DS-1235 IP authentication configuration does not apply netmask and CIDR ranges correctly

dspace-api/src/test/java/org/dspace/authenticate/IPMatcherTest.java

@@ -10,16 +10,20 @@
  */
 package org.dspace.authenticate;
 
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
 import org.dspace.AbstractUnitTest;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
+import java.util.ArrayList;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
 /**
  * @author Mark Wood
+ * @author Ben Bosman
+ * @author Roeland Dillen
  */
 public class IPMatcherTest extends AbstractUnitTest
 {
@@ -27,6 +31,8 @@ public class IPMatcherTest extends AbstractUnitTest
     private static final String IP6_FULL_ADDRESS2 = "2001:18e8:3:171:218:8bff:fe2a:56a3";
     private static final String IP6_MASKED_ADDRESS = "2001:18e8:3::/48";
 
+    private final static int increment = 6;
+
     private static IPMatcher ip6FullMatcher;
     private static IPMatcher ip6MaskedMatcher;
 
@@ -116,7 +122,221 @@ public class IPMatcherTest extends AbstractUnitTest
         assertTrue("IPv6 masked match fails", ip6MaskedMatcher
                 .match(IP6_FULL_ADDRESS2));
     }
-    
+
+    @Test
+    public void testIPv4MatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("1.1.1.1");
+
+        assertTrue(ipMatcher.match("1.1.1.1"));
+        ArrayList<String> exceptions = new ArrayList<String>();
+        exceptions.add("1.1.1.1");
+        verifyAllIp4Except(exceptions, false, ipMatcher);
+    }
+
+    @Test
+    public void testIPv4MatchingFailure() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("1.1.1.1");
+
+        assertFalse(ipMatcher.match("1.1.1.0"));
+    }
+
+    @Test
+    public void testIPv6MatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("::2");
+
+        assertTrue(ipMatcher.match("0:0:0:0:0:0:0:2"));
+    }
+
+    @Test
+    public void testShortFormIPv6MatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("::2");
+
+        assertTrue(ipMatcher.match("::2"));
+    }
+
+    @Test
+    public void testIPv6MatchingFailure() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("::2");
+
+        assertFalse(ipMatcher.match("0:0:0:0:0:0:0:1"));
+    }
+
+
+
+    @Test
+    public void testAsteriskMatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("172.16");
+
+        assertTrue(ipMatcher.match("172.16.1.1"));
+    }
+
+    @Test
+    public void testAsteriskMatchingFailure() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("172.16");
+
+        assertFalse(ipMatcher.match("172.15.255.255"));
+    }
+
+    @Test
+    public void testIPv4CIDRMatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("192.1.2.3/8");
+
+        assertTrue(ipMatcher.match("192.1.1.1"));
+    }
+
+    @Test
+    public void testIPv4CIDRMatchingFailure() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("192.1.2.3/8");
+
+        assertTrue(ipMatcher.match("192.2.0.0"));
+    }
+
+    @Test
+    public void test2IPv4CIDRMatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("192.86.100.72/29");
+
+        assertTrue(ipMatcher.match("192.86.100.75"));
+        assertFalse(ipMatcher.match("192.86.100.71"));
+        assertFalse(ipMatcher.match("192.86.100.80"));
+        ArrayList<String> exceptions = new ArrayList<String>();
+        exceptions.add("192.86.100.72");
+        exceptions.add("192.86.100.73");
+        exceptions.add("192.86.100.74");
+        exceptions.add("192.86.100.75");
+        exceptions.add("192.86.100.76");
+        exceptions.add("192.86.100.77");
+        exceptions.add("192.86.100.78");
+        exceptions.add("192.86.100.79");
+        verifyAllIp4Except(exceptions, false, ipMatcher);
+    }
+
+    @Test
+    public void test3IPv4CIDRMatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("192.86.100.72/255.255.255.248");
+
+        assertTrue(ipMatcher.match("192.86.100.75"));
+        assertFalse(ipMatcher.match("192.86.100.71"));
+        assertFalse(ipMatcher.match("192.86.100.80"));
+        ArrayList<String> exceptions = new ArrayList<String>();
+        exceptions.add("192.86.100.72");
+        exceptions.add("192.86.100.73");
+        exceptions.add("192.86.100.74");
+        exceptions.add("192.86.100.75");
+        exceptions.add("192.86.100.76");
+        exceptions.add("192.86.100.77");
+        exceptions.add("192.86.100.78");
+        exceptions.add("192.86.100.79");
+        verifyAllIp4Except(exceptions, false, ipMatcher);
+    }
+
+    @Test
+    public void testIPv6CIDRMatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("0:0:0:1::/64");
+
+        assertTrue(ipMatcher.match("0:0:0:1:ffff:ffff:ffff:ffff"));
+    }
+
+    @Test
+    public void testIPv6CIDRMatchingFailure() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("0:0:0:1::/64");
+
+        assertFalse(ipMatcher.match("0:0:0:2::"));
+    }
+
+
+
+    @Test
+    public void testIPv4IPv6Matching() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("0.0.0.1");
+
+        assertTrue(ipMatcher.match("::1"));
+    }
+
+
+
+    @Test
+    public void testSubnetZeroIPv6CIDRMatching() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("::1/0");
+
+        assertTrue(ipMatcher.match("::2"));
+    }
+
+    @Test
+    public void testAllOnesSubnetIPv4CIDRMatchingSuccess() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("192.1.2.3/32");
+
+        assertTrue(ipMatcher.match("192.1.2.3"));
+    }
+
+    @Test
+    public void testAllOnesSubnetIPv4CIDRMatchingFailure() throws Exception
+    {
+        final IPMatcher ipMatcher = new IPMatcher("192.1.2.3/32");
+
+        assertFalse(ipMatcher.match("192.1.2.2"));
+    }
+
+
+
+    private ArrayList<String> getAllIp4Except(ArrayList<String> exceptions) {
+        int d1 = 0, d2 = 0, d3 = 0, d4 = 0;
+        ArrayList<String> ips = new ArrayList<String>();
+        for (d1 = 0; d1 <= 255; d1+=increment)
+            for (d2 = 0; d2 <= 255; d2+=increment)
+                for (d3 = 0; d3 <= 255; d3+=increment)
+                    for (d4 = 0; d4 <= 255; d4+=increment) {
+                        String IP = d1+"."+d2+"."+d3+"."+d4;
+                        if (exceptions == null || !exceptions.contains(IP)) {
+                            ips.add(IP);
+                        }
+                    }
+        return ips;
+    }
+
+    private void verifyAllIp4Except(ArrayList<String> exceptions, boolean asserted, IPMatcher ipMatcher) throws IPMatcherException {
+        int d1 = 0, d2 = 0, d3 = 0, d4 = 0;
+        for (d1 = 0; d1 <= 255; d1+=increment)
+            for (d2 = 0; d2 <= 255; d2+=increment)
+                for (d3 = 0; d3 <= 255; d3+=increment)
+                    for (d4 = 0; d4 <= 255; d4+=increment) {
+                        String IP = d1+"."+d2+"."+d3+"."+d4;
+                        if (exceptions != null && exceptions.contains(IP)) {
+                            if (asserted) {
+                                assertFalse(ipMatcher.match(IP));
+                            } else {
+                                assertTrue(ipMatcher.match(IP));
+                            }
+                        } else {
+                            if (asserted) {
+                                assertTrue(ipMatcher.match(IP));
+                            } else {
+                                assertFalse(ipMatcher.match(IP));
+                            }
+                        }
+
+                    }
+    }
+
+
+
+
+
     @AfterClass
     static public void cleanup()
     {