From 47b127dbdb4a10d282be92f2ebbe646f8cf6b03e Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sergeyb@apache.org>
Date: Mon, 18 Nov 2013 14:02:07 +0000
Subject: [PATCH] [CXF-5390] DeflaterEncoderDecoder needs to throw the
 exception if the inflator can not finish the process

git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1543030 13f79535-47bb-0310-9956-ffa450edef68
---
 .../security/saml/DeflateEncoderDecoder.java  | 12 +++-
 .../saml/DeflateEncoderDecoderTest.java       | 66 +++++++++++++++++++
 .../jaxrs/security/saml/JAXRSSamlTest.java    | 19 ++++++
 3 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java

diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
index c15a5a54a83..05b6b18c877 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoder.java
@@ -38,6 +38,15 @@ public InputStream inflateToken(byte[] deflatedToken)
         while (!inflater.finished()) {
             inputLen = inflater.inflate(input);
             if (!inflater.finished()) {
+                
+                if (inputLen == 0) {
+                    if (inflater.needsInput()) {
+                        throw new DataFormatException("Inflater can not inflate all the token bytes");
+                    } else {
+                        break;
+                    }
+                }
+                
                 inflatedToken = new byte[input.length + inflatedLen];
                 System.arraycopy(input, 0, inflatedToken, inflatedLen, inputLen);
                 inflatedLen += inputLen;
@@ -57,9 +66,10 @@ public byte[] deflateToken(byte[] tokenBytes) {
         compresser.setInput(tokenBytes);
         compresser.finish();
         
-        byte[] output = new byte[tokenBytes.length];
+        byte[] output = new byte[tokenBytes.length * 2];
         
         int compressedDataLength = compresser.deflate(output);
+        
         byte[] result = new byte[compressedDataLength];
         System.arraycopy(output, 0, result, 0, compressedDataLength);
         return result;
diff --git a/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java b/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
new file mode 100644
index 00000000000..47de912502e
--- /dev/null
+++ b/rt/rs/security/xml/src/test/java/org/apache/cxf/rs/security/saml/DeflateEncoderDecoderTest.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.saml;
+
+import java.io.InputStream;
+import java.util.zip.DataFormatException;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.IOUtils;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+
+public class DeflateEncoderDecoderTest extends Assert {
+
+    @Test(expected = DataFormatException.class) 
+    public void testInvalidContent() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        inflater.inflateToken("invalid_grant".getBytes());
+    }
+    
+    @Test(expected = DataFormatException.class)
+    public void testInvalidContentAfterBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] base64decoded = Base64Utility.decode("invalid_grant");
+        inflater.inflateToken(base64decoded);
+    }
+    
+    @Test
+    public void testInflateDeflate() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        InputStream is = inflater.inflateToken(deflated);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+    
+    @Test
+    public void testInflateDeflateBase64() throws Exception {
+        DeflateEncoderDecoder inflater = new DeflateEncoderDecoder();
+        byte[] deflated = inflater.deflateToken("valid_grant".getBytes());
+        String base64String = Base64Utility.encode(deflated);
+        byte[] base64decoded = Base64Utility.decode(base64String);
+        InputStream is = inflater.inflateToken(base64decoded);
+        assertNotNull(is);
+        assertEquals("valid_grant", IOUtils.readStringFromStream(is));
+    }
+    
+}
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
index d0068f83617..7e7a88c23fa 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/JAXRSSamlTest.java
@@ -26,6 +26,7 @@
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.client.ClientException;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
@@ -74,6 +75,24 @@ public void testGetBookSAMLTokenAsHeader() throws Exception {
         
     }
     
+    @Test
+    public void testInvalidSAMLTokenAsHeader() throws Exception {
+        String address = "https://localhost:" + PORT + "/samlheader/bookstore/books/123";
+        
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+        
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSSamlTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        WebClient wc = bean.createWebClient();
+        wc.header("Authorization", "SAML invalid_grant");
+        Response r = wc.get();
+        assertEquals(401, r.getStatus());
+    }
+    
     @Test
     public void testGetBookSAMLTokenInForm() throws Exception {
         String address = "https://localhost:" + PORT + "/samlform/bookstore/books";