From 80ff9857f005e89350848b1a2e5c22766615de32 Mon Sep 17 00:00:00 2001
From: John Gasper <jgasper@unicon.net>
Date: Wed, 5 Mar 2014 10:17:59 -0800
Subject: [PATCH] Added support for having regex expressions in the proxy
 (chaining) list.

---
 .../cas/client/validation/ProxyList.java      | 19 +++++++++++
 .../Cas20ProxyTicketValidatorTests.java       | 32 +++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/ProxyList.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/ProxyList.java
index 3585d5b..7baaa56 100644
--- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/ProxyList.java
+++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/ProxyList.java
@@ -27,6 +27,7 @@ import org.jasig.cas.client.util.CommonUtils;
  * Holding class for the proxy list to make Spring configuration easier.
  *
  * @author Scott Battaglia
+ * @author John Gasper
  * @version $Revision$ $Date$
  * @since 3.1.3
  */
@@ -47,6 +48,24 @@ public final class ProxyList {
         for (final String[] list : this.proxyChains) {
             if (Arrays.equals(proxiedList, list)) {
                 return true;
+            } else {
+                //strings might be regex, so check for each string
+                if (list.length == proxiedList.length) {
+                    boolean passed = false;
+                    
+                    for (int i=0; i<list.length; i++) {
+                        String pattern = list[i];
+                        if ((pattern.startsWith("^") && proxiedList[i].matches(pattern))
+                            || pattern.equals(proxiedList[i])) {
+                            passed = true;
+                        } else {
+                            break;
+                        }
+                    }
+                    if (passed == true) {
+                        return true;
+                    }
+                }
             }
         }
 
diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java
index 4701107..234bb9d 100644
--- a/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java
+++ b/cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java
@@ -35,6 +35,7 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
  * Test cases for the {@link Cas20ProxyTicketValidator}.
  *
  * @author Scott Battaglia
+ * @author John Gasper
  * @version $Revision: 11737 $ $Date: 2007-10-03 09:14:02 -0400 (Tue, 03 Oct 2007) $
  * @since 3.0
  */
@@ -105,6 +106,37 @@ public final class Cas20ProxyTicketValidatorTests extends AbstractTicketValidato
         }
     }
 
+    @Test
+    public void testRegexProxyChainWithValidProxy() throws TicketValidationException, UnsupportedEncodingException {
+        final List<String[]> list = new ArrayList<String[]>();
+        list.add(new String[] { "proxy1", "proxy2", "^proxy3/[a-z]*/" });
+        this.ticketValidator.setAllowedProxyChains(new ProxyList(list));
+        
+        final String USERNAME = "username";
+        final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3/abc/</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>";
+        server.content = RESPONSE.getBytes(server.encoding);
+        
+        final Assertion assertion = this.ticketValidator.validate("test", "test");
+        assertEquals(USERNAME, assertion.getPrincipal().getName());
+    }
+    
+    @Test
+    public void testRegexProxyChainWithInvalidProxy() throws TicketValidationException, UnsupportedEncodingException {
+        final List<String[]> list = new ArrayList<String[]>();
+        list.add(new String[] { "proxy1", "proxy2", "^proxy3/[a-z]*/" });
+        this.ticketValidator.setAllowedProxyChains(new ProxyList(list));
+        
+        final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy/ABC/</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>";
+        server.content = RESPONSE.getBytes(server.encoding);
+        
+        try {
+            this.ticketValidator.validate("test", "test");
+            fail("Invalid proxy chain");
+        } catch (InvalidProxyChainTicketValidationException e) {
+            // expected
+        }
+    }
+    
     @Test
     public void testConstructionFromSpringBean() throws TicketValidationException, UnsupportedEncodingException {
         final ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext(