Improve coverage of cadi-aaf

Issue-ID: AAF-223
Change-Id: Ic5443be3f6fc08d7401136b9f235a4050b5d3ee5
Signed-off-by: IanHowell <ian.howell@att.com>

9 files changed, 596 insertions, 168 deletions

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
index b3f0c4bb..37fb859e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/AAFPermission.java
@@ -71,24 +71,28 @@ public class AAFPermission implements Permission {
 	 * If you want a simple field comparison, it is faster without REGEX
 	 */
 	public boolean match(Permission p) {
+		boolean rv;
+		String aafType;
+		String aafInstance;
+		String aafAction;
 		if(p instanceof AAFPermission) {
 			AAFPermission ap = (AAFPermission)p;
 			// Note: In AAF > 1.0, Accepting "*" from name would violate multi-tenancy
 			// Current solution is only allow direct match on Type.
 			// 8/28/2014 Jonathan - added REGEX ability
-			if(type.equals(ap.getName()))  
-				if(PermEval.evalInstance(instance,ap.getInstance()))
-					if(PermEval.evalAction(action,ap.getAction()))
-						return true;
+			aafType = ap.getName();
+			aafInstance = ap.getInstance();
+			aafAction = ap.getAction();
 		} else {
 			// Permission is concatenated together: separated by |
 			String[] aaf = p.getKey().split("[\\s]*\\|[\\s]*",3);
-			if(aaf.length>0 && type.equals(aaf[0]))
-				if(PermEval.evalInstance(instance,aaf.length>1?aaf[1]:"*"))
-					if(PermEval.evalAction(action,aaf.length>2?aaf[2]:"*"))
-						return true;
-		}				
-		return false;
+			aafType = aaf[0];
+			aafInstance = (aaf.length > 1) ? aaf[1] : "*";
+			aafAction = (aaf.length > 2) ? aaf[2] : "*";
+		}
+		return ((type.equals(aafType)) &&
+				(PermEval.evalInstance(instance, aafInstance)) &&
+				(PermEval.evalAction(action, aafAction)));
 	}
 
 	public String getName() {
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
index aa65504d..75df4eab 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -28,121 +28,113 @@ public class PermEval {
 	public static final char START_REGEX_CHAR = '!';
 	public static final char START_INST_KEY_CHAR=':';
 	public static final char ALT_START_INST_KEY_CHAR='/';
-	
+
 	public static final char LIST_SEP = ',';
 	public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();
 	public static final String ASTERIX = "*";
-	
+
 	/**
 	 * Evaluate Instance
-	 * 
-	 * Instance can be more complex.  It can be a string, a Regular Expression, or a ":" separated Key 
+	 *
+	 * Instance can be more complex.  It can be a string, a Regular Expression, or a ":" separated Key
 	 * who's parts can also be a String, Regular Expression.
-	 * 
+	 *
 	 * sInst = Server's Instance
 	 * In order to prevent false matches, keys must be the same length to count as equal
 	 * Changing this will break existing users, like Cassandra.  Jonathan 9-4-2015
 	 */
-	 public static boolean evalInstance(String sInst, String pInst) {
-		 if(sInst==null || pInst == null) {
-			 return false;
-		 }
-		  if(ASTERIX.equals(sInst)) {
-			  return true;			// If Server's String is "*", then it accepts every Instance
-		  }
-		  char firstChar = pInst.charAt(0);
-		  char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;
-		  switch(pInst.charAt(0)) {  						// First char
-		  	case START_REGEX_CHAR:							// Evaluate as Regular Expression
-		  		String pItem = pInst.substring(1);
-  			    for(String sItem : Split.split(LIST_SEP,sInst)) {		// allow for "," definition in Action
-  			    	return sItem.matches(pItem);
-  			    }
-  			 
-		  	case START_INST_KEY_CHAR:						// Evaluate a special Key field, i.e.:xyz:*:!df.*
-		  	case ALT_START_INST_KEY_CHAR:					// Also allow '/' as special Key Field, i.e. /xyz/*/!.*
-		  		if(sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
-		  			String[] skeys=Split.split(startChar,sInst);
-		  			String[] pkeys=Split.split(startChar,pInst);
-		  			if(skeys.length!=pkeys.length) return false;
-		  			
-		  			boolean pass = true;
-		  			for(int i=1;pass && i<skeys.length;++i) {  				// We start at 1, because the first one, being ":" is always ""
-		  				if(ASTERIX.equals(skeys[i]))continue;   			// Server data accepts all for this key spot
-		  				pass = false;
-		  			    for(String sItem : Split.split(LIST_SEP,skeys[i])) {		// allow for "," definition in Action
-			  				if(pkeys[i].length()==0) {
-			  					if(pass=sItem.length()==0) {
-			  						break;  								// Both Empty, keep checking
-			  					}
-//			  				} else if(pkeys[i].charAt(0)==START_REGEX_CHAR) { 
-//			  					if(pass=sItem.matches(pkeys[i].substring(1))) {
-//			  						break;  								// Matches, keep checking
-//			  					}
-			  				} else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
-			  					if(pass=pkeys[i].matches(sItem.substring(1))) {
-			  						break;  								// Matches, keep checking
-			  					}
-			  				} else if(skeys[i].endsWith(ASTERIX)) {
-			  					if(pass=endAsterixCompare(skeys[i],pkeys[i])) {
-			  						break;
-			  					}
-			  				} else {
-			  					if(pass=sItem.equals(pkeys[i]))
-			  						break;   								// Equal, keep checking
-			  				}
-		  			    }
-		  			}
-		  			return pass; 											// return whether passed all key checks
-		  		}
-		  		return false; 								// if first chars aren't the same, further String compare not necessary
-		  	default:										// Evaluate as String Compare
-  			    for(String sItem : Split.split(LIST_SEP,sInst)) {	// allow for "," separator //TODO is this only for actions?
-  			    	if(sItem.endsWith(ASTERIX)) {
-  			    		if(endAsterixCompare(sInst, pInst));
-  			    	} else if(sItem.equals(pInst)) {
-  			    		return true;
-  			    	}
-  			    }
-  			    return false;
-		  }
-	 }
-	 
+	public static boolean evalInstance(String sInst, String pInst) {
+		if(sInst == null || pInst == null) {
+			return false;
+		}
+		if (sInst == "" || pInst == "") {
+			return false;
+		}
+		if(ASTERIX.equals(sInst)) {
+			return true;			// If Server's String is "*", then it accepts every Instance
+		}
+		char firstChar = pInst.charAt(0);
+		char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;
+		switch(pInst.charAt(0)) {  						// First char
+			case START_REGEX_CHAR:							// Evaluate as Regular Expression
+				String pItem = pInst.substring(1);
+				String first = Split.split(LIST_SEP,sInst)[0]; 		// allow for "," definition in Action
+				return first.matches(pItem);
+
+			case START_INST_KEY_CHAR:						// Evaluate a special Key field, i.e.:xyz:*:!df.*
+			case ALT_START_INST_KEY_CHAR:					// Also allow '/' as special Key Field, i.e. /xyz/*/!.*
+				if(sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
+					String[] skeys=Split.split(startChar,sInst);
+					String[] pkeys=Split.split(startChar,pInst);
+					if(skeys.length!=pkeys.length) return false;
+
+					boolean pass = true;
+					for(int i=1;pass && i<skeys.length;++i) {  				// We start at 1, because the first one, being ":" is always ""
+						if(ASTERIX.equals(skeys[i]))continue;   			// Server data accepts all for this key spot
+						pass = false;
+						for(String sItem : Split.split(LIST_SEP,skeys[i])) {		// allow for "," definition in Action
+							if(pkeys[i].length()==0) {
+								if(pass=sItem.length()==0) {
+									break;  								// Both Empty, keep checking
+								}
+							} else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
+								if(pass=pkeys[i].matches(sItem.substring(1))) {
+									break;  								// Matches, keep checking
+								}
+							} else if(skeys[i].endsWith(ASTERIX)) {
+								if(pass=endAsterixCompare(skeys[i],pkeys[i])) {
+									break;
+								}
+							} else if(pass=sItem.equals(pkeys[i])) {
+								break;   								// Equal, keep checking
+							}
+						}
+					}
+					return pass; 											// return whether passed all key checks
+				}
+				return false; 								// if first chars aren't the same, further String compare not necessary
+			default:										// Evaluate as String Compare
+				for(String sItem : Split.split(LIST_SEP,sInst)) {	// allow for "," separator //TODO is this only for actions?
+					if((sItem.endsWith(ASTERIX)) && (endAsterixCompare(sInst, pInst))) {
+						return true;
+					} else if(sItem.equals(pInst)) {
+						return true;
+					}
+				}
+				return false;
+		}
+	}
+
 	 private static boolean endAsterixCompare(String sInst, String pInst) {
-			final int len = sInst.length()-1;
-			if(pInst.length()<len) {
+		final int len = sInst.length()-1;
+		if(pInst.length()<len) {
+			return false;
+		}
+		for(int j=0;j<len;++j) {
+			if(pInst.charAt(j)!=sInst.charAt(j)) {
 				return false;
 			}
-			for(int j=0;j<len;++j) {
-				if(pInst.charAt(j)!=sInst.charAt(j)) {
-					return false;
-				}
-			}
-			return true;
+		}
+		return true;
 	}
 
