summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJonathan Gathman <jonathan.gathman@att.com>2018-05-10 22:36:29 +0000
committerGerrit Code Review <gerrit@onap.org>2018-05-10 22:36:29 +0000
commit4e11a5059e1e05c15332e93aeb8b107c3d2c5e34 (patch)
tree0107a342d6b04024d761dbd697701054e9cc0535
parentdc1338557a1cee4dbc8e171bd4e42e209fd84103 (diff)
parent2a6f896b520eb432d8ee541f9dd942d98608d3ca (diff)
Merge "Improve coverage of cadi-aaf"
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java54
-rw-r--r--cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java213
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java130
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java72
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java122
5 files changed, 453 insertions, 138 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
index 074b704b..2094948a 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -41,10 +41,10 @@ public class AAFTrustChecker implements TrustChecker {
private Lur lur;
/**
- *
+ *
* Instance will be replaced by Identity
- * @param lur
- *
+ * @param lur
+ *
* @param tag
* @param perm
*/
@@ -87,28 +87,30 @@ public class AAFTrustChecker implements TrustChecker {
@Override
public TafResp mayTrust(TafResp tresp, HttpServletRequest req) {
String user_info = req.getHeader(tag);
- if(user_info !=null ) {
- String[] info = Split.split(',', user_info);
- if(info.length>0) {
- String[] flds = Split.splitTrim(':',info[0]);
- if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS"
- String pn = tresp.getPrincipal().getName();
- if(pn.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept
- || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM
- return new TrustTafResp(tresp,
- new TrustPrincipal(tresp.getPrincipal(), flds[0]),
- " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ','
- );
- } else if(pn.equals(flds[0])) { // Ignore if same identity
- return tresp;
- } else {
- return new TrustNotTafResp(tresp, tresp.getPrincipal().getName() + " requested trust as "
- + flds[0] + ", but does not have Authorization");
- }
- }
- }
+ if (user_info == null) {
+ return tresp;
+ }
+
+ String[] info = Split.split(',', user_info);
+ String[] flds = Split.splitTrim(':', info[0]);
+ if (flds.length < 4) {
+ return tresp;
+ }
+ if (!("AS".equals(flds[3]))) { // is it set for "AS"
+ return tresp;
+ }
+
+ String principalName = tresp.getPrincipal().getName();
+ if(principalName.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept
+ || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM
+ String desc = " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',';
+ return new TrustTafResp(tresp, new TrustPrincipal(tresp.getPrincipal(), flds[0]), desc);
+ } else if(principalName.equals(flds[0])) { // Ignore if same identity
+ return tresp;
+ } else {
+ String desc = tresp.getPrincipal().getName() + " requested trust as " + flds[0] + ", but does not have Authorization";
+ return new TrustNotTafResp(tresp, desc);
}
- return tresp;
}
} \ No newline at end of file
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
index 0241fe5d..8948bc3c 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -41,106 +41,87 @@ import org.onap.aaf.cadi.util.MyConsole;
import org.onap.aaf.cadi.util.SubStandardConsole;
import org.onap.aaf.cadi.util.TheConsole;
-
public class AAFSSO {
- public static final MyConsole cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole();
-
+ public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole();
+ private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000;
+
private Properties diskprops = null; // use for temp storing User/Password on disk
- private File dot_aaf = null, sso=null; // instantiated, if ever, with diskprops
-
- boolean removeSSO=false;
+ private File dot_aaf = null;
+ private File sso = null; // instantiated, if ever, with diskprops
+
+ boolean removeSSO = false;
boolean loginOnly = false;
+ boolean doExit = true;
private PropAccess access;
private StringBuilder err;
- private String user,encrypted_pass;
+ private String user;
+ private String encrypted_pass;
private boolean use_X509;
- private PrintStream os, stdout=null,stderr=null;
+ private PrintStream os;
private Method close;
public AAFSSO(String[] args) throws IOException, CadiException {
- List<String> larg = new ArrayList<String>(args.length);
-
- // Cover for bash's need to escape *.. (\\*)
- // also, remove SSO if required
- for (int i = 0; i < args.length; ++i) {
- if ("\\*".equals(args[i])) {
- args[i] = "*";
- }
-
- if("-logout".equalsIgnoreCase(args[i])) {
- removeSSO=true;
- } else if("-login".equalsIgnoreCase(args[i])) {
- loginOnly = true;
- } else {
- larg.add(args[i]);
- }
- }
-
- String[] nargs = new String[larg.size()];
- larg.toArray(nargs);
+ String[] nargs = parseArgs(args);
- dot_aaf = new File(System.getProperty("user.home")+"/.aaf");
- if(!dot_aaf.exists()) {
+ dot_aaf = new File(System.getProperty("user.home") + "/.aaf");
+ if (!dot_aaf.exists()) {
dot_aaf.mkdirs();
}
- File f = new File(dot_aaf,"sso.out");
- os = new PrintStream(new FileOutputStream(f,true));
- stdout = System.out;
- stderr = System.err;
+ File f = new File(dot_aaf, "sso.out");
+ os = new PrintStream(new FileOutputStream(f, true));
System.setOut(os);
System.setErr(os);
- access = new PropAccess(os,nargs);
+ access = new PropAccess(os, nargs);
Config.setDefaultRealm(access);
user = access.getProperty(Config.AAF_APPID);
encrypted_pass = access.getProperty(Config.AAF_APPPASS);
-
- File dot_aaf_kf = new File(dot_aaf,"keyfile");
-
- sso = new File(dot_aaf,"sso.props");
- if(removeSSO) {
- if(dot_aaf_kf.exists()) {
- dot_aaf_kf.setWritable(true,true);
+
+ File dot_aaf_kf = new File(dot_aaf, "keyfile");
+
+ sso = new File(dot_aaf, "sso.props");
+ if (removeSSO) {
+ if (dot_aaf_kf.exists()) {
+ dot_aaf_kf.setWritable(true, true);
dot_aaf_kf.delete();
}
- if(sso.exists()) {
+ if (sso.exists()) {
sso.delete();
}
System.out.println("AAF SSO information removed");
- System.exit(0);
+ if (doExit) {
+ System.exit(0);
+ }
}
-
- if(!dot_aaf_kf.exists()) {
+
+ if (!dot_aaf_kf.exists()) {
FileOutputStream fos = new FileOutputStream(dot_aaf_kf);
try {
fos.write(Symm.keygen());
- dot_aaf_kf.setExecutable(false,false);
- dot_aaf_kf.setWritable(false,false);
- dot_aaf_kf.setReadable(false,false);
- dot_aaf_kf.setReadable(true, true);
+ setReadonly(dot_aaf_kf);
} finally {
fos.close();
}
}
String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props
- if(keyfile==null) {
+ if (keyfile == null) {
access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath());
}
-
+
String alias = access.getProperty(Config.CADI_ALIAS);
- if(user==null && alias!=null && access.getProperty(Config.CADI_KEYSTORE_PASSWORD)!=null) {
+ if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) {
user = alias;
access.setProperty(Config.AAF_APPID, user);
use_X509 = true;
} else {
use_X509 = false;
Symm decryptor = Symm.obtain(dot_aaf_kf);
- if (user==null) {
- if(sso.exists() && sso.lastModified()>System.currentTimeMillis()-(8*60*60*1000 /* 8 hours */)) {
+ if (user == null) {
+ if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) {
String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite...
FileInputStream fos = new FileInputStream(sso);
try {
@@ -148,9 +129,9 @@ public class AAFSSO {
user = access.getProperty(Config.AAF_APPID);
encrypted_pass = access.getProperty(Config.AAF_APPPASS);
// decrypt with .aaf, and re-encrypt with regular Keyfile
- access.setProperty(Config.AAF_APPPASS,
+ access.setProperty(Config.AAF_APPPASS,
access.encrypt(decryptor.depass(encrypted_pass)));
- if(cm_url!=null) { //Command line CM_URL Overwrites ssofile.
+ if (cm_url != null) { //Command line CM_URL Overwrites ssofile.
