep10ConfigTest { "stellar .org", "abc", "299.0.0.1", + "0123456789012345678901234567890123456789012345678912.stellar.org", "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org" ] ) From 2fad087e7a9388ab9d4dd4c75b225a290e32d0a8 Mon Sep 17 00:00:00 2001 From: Jamie Li Date: Tue, 13 Jun 2023 17:12:18 -0700 Subject: [PATCH 3/4] more fixes --- .../platform/config/PropertySep10Config.java | 47 +++++++++---------- .../anchor/platform/config/Sep10ConfigTest.kt | 4 +- 2 files changed, 25 insertions(+), 26 deletions(-) diff --git a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java index c67e6b7c7e..909de601e5 100644 --- a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java +++ b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java @@ -87,6 +87,18 @@ void validateConfig(Errors errors) { errors.rejectValue( "homeDomain", "home-domain-empty", "The sep10.home_domain is not defined."); } else { + try { + new ManageDataOperation.Builder(String.format("%s %s", homeDomain, "auth"), new byte[64]) + .build(); + } catch (IllegalArgumentException iaex) { + errors.rejectValue( + "homeDomain", + "sep10-home-domain-invalid", + format( + "The sep10.home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", + homeDomain, iaex)); + } + if (!NetUtil.isServerPortValid(homeDomain)) { errors.rejectValue( "homeDomain", @@ -96,6 +108,17 @@ void validateConfig(Errors errors) { } if (isNotEmpty(webAuthDomain)) { + try { + new ManageDataOperation.Builder(webAuthDomain, new byte[64]).build(); + } catch (IllegalArgumentException iaex) { + errors.rejectValue( + "webAuthDomain", + "sep10-web-auth-domain-invalid", + format( + "The sep10.web_auth_home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", + webAuthDomain, iaex)); + } + if (!NetUtil.isServerPortValid(webAuthDomain)) { errors.rejectValue( "webAuthDomain", @@ -117,30 +140,6 @@ void validateConfig(Errors errors) { "sep10-jwt-timeout-invalid", "The sep10.jwt_timeout must be greater than 0"); } - - byte[] nonce = new byte[64]; - - try { - new ManageDataOperation.Builder(String.format("%s %s", homeDomain, "auth"), nonce).build(); - } catch (IllegalArgumentException iaex) { - errors.rejectValue( - "homeDomain", - "sep10-home-domain-invalid", - format( - "The sep10.home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", - homeDomain, iaex)); - } - - try { - if (webAuthDomain != null) new ManageDataOperation.Builder(webAuthDomain, nonce).build(); - } catch (IllegalArgumentException iaex) { - errors.rejectValue( - "webAuthDomain", - "sep10-web-auth-domain-invalid", - format( - "The sep10.web_auth_home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", - webAuthDomain, iaex)); - } } void validateClientAttribution(Errors errors) { diff --git a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt index 6400c2582f..a41532ce17 100644 --- a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt +++ b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt @@ -141,11 +141,11 @@ class Sep10ConfigTest { @ValueSource( strings = [ + "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org", "stellar .org", "abc", "299.0.0.1", "0123456789012345678901234567890123456789012345678912.stellar.org", - "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org" ] ) fun `test invalid web auth domains`(value: String) { @@ -159,13 +159,13 @@ class Sep10ConfigTest { @ValueSource( strings = [ + "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-home-domain.stellar.org", "stellar .org", "abc", "299.0.0.1", "http://stellar.org", "https://stellar.org", "://stellar.org", - "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-home-domain.stellar.org" ] ) fun `test invalid home domains`(value: String) { From 73989f1ae8215579532b1bd05e12c87ebeae2bbf Mon Sep 17 00:00:00 2001 From: Jamie Li Date: Tue, 13 Jun 2023 17:19:09 -0700 Subject: [PATCH 4/4] improve tests --- .../platform/config/PropertySep10Config.java | 4 +- .../anchor/platform/config/Sep10ConfigTest.kt | 40 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java index 909de601e5..a566cf17b1 100644 --- a/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java +++ b/platform/src/main/java/org/stellar/anchor/platform/config/PropertySep10Config.java @@ -93,7 +93,7 @@ void validateConfig(Errors errors) { } catch (IllegalArgumentException iaex) { errors.rejectValue( "homeDomain", - "sep10-home-domain-invalid", + "sep10-home-domain-too-long", format( "The sep10.home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", homeDomain, iaex)); @@ -113,7 +113,7 @@ void validateConfig(Errors errors) { } catch (IllegalArgumentException iaex) { errors.rejectValue( "webAuthDomain", - "sep10-web-auth-domain-invalid", + "sep10-web-auth-domain-too-long", format( "The sep10.web_auth_home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s", webAuthDomain, iaex)); diff --git a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt index a41532ce17..be146ff5e8 100644 --- a/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt +++ b/platform/src/test/kotlin/org/stellar/anchor/platform/config/Sep10ConfigTest.kt @@ -7,6 +7,7 @@ import org.junit.jupiter.api.Assertions.* import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Test import org.junit.jupiter.params.ParameterizedTest +import org.junit.jupiter.params.provider.CsvSource import org.junit.jupiter.params.provider.MethodSource import org.junit.jupiter.params.provider.NullSource import org.junit.jupiter.params.provider.ValueSource @@ -138,41 +139,40 @@ class Sep10ConfigTest { } @ParameterizedTest - @ValueSource( - strings = + @CsvSource( + value = [ - "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org", - "stellar .org", - "abc", - "299.0.0.1", - "0123456789012345678901234567890123456789012345678912.stellar.org", + "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org,sep10-web-auth-domain-too-long", + "stellar .org,sep10-web-auth-domain-invalid", + "abc,sep10-web-auth-domain-invalid", + "299.0.0.1,sep10-web-auth-domain-invalid", ] ) - fun `test invalid web auth domains`(value: String) { + fun `test invalid web auth domains`(value: String, expectedErrorCode: String) { config.webAuthDomain = value config.validateConfig(errors) assertTrue(errors.hasErrors()) - assertErrorCode(errors, "sep10-web-auth-domain-invalid") + assertErrorCode(errors, expectedErrorCode) } @ParameterizedTest - @ValueSource( - strings = + @CsvSource( + value = [ - "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-home-domain.stellar.org", - "stellar .org", - "abc", - "299.0.0.1", - "http://stellar.org", - "https://stellar.org", - "://stellar.org", + "this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-home-domain.stellar.org,sep10-home-domain-too-long", + "stellar .org,sep10-home-domain-invalid", + "abc,sep10-home-domain-invalid", + "299.0.0.1,sep10-home-domain-invalid", + "http://stellar.org,sep10-home-domain-invalid", + "https://stellar.org,sep10-home-domain-invalid", + "://stellar.org,sep10-home-domain-invalid", ] ) - fun `test invalid home domains`(value: String) { + fun `test invalid home domains`(value: String, expectedErrorCode: String) { config.homeDomain = value config.validateConfig(errors) assertTrue(errors.hasErrors()) - assertErrorCode(errors, "sep10-home-domain-invalid") + assertErrorCode(errors, expectedErrorCode) } @Test