 	/**
-	  * Evaluate Action
-	  * 
-	  * sAction = Stored Action...
-	  * pAction = Present Action... the Permission to validate against.
-	  * Action is not quite as complex.  But we write it in this function so it can be consistent
-	  */
-	  public static boolean evalAction(String sAction,String pAction) {
-		  if(ASTERIX.equals(sAction))return true;  		     // If Server's String is "*", then it accepts every Action
-		  for(String sItem : Split.split(LIST_SEP,sAction)) {		 // allow for "," definition in Action
-			  if (pAction.charAt(0)==START_REGEX_CHAR?       // First char
-				      sItem.matches(pAction.substring(1)):   // Evaluate as Regular Expression
-				      sItem.equals(pAction))                 // Evaluate as String Compare
-				  		return true;
-		  }		
-		  return false;
-	  }
-	 
-	  /**
-	   * Split.split by Char
-	   * 
-	   * Note: I read the String Split.split and Pattern Split.split code, and we can do this more efficiently for a single Character
-	   */
+	 * Evaluate Action
+	 *
+	 * sAction = Stored Action...
+	 * pAction = Present Action... the Permission to validate against.
+	 * Action is not quite as complex.  But we write it in this function so it can be consistent
+	 */
+	public static boolean evalAction(String sAction,String pAction) {
+		if(ASTERIX.equals(sAction))return true;  		     // If Server's String is "*", then it accepts every Action
+		if(pAction == "") return false;
+		for(String sItem : Split.split(LIST_SEP,sAction)) {		 // allow for "," definition in Action
+			if (pAction.charAt(0)==START_REGEX_CHAR?       // First char
+					sItem.matches(pAction.substring(1)):   // Evaluate as Regular Expression
+					sItem.equals(pAction))                 // Evaluate as String Compare
+				return true;
+		}
+		return false;
+	}
 
 }
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/client/JU_ErrMessageTest.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/client/JU_ErrMessageTest.java
index 15e11627..7094b1a6 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/client/JU_ErrMessageTest.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/client/JU_ErrMessageTest.java
@@ -24,6 +24,9 @@ package org.onap.aaf.cadi.aaf.client;
 import static org.junit.Assert.assertEquals;
 import static org.mockito.Mockito.when;
 
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Answers;
@@ -54,6 +57,8 @@ public class JU_ErrMessageTest {
 	private Error error;
 
 	private Future<?> future;
+
+	private ByteArrayOutputStream errStream;
 	
 	@Before
 	public void setUp() throws Exception {
@@ -89,14 +94,15 @@ public class JU_ErrMessageTest {
 		error.setText("Error Text");
 		errMessage = new ErrMessage(env);
 		
-		
+		errStream = new ByteArrayOutputStream();
 	}
 
 	@Test
 	public void testPrintErrMessage() throws APIException {
 		when(errDF.newData().in(TYPE.JSON).load(attErrJson).asObject()).thenReturn(error);
 		
-		errMessage.printErr(System.out, attErrJson);
+		errMessage.printErr(new PrintStream(errStream), attErrJson);
+		assertEquals("Error Message Id Error Text\n", errStream.toString());
 	}
 	