access.setProperty(Config.CM_URL, cm_url);
}
} finally {
@@ -160,22 +141,22 @@ public class AAFSSO {
diskprops = new Properties();
String realm = Config.getDefaultRealm();
// Turn on Console Sysout
- System.setOut(stdout);
- user=cons.readLine("aaf_id(%s@%s): ",System.getProperty("user.name"),realm);
- if(user==null) {
- user = System.getProperty("user.name")+'@'+realm;
- } else if(user.length()==0) { //
- user = System.getProperty("user.name")+'@' + realm;
- } else if(user.indexOf('@')<0 && realm!=null) {
- user = user+'@'+realm;
+ System.setOut(System.out);
+ user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm);
+ if (user == null) {
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if (user.length() == 0) { //
+ user = System.getProperty("user.name") + '@' + realm;
+ } else if ((user.indexOf('@') < 0) && (realm != null)) {
+ user = user + '@' + realm;
}
- access.setProperty(Config.AAF_APPID,user);
- diskprops.setProperty(Config.AAF_APPID,user);
+ access.setProperty(Config.AAF_APPID, user);
+ diskprops.setProperty(Config.AAF_APPID, user);
encrypted_pass = new String(cons.readPassword("aaf_password: "));
System.setOut(os);
- encrypted_pass = Symm.ENC+decryptor.enpass(encrypted_pass);
- access.setProperty(Config.AAF_APPPASS,encrypted_pass);
- diskprops.setProperty(Config.AAF_APPPASS,encrypted_pass);
+ encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass);
+ access.setProperty(Config.AAF_APPPASS, encrypted_pass);
+ diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass);
diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE));
}
}
@@ -183,8 +164,8 @@ public class AAFSSO {
if (user == null) {
err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> ");
}
-
- if (encrypted_pass == null && alias==null) {
+
+ if (encrypted_pass == null && alias == null) {
if (err == null) {
err = new StringBuilder();
} else {
@@ -193,42 +174,35 @@ public class AAFSSO {
err.append("-D" + Config.AAF_APPPASS + "=<passwd> ");
}
}
-
+
public void setLogDefault() {
- access.setLogLevel(PropAccess.DEFAULT);
- if(stdout!=null) {
- System.setOut(stdout);
- }
+ this.setLogDefault(PropAccess.DEFAULT);
}
public void setStdErrDefault() {
access.setLogLevel(PropAccess.DEFAULT);
- if(stderr!=null) {
- System.setErr(stderr);
- }
+ System.setErr(System.err);
}
public void setLogDefault(Level level) {
access.setLogLevel(level);
- if(stdout!=null) {
- System.setOut(stdout);
- }
+ System.setOut(System.out);
}
-
+
public boolean loginOnly() {
return loginOnly;
}
public void addProp(String key, String value) {
- if(diskprops!=null) {
+ if (diskprops != null) {
diskprops.setProperty(key, value);
}
}
-
+
public void writeFiles() throws IOException {
- // Store Creds, if they work
- if(diskprops!=null) {
- if(!dot_aaf.exists()) {
+ // Store Creds, if they work
+ if (diskprops != null) {
+ if (!dot_aaf.exists()) {
dot_aaf.mkdirs();
}
FileOutputStream fos = new FileOutputStream(sso);
@@ -236,18 +210,12 @@ public class AAFSSO {
diskprops.store(fos, "AAF Single Signon");
} finally {
fos.close();
- sso.setWritable(false,false);
- sso.setExecutable(false,false);
- sso.setReadable(false,false);
- sso.setReadable(true,true);
+ setReadonly(sso);
}
}
- if(sso!=null) {
- sso.setReadable(false,false);
- sso.setWritable(false,false);
- sso.setExecutable(false,false);
- sso.setReadable(true,true);
- sso.setWritable(true,true);
+ if (sso != null) {
+ setReadonly(sso);
+ sso.setWritable(true, true);
}
}
@@ -258,21 +226,21 @@ public class AAFSSO {
public StringBuilder err() {
return err;
}
-
+
public String user() {
return user;
}
-
+
public String enc_pass() {
return encrypted_pass;
}
-
+
public boolean useX509() {
return use_X509;
}
-
+
public void close() {
- if(close!=null) {
+ if (close != null) {
try {
close.invoke(null);
} catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
@@ -281,4 +249,37 @@ public class AAFSSO {
close = null;
}
}
+
+ private String[] parseArgs(String[] args)
+ {
+ List<String> larg = new ArrayList<String>(args.length);
+
+ // Cover for bash's need to escape *.. (\\*)
+ // also, remove SSO if required
+ for (int i = 0; i < args.length; ++i) {
+ if ("\\*".equals(args[i])) {
+ args[i] = "*";
+ }
+
+ if ("-logout".equalsIgnoreCase(args[i])) {
+ removeSSO = true;
+ } else if ("-login".equalsIgnoreCase(args[i])) {
+ loginOnly = true;
+ } else if ("-noexit".equalsIgnoreCase(args[i])) {
+ doExit = false;
+ } else {
+ larg.add(args[i]);
+ }
+ }
+ String[] nargs = new String[larg.size()];
+ larg.toArray(nargs);
