Create flag to force HTTPS of value of issuer on server startup, addresses #528

2014-10-03 18:48:42 -04:00 · 2014-10-03 18:48:42 -04:00 · 56e21d3c6c
parent b617fe0c4b
commit 56e21d3c6c
3 changed files with 110 additions and 4 deletions
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
@ -43,6 +43,8 @@ public class ConfigurationPropertiesBean {
 	private String logoImageUrl;
 	private Long regTokenLifeTime;
 	private boolean forceHttps;
 	public ConfigurationPropertiesBean() {
@ -50,11 +52,18 @@ public class ConfigurationPropertiesBean {
 	/**
 	 * Endpoints protected by TLS must have https scheme in the URI.
 	 * @throws HttpsUrlRequiredException 
 	 */
 	@PostConstruct
-	public void checkForHttps() {
+	public void checkForHttps() throws HttpsUrlRequiredException {
 		if (!StringUtils.startsWithIgnoreCase(issuer, "https")) {
-			logger.warn("Configured issuer url is not using https scheme.");
+			if (this.forceHttps) {
 				logger.warn("Configured issuer url is not using https scheme. This is not allowed!");
 				throw new HttpsUrlRequiredException(issuer);
 			}
 			else {
 				logger.warn("Configured issuer url is not using https scheme.");
 			}
 		}
 	}
@ -113,4 +122,12 @@ public class ConfigurationPropertiesBean {
 	public void setRegTokenLifeTime(Long regTokenLifeTime) {
 		this.regTokenLifeTime = regTokenLifeTime;
 	}
 	public boolean isForceHttps() {
 		return forceHttps;
 	}
 	public void setForceHttps(boolean forceHttps) {
 		this.forceHttps = forceHttps;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/config/HttpsUrlRequiredException.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/config/HttpsUrlRequiredException.java
@ -0,0 +1,27 @@
 package org.mitre.openid.connect.config;
 public class HttpsUrlRequiredException extends Exception {
 	/**
 	 * 
 	 */
 	private static final long serialVersionUID = 1318613592371145910L;
 	private String error;
 	/**
 	 * @param error
 	 */
 	public HttpsUrlRequiredException(String error) {
 		this.setError(error);
 	}
 	public String getError() {
 		return error;
 	}
 	public void setError(String error) {
 		this.error = error;
 	}
 	@Override
 	public String toString() {
 		return "HttpsUrlRequiredException [error=" + this.error + "]";
 	}
 }
--- a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java
+++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java
@ -20,15 +20,20 @@
 package org.mitre.openid.connect.config;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 /**
 * @author jricher
 *
 */
 public class ConfigurationPropertiesBeanTest {
-
+	
 	@Rule
 	public ExpectedException expectedException = ExpectedException.none();
 	/**
 	 * Test getters and setters for configuration object.
 	 */
@ -45,11 +50,68 @@ public class ConfigurationPropertiesBeanTest {
 		bean.setIssuer(iss);
 		bean.setTopbarTitle(title);
 		bean.setLogoImageUrl(logoUrl);
 		bean.setForceHttps(true);
 		assertEquals(iss, bean.getIssuer());
 		assertEquals(title, bean.getTopbarTitle());
 		assertEquals(logoUrl, bean.getLogoImageUrl());
-
+		assertEquals(true, bean.isForceHttps());
 	}
 	@Test
 	public void testCheckForHttps() throws HttpsUrlRequiredException {
 		ConfigurationPropertiesBean bean = new ConfigurationPropertiesBean();
 		// issuer is http
 		// leave as default, which is unset/false
 		try {
 			bean.checkForHttps();			
 		}
 		catch (HttpsUrlRequiredException e) {
 			fail("Unexpected HttpsUrlRequiredException for http issuer with default forceHttps, message:" + e.getError());
 		}
 		// set to false
 		try {
 		bean.setForceHttps(false);
 		bean.checkForHttps();
 		}
 		catch (HttpsUrlRequiredException e) {
 			fail("Unexpected HttpsUrlRequiredException for http issuer with forceHttps=false, message:" + e.getError());
 		}
 		// set to true
 		bean.setForceHttps(true);
 		this.expectedException.expect(HttpsUrlRequiredException.class);
 		bean.checkForHttps();
 		// issuer is https
 		// leave as default, which is unset/false
 		try {
 			bean.checkForHttps();			
 		}
 		catch (HttpsUrlRequiredException e) {
 			fail("Unexpected HttpsUrlRequiredException for https issuer with default forceHttps, message:" + e.getError());
 		}
 		// set to false
 		try {
 		bean.setForceHttps(false);
 		bean.checkForHttps();
 		}
 		catch (HttpsUrlRequiredException e) {
 			fail("Unexpected HttpsUrlRequiredException for https issuer with forceHttps=false, message:" + e.getError());
 		}
 		// set to true
 		try {
 		bean.setForceHttps(true);
 		bean.checkForHttps();
 		}
 		catch (HttpsUrlRequiredException e) {
 			fail("Unexpected HttpsUrlRequiredException for https issuer with forceHttps=true, message:" + e.getError());
 		}
 	}
 }