 	@Test
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
new file mode 100644
index 00000000..10958a23
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_AAFPermission.java
@@ -0,0 +1,140 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ *  * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+
+package org.onap.aaf.cadi.aaf.test;
+
+import static org.junit.Assert.*;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.hamcrest.CoreMatchers.*;
+import org.junit.*;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+
+public class JU_AAFPermission {
+
+	private final static String type = "type";
+	private final static String instance = "instance";
+	private final static String action = "action";
+	private final static String key = type + '|' + instance + '|' + action;
+	private final static String role = "role";
+
+	private static List<String> roles;
+
+	@Before
+	public void setup() {
+		roles = new ArrayList<String>();
+		roles.add(role);
+	}
+
+	@Test
+	public void constructor1Test() {
+		AAFPermission perm = new AAFPermission(type, instance, action);
+		assertThat(perm.getName(), is(type));
+		assertThat(perm.getInstance(), is(instance));
+		assertThat(perm.getAction(), is(action));
+		assertThat(perm.getKey(), is(key));
+		assertThat(perm.permType(), is("AAF"));
+		assertThat(perm.roles().size(), is(0));
+		assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+										"\n\tInstance: " + instance +
+										"\n\tAction: " + action +
+										"\n\tKey: " + key));
+	}
+
+	@Test
+	public void constructor2Test() {
+		AAFPermission perm;
+
+		perm = new AAFPermission(type, instance, action, null);
+		assertThat(perm.getName(), is(type));
+		assertThat(perm.getInstance(), is(instance));
+		assertThat(perm.getAction(), is(action));
+		assertThat(perm.getKey(), is(key));
+		assertThat(perm.permType(), is("AAF"));
+		assertThat(perm.roles().size(), is(0));
+		assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+										"\n\tInstance: " + instance +
+										"\n\tAction: " + action +
+										"\n\tKey: " + key));
+
+		perm = new AAFPermission(type, instance, action, roles);
+		assertThat(perm.getName(), is(type));
+		assertThat(perm.getInstance(), is(instance));
+		assertThat(perm.getAction(), is(action));
+		assertThat(perm.getKey(), is(key));
+		assertThat(perm.permType(), is("AAF"));
+		assertThat(perm.roles().size(), is(1));
+		assertThat(perm.roles().get(0), is(role));
+		assertThat(perm.toString(), is("AAFPermission:\n\tType: " + type +
+										"\n\tInstance: " + instance +
+										"\n\tAction: " + action +
+										"\n\tKey: " + key));
+	}
+
+	@Test
+	public void matchTest() {
+		final AAFPermission controlPermission = new AAFPermission(type, instance, action);
+		PermissionStub perm;
+		AAFPermission aafperm;
+
+		aafperm = new AAFPermission(type, instance, action);
+		assertThat(controlPermission.match(aafperm), is(true));
+
+		perm = new PermissionStub(key);
+		assertThat(controlPermission.match(perm), is(true));
+
+		// Coverage tests
+		perm = new PermissionStub("not a valid key");
+		assertThat(controlPermission.match(perm), is(false));
+		perm = new PermissionStub("type");
+		assertThat(controlPermission.match(perm), is(false));
+		perm = new PermissionStub("type|instance|badAction");
+		assertThat(controlPermission.match(perm), is(false));
+	}
+
+	@Test
+	public void coverageTest() {
+		AAFPermissionStub aafps = new AAFPermissionStub();
+		assertThat(aafps.getName(), is(nullValue()));
+		assertThat(aafps.getInstance(), is(nullValue()));
+		assertThat(aafps.getAction(), is(nullValue()));
+		assertThat(aafps.getKey(), is(nullValue()));
+		assertThat(aafps.permType(), is("AAF"));
+		assertThat(aafps.roles().size(), is(0));
+	}
+
+	private class PermissionStub implements Permission {
+		private String key;
+
+		public PermissionStub(String key) { this.key = key; }
+		@Override public String permType() { return null; }
+		@Override public String getKey() { return key; }
+		@Override public boolean match(Permission p) { return false; }
+	}
+
+	private class AAFPermissionStub extends AAFPermission {
+
+	}
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java
index 29ce7412..9433cef1 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/test/JU_PermEval.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,40 +22,131 @@
 package org.onap.aaf.cadi.aaf.test;
 
 import static org.junit.Assert.*;
+import static org.hamcrest.CoreMatchers.*;
+import org.junit.*;
 
-import org.junit.AfterClass;
-import org.junit.Test;
 import org.onap.aaf.cadi.aaf.PermEval;
 
 public class JU_PermEval {
 
-	@AfterClass
-	public static void tearDownAfterClass() throws Exception {
+	@Test
+	public void instanceNullTest() {
+		assertThat(PermEval.evalInstance(null, null), is(false));
+		assertThat(PermEval.evalInstance(null, "test"), is(false));
+		assertThat(PermEval.evalInstance("test", null), is(false));
 	}
 