+ return nargs;
+ }
+
+ private void setReadonly(File file) {
+ file.setExecutable(false, false);
+ file.setWritable(false, false);
+ file.setReadable(false, false);
+ file.setReadable(true, true);
+ }
}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java
new file mode 100644
index 00000000..1e469eca
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java
@@ -0,0 +1,130 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.aaf.v2_0.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.when;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.onap.aaf.cadi.Lur;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.taf.TafResp;
+import org.onap.aaf.cadi.taf.TrustNotTafResp;
+import org.onap.aaf.cadi.taf.TrustTafResp;
+import org.onap.aaf.misc.env.Env;
+
+public class JU_AAFTrustChecker {
+
+ private final static String type = "type";
+ private final static String instance = "instance";
+ private final static String action = "action";
+ private final static String key = type + '|' + instance + '|' + action;
+ private final static String name = "name";
+ private final static String otherName = "otherName";
+
+ private PropAccess access;
+
+ @Mock private Env envMock;
+ @Mock private TafResp trespMock;
+ @Mock private HttpServletRequest reqMock;
+ @Mock private TaggedPrincipal tpMock;
+ @Mock private Lur lurMock;
+ @Mock private TaggedPrincipal princMock;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.initMocks(this);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
+ }
+
+ @Test
+ public void test() {
+ AAFTrustChecker trustChecker;
+
+ // coverage calls
+ trustChecker = new AAFTrustChecker(access);
+ trustChecker = new AAFTrustChecker(envMock);
+
+ access.setProperty(Config.CADI_TRUST_PERM, "example");
+ when(envMock.getProperty(Config.CADI_TRUST_PERM)).thenReturn("example");
+ trustChecker = new AAFTrustChecker(access);
+ trustChecker = new AAFTrustChecker(envMock);
+
+ access.setProperty(Config.CADI_TRUST_PERM, key);
+ when(envMock.getProperty(Config.CADI_TRUST_PERM)).thenReturn(key);
+ trustChecker = new AAFTrustChecker(access);
+ trustChecker = new AAFTrustChecker(envMock);
+
+ trustChecker.setLur(lurMock);
+
+ assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock));
+
+ when(reqMock.getHeader(null)).thenReturn("comma,comma,comma");
+ assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock));
+
+ when(reqMock.getHeader(null)).thenReturn("colon:colon:colon:colon,comma,comma");
+ assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock));
+
+ when(reqMock.getHeader(null)).thenReturn("colon:colon:colon:AS,comma,comma");
+ when(trespMock.getPrincipal()).thenReturn(tpMock);
+ when(tpMock.getName()).thenReturn(name);
+ when(lurMock.fish(princMock, null)).thenReturn(true);
+ TafResp tntResp = trustChecker.mayTrust(trespMock, reqMock);
+
+ assertThat(tntResp instanceof TrustNotTafResp, is(true));
+ assertThat(tntResp.toString(), is("name requested trust as colon, but does not have Authorization"));
+
+ when(reqMock.getHeader(null)).thenReturn(name + ":colon:colon:AS,comma,comma");
+ assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock));
+
+ when(envMock.getProperty(Config.CADI_ALIAS, null)).thenReturn(name);
+ when(envMock.getProperty(Config.CADI_TRUST_PERM)).thenReturn(null);
+ trustChecker = new AAFTrustChecker(envMock);
+ trustChecker.setLur(lurMock);
+
+ when(trespMock.getPrincipal()).thenReturn(princMock);
+ when(princMock.getName()).thenReturn(otherName);
+ when(lurMock.fish(princMock, null)).thenReturn(true);
+ TafResp ttResp = trustChecker.mayTrust(trespMock, reqMock);
+ assertThat(ttResp instanceof TrustTafResp, is(true));
+ assertThat(ttResp.toString(), is(name + " by trust of " + name + " validated using colon by colon, null"));
+
+ when(princMock.getName()).thenReturn(name);
+ ttResp = trustChecker.mayTrust(trespMock, reqMock);
+ assertThat(ttResp instanceof TrustTafResp, is(true));
+ assertThat(ttResp.toString(), is(name + " by trust of " + name + " validated using colon by colon, null"));
+ }
+
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
index 861e32e0..6bbed0ed 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,18 +21,78 @@
package org.onap.aaf.cadi.oauth.test;
-import static org.hamcrest.CoreMatchers.*;
-import static org.junit.Assert.*;
-import org.junit.*;
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.when;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import java.io.IOException;
import java.io.StringReader;