 	@Test
-	public void test() {
-		// TRUE
-		assertTrue(PermEval.evalAction("fred","fred"));
-		assertTrue(PermEval.evalAction("fred,wilma","fred"));
-		assertTrue(PermEval.evalAction("barney,betty,fred,wilma","fred"));
-		assertTrue(PermEval.evalAction("*","fred"));
-		
-		assertTrue(PermEval.evalInstance("fred","fred"));
-		assertTrue(PermEval.evalInstance("fred,wilma","fred"));
-		assertTrue(PermEval.evalInstance("barney,betty,fred,wilma","fred"));
+	public void instanceEmptyTest() {
+		assertThat(PermEval.evalInstance("", ""), is(false));
+		assertThat(PermEval.evalInstance("", "test"), is(false));
+		assertThat(PermEval.evalInstance("test", ""), is(false));
+	}
+
+	@Test
+	public void instanceAsterixTest() {
+		assertThat(PermEval.evalInstance("*", "*"), is(true));
 		assertTrue(PermEval.evalInstance("*","fred"));
-		
+	}
+
+	@Test
+	public void instanceRegexTest() {
+		assertThat(PermEval.evalInstance("test", "!test"), is(true));
+		assertThat(PermEval.evalInstance(",", "!"), is(true));
+		assertThat(PermEval.evalInstance("test,test", "!test"), is(true));
+
+		assertThat(PermEval.evalInstance("test", "!"), is(false));
+		assertThat(PermEval.evalInstance("test", "!mismatch"), is(false));
+		assertThat(PermEval.evalInstance("test,mismatch", "!mismatch"), is(false));
+	}
+
+	@Test
+	public void instanceKeyTest() {
+		// Reject non-keys
+		assertThat(PermEval.evalInstance("fred", ":fred"), is(false));
+
+		// Reject differing number of keys
+		assertThat(PermEval.evalInstance(":fred:barney", ":fred"), is(false));
+		assertThat(PermEval.evalInstance(":fred", ":fred:barney"), is(false));
+
+		// Accept all wildcard keys
+		assertThat(PermEval.evalInstance(":*", ":fred"), is(true));
+
+		// Accept matching empty keys
+		assertThat(PermEval.evalInstance(":", ":"), is(true));
+
+		// Reject non-matching empty keys
+		assertThat(PermEval.evalInstance(":fred", ":"), is(false));
+
+		// Accept matches starting with a wildcard
+		assertThat(PermEval.evalInstance(":!.*ed", ":fred"), is(true));
+
+		// Reject non-matches starting with a wildcard
+		assertThat(PermEval.evalInstance(":!.*arney", ":fred"), is(false));
+
+		// Accept matches ending with a wildcard
+		assertThat(PermEval.evalInstance(":fr*", ":fred"), is(true));
+
+		// Reject non-matches ending with a wildcard
+		assertThat(PermEval.evalInstance(":bar*", ":fred"), is(false));
+
+		// Accept exact keys
+		assertThat(PermEval.evalInstance(":fred", ":fred"), is(true));
+
+		// Reject mismatched keys
+		assertThat(PermEval.evalInstance(":fred", ":barney"), is(false));
+
+		// Check using alt-start character
+		assertThat(PermEval.evalInstance("/fred", "/fred"), is(true));
+		assertThat(PermEval.evalInstance("/barney", "/fred"), is(false));
+	}
+
+	@Test
+	public void instanceDirectTest() {
+		assertThat(PermEval.evalInstance("fred","fred"), is(true));
+		assertThat(PermEval.evalInstance("fred,wilma","fred"), is(true));
+		assertThat(PermEval.evalInstance("barney,betty,fred,wilma","fred"), is(true));
+		assertThat(PermEval.evalInstance("barney,betty,wilma","fred"), is(false));
+
+		assertThat(PermEval.evalInstance("fr*","fred"), is(true));
+		assertThat(PermEval.evalInstance("freddy*","fred"), is(false));
+		assertThat(PermEval.evalInstance("ba*","fred"), is(false));
+	}
+
+	@Test
+	public void actionTest() {
+		// Accept server *
+		assertThat(PermEval.evalAction("*", ""), is(true));
+		assertThat(PermEval.evalAction("*", "literally anything"), is(true));
+
+		// Reject empty actions
+		assertThat(PermEval.evalAction("literally anything", ""), is(false));
+
+		// Accept match as regex
+		assertThat(PermEval.evalAction("action", "!action"), is(true));
+
+		// Reject non-match as regex
+		assertThat(PermEval.evalAction("action", "!nonaction"), is(false));
+
+		// Accept exact match
+		assertThat(PermEval.evalAction("action", "action"), is(true));
+
+		// Reject non-match
+		assertThat(PermEval.evalAction("action", "nonaction"), is(false));
+	}
+
+	@Test
+	public void redundancyTest() {
+		// TRUE
 		assertTrue(PermEval.evalInstance(":fred:fred",":fred:fred"));
 		assertTrue(PermEval.evalInstance(":fred:fred,wilma",":fred:fred"));
 		assertTrue(PermEval.evalInstance(":fred:barney,betty,fred,wilma",":fred:fred"));
-		assertTrue(PermEval.evalInstance("*","fred"));
 		assertTrue(PermEval.evalInstance(":*:fred",":fred:fred"));
 		assertTrue(PermEval.evalInstance(":fred:*",":fred:fred"));
 		assertTrue(PermEval.evalInstance(":!f.*:fred",":fred:fred"));
 		assertTrue(PermEval.evalInstance(":fred:!f.*",":fred:fred"));
-		
-		/// FALSE
+
+		// FALSE
 		assertFalse(PermEval.evalInstance("fred","wilma"));
 		assertFalse(PermEval.evalInstance("fred,barney,betty","wilma"));
 		assertFalse(PermEval.evalInstance(":fred:fred",":fred:wilma"));
@@ -73,10 +164,10 @@ public class JU_PermEval {
 		assertTrue(PermEval.evalInstance("/v1/services/features/*","/v1/services/features/api1"));
 		assertTrue(PermEval.evalInstance(":v1:services:features:*",":v1:services:features:api2"));
 		// MSO - Xue Gao
-		assertTrue(PermEval.evalInstance(":v1:requests:*",":v1:requests:test0-service"));   
+		assertTrue(PermEval.evalInstance(":v1:requests:*",":v1:requests:test0-service"));
+
 
 
-		
 		// Same tests, with Slashes
 		assertTrue(PermEval.evalInstance("/fred/fred","/fred/fred"));
 		assertTrue(PermEval.evalInstance("/fred/fred,wilma","/fred/fred"));
@@ -86,8 +177,8 @@ public class JU_PermEval {
 		assertTrue(PermEval.evalInstance("/fred/*","/fred/fred"));
 		assertTrue(PermEval.evalInstance("/!f.*/fred","/fred/fred"));
 		assertTrue(PermEval.evalInstance("/fred/!f.*","/fred/fred"));
-		
-		/// FALSE
+
+		// FALSE
 		assertFalse(PermEval.evalInstance("fred","wilma"));
 		assertFalse(PermEval.evalInstance("fred,barney,betty","wilma"));
 		assertFalse(PermEval.evalInstance("/fred/fred","/fred/wilma"));
@@ -98,7 +189,7 @@ public class JU_PermEval {
 		assertFalse(PermEval.evalInstance("/!f.*/!w.*","/fred/fred"));
 
 		assertFalse(PermEval.evalInstance("/fred/!x.*","/fred/fred"));
-		
+
 		assertTrue(PermEval.evalInstance(":!com.att.*:role:write",":com.att.temp:role:write"));
 
 		// CPFSF-431 Group needed help with Wild Card
@@ -113,7 +204,10 @@ public class JU_PermEval {
 				":!topic.com.att.ecomp_test.crm.pre.*",
 				":topic.com.att.ecomp_test.crm.predemo100"
 				));
-		
+
+		// coverage
+		@SuppressWarnings("unused")
+		PermEval pe = new PermEval();
 	}
 