+import java.nio.file.Files;
+import java.nio.file.Path;
import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.oauth.TokenPerm;
import org.onap.aaf.cadi.oauth.TokenPerm.LoadPermissions;
+import org.onap.aaf.cadi.persist.Persist;
+import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.rosetta.ParseException;
+import org.onap.aaf.misc.rosetta.env.RosettaDF;
+
+import aaf.v2_0.Perms;
+import aafoauth.v2_0.Introspect;
public class JU_TokenPerm {
+ private static final byte[] hash = "hashstring".getBytes();
+
+ private static final String clientId = "clientId";
+ private static final String username = "username";
+ private static final String token = "token";
+ private static final String scopes = "scopes";
+ private static final String content = "content";
+
+ private static final long expires = 10000L;
+
+ private static Path path;
+
+ @Mock private Persist<Introspect, ?> persistMock;
+ @Mock private RosettaDF<Perms> dfMock;
+ @Mock private Introspect introspectMock;
+
+ @Before
+ public void setup() throws IOException {
+ MockitoAnnotations.initMocks(this);
+
+ when(introspectMock.getExp()).thenReturn(expires);
+ when(introspectMock.getClientId()).thenReturn(clientId);
+ when(introspectMock.getUsername()).thenReturn(username);
+ when(introspectMock.getAccessToken()).thenReturn(token);
+ when(introspectMock.getScope()).thenReturn(scopes);
+ when(introspectMock.getExp()).thenReturn(expires);
+
+ path = Files.createTempFile("fake", ".txt");
+ }
+
+ @Test
+ public void tokenTest() throws APIException {
+ TokenPerm tokenPerm = new TokenPerm(persistMock, dfMock, introspectMock, hash, path);
+ assertThat(tokenPerm.perms().size(), is(0));
+ assertThat(tokenPerm.getClientId(), is(clientId));
+ assertThat(tokenPerm.getUsername(), is(username));
+ assertThat(tokenPerm.getToken(), is(token));
+ assertThat(tokenPerm.getScopes(), is(scopes));
+ assertThat(tokenPerm.getIntrospect(), is(introspectMock));
+
+ when(introspectMock.getContent()).thenReturn(content);
+ tokenPerm = new TokenPerm(persistMock, dfMock, introspectMock, hash, path);
+ }
+
@Test
public void test() throws ParseException {
String json;
@@ -132,5 +192,5 @@ public class JU_TokenPerm {
fail(e.getMessage());
}
}
-
+
}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java
new file mode 100644
index 00000000..34997fe6
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java
@@ -0,0 +1,122 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.sso.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.nullValue;
+import static org.junit.Assert.assertThat;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.sso.AAFSSO;
+
+public class JU_AAFSSO {
+
+ private static final String resourceDirString = "src/test/resources";
+ private static final String aafDir = resourceDirString + "/aaf";
+
+ private ByteArrayInputStream inStream;
+
+ @Before
+ public void setup() {
+ System.setProperty("user.home", aafDir);
+
+ // Simulate user input
+ inStream = new ByteArrayInputStream("test\npassword".getBytes());
+ System.setIn(inStream);
+ }
+
+ @After
+ public void tearDown() {
+ recursiveDelete(new File(aafDir));
+ }
+
+ @Test
+ public void test() throws IOException, CadiException {
+ AAFSSO sso;
+ String[] args;
+
+ args = new String[] {
+ "-login",
+ "-noexit",
+ };
+ sso = new AAFSSO(args);
+
+ assertThat(new File(aafDir).exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
+ assertThat(sso.loginOnly(), is(true));
+
+ assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(false));
+ sso.writeFiles();
+ assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true));
+
+ sso.setLogDefault();
+ sso.setStdErrDefault();
+
+ inStream.reset();
+ args = new String[] {
+ "-logout",
+ "\\*",
+ "-noexit",
+ };
+ sso = new AAFSSO(args);
+
+ assertThat(new File(aafDir).exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true));
+ assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true));
+ assertThat(sso.loginOnly(), is(false));
+
+ PropAccess access = sso.access();
+ assertThat(sso.enc_pass(), is(access.getProperty(Config.AAF_APPPASS)));
+ assertThat(sso.user(), is(access.getProperty(Config.AAF_APPID)));
+
+ sso.addProp("key", "value");
+ assertThat(sso.err(), is(nullValue()));
+
+ assertThat(sso.useX509(), is(false));
+
+ sso.close();
+ sso.close();
+ }
+
+ private void recursiveDelete(File file) {
+ for (File f : file.listFiles()) {
+ if (f.isDirectory()) {
+ recursiveDelete(f);
+ }
+ f.delete();
+ }
+ file.delete();
+ }
+
+}