 }
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java
new file mode 100644
index 00000000..aa12d7c6
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_CertException.java
@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * * 
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ * * 
+ *  * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.cadi.cm.test;
+
+import static org.junit.Assert.*;
+import static org.hamcrest.CoreMatchers.*;
+import org.junit.*;
+
+import org.onap.aaf.cadi.cm.CertException;
+
+public class JU_CertException {
+
+	private static final String message = "The message associated with the exception";
+
+	@Test(expected = CertException.class)
+	public void test() throws CertException {
+		CertException except;
+
+		except = new CertException(message);
+		assertThat(except.getMessage(), is(message));
+
+		except = new CertException(new Exception(message));
+		assertThat(except.getMessage(), is("java.lang.Exception: " + message));
+
+		except = new CertException(message, new Exception(message));
+		assertThat(except.getMessage(), is(message));
+
+		throw new CertException();
+	}
+
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java
new file mode 100644
index 00000000..e4eaf7fb
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/cm/test/JU_Factory.java
@@ -0,0 +1,112 @@
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * * 
+ *  *      http://www.apache.org/licenses/LICENSE-2.0
+ * * 
+ *  * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+package org.onap.aaf.cadi.cm.test;
+
+import static org.junit.Assert.*;
+import static org.hamcrest.CoreMatchers.*;
+import static org.mockito.Mockito.*;
+import org.junit.*;
+import org.mockito.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import java.security.PublicKey;
+
+import javax.crypto.Cipher;
+
+import org.onap.aaf.cadi.cm.Factory;
+import org.onap.aaf.cadi.cm.Factory.StripperInputStream;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.LogTarget;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.env.Trans;
+
+public class JU_Factory {
+
+	@Mock
+	Trans transMock;
+
+	@Mock
+	TimeTaken timeTakenMock;
+
+	@Mock
+	LogTarget logTargetMock;
+
+	@Before
+	public void setup() {
+		MockitoAnnotations.initMocks(this);
+
+		when(transMock.start(anyString(), anyInt())).thenReturn(timeTakenMock);
+		when(transMock.debug()).thenReturn(logTargetMock);
+	}
+
+	@Test
+	public void generateKeyPairTest() throws Exception {
+		String message = "The quick brown fox jumps over the lazy dog.";
+
+		Cipher encryptor = Cipher.getInstance(Factory.KEY_ALGO);
+		Cipher decryptor = Cipher.getInstance(Factory.KEY_ALGO);
+
+		KeyPair kp1 = Factory.generateKeyPair(transMock);
+		encryptor.init(Cipher.ENCRYPT_MODE, kp1.getPublic());
+		decryptor.init(Cipher.DECRYPT_MODE, kp1.getPrivate());
+		byte[] encrypedMessage1 = encryptor.doFinal(message.getBytes(StandardCharsets.UTF_8));
+		String output1 = new String(decryptor.doFinal(encrypedMessage1));
+		assertThat(output1, is(message));
+
+		// coverage
+		when(transMock.start("Generate KeyPair", Env.SUB)).thenReturn(null);
+		KeyPair kp2 = Factory.generateKeyPair(transMock);
+		encryptor.init(Cipher.ENCRYPT_MODE, kp2.getPublic());
+		decryptor.init(Cipher.DECRYPT_MODE, kp2.getPrivate());
+		byte[] encrypedMessage2 = encryptor.doFinal(message.getBytes(StandardCharsets.UTF_8));
+		String output2 = new String(decryptor.doFinal(encrypedMessage2));
+		assertThat(output2, is(message));
+
+		KeyPair kp3 = Factory.generateKeyPair(null);
+		encryptor.init(Cipher.ENCRYPT_MODE, kp3.getPublic());
+		decryptor.init(Cipher.DECRYPT_MODE, kp3.getPrivate());
+		byte[] encrypedMessage3 = encryptor.doFinal(message.getBytes(StandardCharsets.UTF_8));
+		String output3 = new String(decryptor.doFinal(encrypedMessage3));
+		assertThat(output3, is(message));
+	}
+
+	@Test
+	public void keyToStringTest() throws IOException {
+		KeyPair kp = Factory.generateKeyPair(transMock);
+
+		String publicKeyString = Factory.toString(transMock, kp.getPublic());
+		String privateKeyString = Factory.toString(transMock, kp.getPrivate());
+
+		String[] publicKeyLines = publicKeyString.split("\n", 0);
+		assertThat(publicKeyLines.length, is(9));
+		assertThat(publicKeyLines[0], is("-----BEGIN PUBLIC KEY-----"));
+		assertThat(publicKeyLines[8], is("-----END PUBLIC KEY-----"));
+
+		String[] privateKeyLines = privateKeyString.split("\n", 0);
+		assertThat(privateKeyLines.length, is(28));
+		assertThat(privateKeyLines[0], is("-----BEGIN PRIVATE KEY-----"));
+		assertThat(privateKeyLines[27], is("-----END PRIVATE KEY-----"));
+	}
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_FastPerms.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
index 523bbc58..861e32e0 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_FastPerms.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java
@@ -21,37 +21,74 @@
 
 package org.onap.aaf.cadi.oauth.test;
 
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+import org.junit.*;
+
 import java.io.StringReader;
 
-import org.junit.After;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
 import org.onap.aaf.cadi.Permission;
 import org.onap.aaf.cadi.oauth.TokenPerm.LoadPermissions;
 import org.onap.aaf.misc.rosetta.ParseException;
 
-public class JU_FastPerms {
+public class JU_TokenPerm {
 
-	@BeforeClass
-	public static void setUpBeforeClass() throws Exception {
-	}
+	@Test
+	public void test() throws ParseException {
+		String json;
+		LoadPermissions lp;
+		Permission p;
 
-	@AfterClass
-	public static void tearDownAfterClass() throws Exception {
-	}
+		json = "{\"perm\":[" +
+			"  {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
+			"]}";
 
-	@Before
-	public void setUp() throws Exception {
-	}
+		lp = new LoadPermissions(new StringReader(json));
+		assertThat(lp.perms.size(), is(1));
+
+		p = lp.perms.get(0);
+		assertThat(p.getKey(), is("com.access|*|read,approve"));
+		assertThat(p.permType(), is("AAF"));
+
+		// Extra closing braces for coverage
+		json = "{\"perm\":[" +
+			"  {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}}," +
+			"]]}";
+
+		lp = new LoadPermissions(new StringReader(json));
+		assertThat(lp.perms.size(), is(1));
 
-	@After
-	public void tearDown() throws Exception {
+		p = lp.perms.get(0);
+		assertThat(p.getKey(), is("com.access|*|read,approve"));
+		assertThat(p.permType(), is("AAF"));
+
+		// Test without a type
+		json = "{\"perm\":[" +
+			"  {\"instance\":\"*\",\"action\":\"read,approve\"}," +
+			"]}";
+
+		lp = new LoadPermissions(new StringReader(json));
+		assertThat(lp.perms.size(), is(0));
+
+		// Test without an instance
+		json = "{\"perm\":[" +
+			"  {\"type\":\"com.access\",\"action\":\"read,approve\"}," +
+			"]}";
+
+		lp = new LoadPermissions(new StringReader(json));
+		assertThat(lp.perms.size(), is(0));
+
+		// Test without an action
+		json = "{\"perm\":[" +
+			"  {\"type\":\"com.access\",\"instance\":\"*\"}," +
+			"]}";
+
+		lp = new LoadPermissions(new StringReader(json));
+		assertThat(lp.perms.size(), is(0));
 	}
 
 	@Test
-	public void test() {
+	public void redundancyTest() {
 		String json = "{\"perm\":[" +
 				"  {\"type\":\"com.access\",\"instance\":\"*\",\"action\":\"read,approve\"}," +
 				"  {\"type\":\"org.osaaf.aaf.access\",\"instance\":\"*\",\"action\":\"*\"}," +
@@ -88,19 +125,12 @@ public class JU_FastPerms {
 				"  {\"type\":\"com.test.access\",\"instance\":\"*\",\"action\":\"read\"}," +
 				"  {\"type\":\"com.test.access\",\"instance\":\"*\",\"action\":\"read\"}" +
 				"]}";
-		
 		try {
 			LoadPermissions lp = new LoadPermissions(new StringReader(json));
-			for(Permission p : lp.perms) {
-				System.out.println(p.toString());
-			}
-			System.out.println("done");
+			assertThat(lp.perms.size(), is(34));
 		} catch (ParseException e) {
-			System.err.println(e);
+			fail(e.getMessage());
 		}
-		
-		
 	}
 	
-
 }
diff --git a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_DNSLocator.java b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_DNSLocator.java
index b97667d5..614cafbb 100644
--- a/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_DNSLocator.java
+++ b/cadi/client/src/test/java/org/onap/aaf/cadi/locator/test/JU_DNSLocator.java
@@ -19,7 +19,7 @@
  *
  */
 
-package org.onap.aaf.cadi.client.test;
+package org.onap.aaf.cadi.locator.test;
 
 import java.net.URI;
 import java.net.URL;