diff options
5 files changed, 453 insertions, 138 deletions
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java index 074b704b..2094948a 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFTrustChecker.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -41,10 +41,10 @@ public class AAFTrustChecker implements TrustChecker { private Lur lur; /** - * + * * Instance will be replaced by Identity - * @param lur - * + * @param lur + * * @param tag * @param perm */ @@ -87,28 +87,30 @@ public class AAFTrustChecker implements TrustChecker { @Override public TafResp mayTrust(TafResp tresp, HttpServletRequest req) { String user_info = req.getHeader(tag); - if(user_info !=null ) { - String[] info = Split.split(',', user_info); - if(info.length>0) { - String[] flds = Split.splitTrim(':',info[0]); - if(flds.length>3 && "AS".equals(flds[3])) { // is it set for "AS" - String pn = tresp.getPrincipal().getName(); - if(pn.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept - || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM - return new TrustTafResp(tresp, - new TrustPrincipal(tresp.getPrincipal(), flds[0]), - " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ',' - ); - } else if(pn.equals(flds[0])) { // Ignore if same identity - return tresp; - } else { - return new TrustNotTafResp(tresp, tresp.getPrincipal().getName() + " requested trust as " - + flds[0] + ", but does not have Authorization"); - } - } - } + if (user_info == null) { + return tresp; + } + + String[] info = Split.split(',', user_info); + String[] flds = Split.splitTrim(':', info[0]); + if (flds.length < 4) { + return tresp; + } + if (!("AS".equals(flds[3]))) { // is it set for "AS" + return tresp; + } + + String principalName = tresp.getPrincipal().getName(); + if(principalName.equals(id) // We do trust our own App Components: if a trust entry is made with self, always accept + || lur.fish(tresp.getPrincipal(), perm)) { // Have Perm set by Config.CADI_TRUST_PERM + String desc = " " + flds[0] + " validated using " + flds[2] + " by " + flds[1] + ','; + return new TrustTafResp(tresp, new TrustPrincipal(tresp.getPrincipal(), flds[0]), desc); + } else if(principalName.equals(flds[0])) { // Ignore if same identity + return tresp; + } else { + String desc = tresp.getPrincipal().getName() + " requested trust as " + flds[0] + ", but does not have Authorization"; + return new TrustNotTafResp(tresp, desc); } - return tresp; } }
\ No newline at end of file diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java index 0241fe5d..8948bc3c 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/sso/AAFSSO.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -41,106 +41,87 @@ import org.onap.aaf.cadi.util.MyConsole; import org.onap.aaf.cadi.util.SubStandardConsole; import org.onap.aaf.cadi.util.TheConsole; - public class AAFSSO { - public static final MyConsole cons = TheConsole.implemented()?new TheConsole():new SubStandardConsole(); - + public static final MyConsole cons = TheConsole.implemented() ? new TheConsole() : new SubStandardConsole(); + private static final int EIGHT_HOURS = 8 * 60 * 60 * 1000; + private Properties diskprops = null; // use for temp storing User/Password on disk - private File dot_aaf = null, sso=null; // instantiated, if ever, with diskprops - - boolean removeSSO=false; + private File dot_aaf = null; + private File sso = null; // instantiated, if ever, with diskprops + + boolean removeSSO = false; boolean loginOnly = false; + boolean doExit = true; private PropAccess access; private StringBuilder err; - private String user,encrypted_pass; + private String user; + private String encrypted_pass; private boolean use_X509; - private PrintStream os, stdout=null,stderr=null; + private PrintStream os; private Method close; public AAFSSO(String[] args) throws IOException, CadiException { - List<String> larg = new ArrayList<String>(args.length); - - // Cover for bash's need to escape *.. (\\*) - // also, remove SSO if required - for (int i = 0; i < args.length; ++i) { - if ("\\*".equals(args[i])) { - args[i] = "*"; - } - - if("-logout".equalsIgnoreCase(args[i])) { - removeSSO=true; - } else if("-login".equalsIgnoreCase(args[i])) { - loginOnly = true; - } else { - larg.add(args[i]); - } - } - - String[] nargs = new String[larg.size()]; - larg.toArray(nargs); + String[] nargs = parseArgs(args); - dot_aaf = new File(System.getProperty("user.home")+"/.aaf"); - if(!dot_aaf.exists()) { + dot_aaf = new File(System.getProperty("user.home") + "/.aaf"); + if (!dot_aaf.exists()) { dot_aaf.mkdirs(); } - File f = new File(dot_aaf,"sso.out"); - os = new PrintStream(new FileOutputStream(f,true)); - stdout = System.out; - stderr = System.err; + File f = new File(dot_aaf, "sso.out"); + os = new PrintStream(new FileOutputStream(f, true)); System.setOut(os); System.setErr(os); - access = new PropAccess(os,nargs); + access = new PropAccess(os, nargs); Config.setDefaultRealm(access); user = access.getProperty(Config.AAF_APPID); encrypted_pass = access.getProperty(Config.AAF_APPPASS); - - File dot_aaf_kf = new File(dot_aaf,"keyfile"); - - sso = new File(dot_aaf,"sso.props"); - if(removeSSO) { - if(dot_aaf_kf.exists()) { - dot_aaf_kf.setWritable(true,true); + + File dot_aaf_kf = new File(dot_aaf, "keyfile"); + + sso = new File(dot_aaf, "sso.props"); + if (removeSSO) { + if (dot_aaf_kf.exists()) { + dot_aaf_kf.setWritable(true, true); dot_aaf_kf.delete(); } - if(sso.exists()) { + if (sso.exists()) { sso.delete(); } System.out.println("AAF SSO information removed"); - System.exit(0); + if (doExit) { + System.exit(0); + } } - - if(!dot_aaf_kf.exists()) { + + if (!dot_aaf_kf.exists()) { FileOutputStream fos = new FileOutputStream(dot_aaf_kf); try { fos.write(Symm.keygen()); - dot_aaf_kf.setExecutable(false,false); - dot_aaf_kf.setWritable(false,false); - dot_aaf_kf.setReadable(false,false); - dot_aaf_kf.setReadable(true, true); + setReadonly(dot_aaf_kf); } finally { fos.close(); } } String keyfile = access.getProperty(Config.CADI_KEYFILE); // in case it's CertificateMan props - if(keyfile==null) { + if (keyfile == null) { access.setProperty(Config.CADI_KEYFILE, dot_aaf_kf.getAbsolutePath()); } - + String alias = access.getProperty(Config.CADI_ALIAS); - if(user==null && alias!=null && access.getProperty(Config.CADI_KEYSTORE_PASSWORD)!=null) { + if ((user == null) && (alias != null) && (access.getProperty(Config.CADI_KEYSTORE_PASSWORD) != null)) { user = alias; access.setProperty(Config.AAF_APPID, user); use_X509 = true; } else { use_X509 = false; Symm decryptor = Symm.obtain(dot_aaf_kf); - if (user==null) { - if(sso.exists() && sso.lastModified()>System.currentTimeMillis()-(8*60*60*1000 /* 8 hours */)) { + if (user == null) { + if (sso.exists() && (sso.lastModified() > (System.currentTimeMillis() - EIGHT_HOURS))) { String cm_url = access.getProperty(Config.CM_URL); // SSO might overwrite... FileInputStream fos = new FileInputStream(sso); try { @@ -148,9 +129,9 @@ public class AAFSSO { user = access.getProperty(Config.AAF_APPID); encrypted_pass = access.getProperty(Config.AAF_APPPASS); // decrypt with .aaf, and re-encrypt with regular Keyfile - access.setProperty(Config.AAF_APPPASS, + access.setProperty(Config.AAF_APPPASS, access.encrypt(decryptor.depass(encrypted_pass))); - if(cm_url!=null) { //Command line CM_URL Overwrites ssofile. + if (cm_url != null) { //Command line CM_URL Overwrites ssofile. access.setProperty(Config.CM_URL, cm_url); } } finally { @@ -160,22 +141,22 @@ public class AAFSSO { diskprops = new Properties(); String realm = Config.getDefaultRealm(); // Turn on Console Sysout - System.setOut(stdout); - user=cons.readLine("aaf_id(%s@%s): ",System.getProperty("user.name"),realm); - if(user==null) { - user = System.getProperty("user.name")+'@'+realm; - } else if(user.length()==0) { // - user = System.getProperty("user.name")+'@' + realm; - } else if(user.indexOf('@')<0 && realm!=null) { - user = user+'@'+realm; + System.setOut(System.out); + user = cons.readLine("aaf_id(%s@%s): ", System.getProperty("user.name"), realm); + if (user == null) { + user = System.getProperty("user.name") + '@' + realm; + } else if (user.length() == 0) { // + user = System.getProperty("user.name") + '@' + realm; + } else if ((user.indexOf('@') < 0) && (realm != null)) { + user = user + '@' + realm; } - access.setProperty(Config.AAF_APPID,user); - diskprops.setProperty(Config.AAF_APPID,user); + access.setProperty(Config.AAF_APPID, user); + diskprops.setProperty(Config.AAF_APPID, user); encrypted_pass = new String(cons.readPassword("aaf_password: ")); System.setOut(os); - encrypted_pass = Symm.ENC+decryptor.enpass(encrypted_pass); - access.setProperty(Config.AAF_APPPASS,encrypted_pass); - diskprops.setProperty(Config.AAF_APPPASS,encrypted_pass); + encrypted_pass = Symm.ENC + decryptor.enpass(encrypted_pass); + access.setProperty(Config.AAF_APPPASS, encrypted_pass); + diskprops.setProperty(Config.AAF_APPPASS, encrypted_pass); diskprops.setProperty(Config.CADI_KEYFILE, access.getProperty(Config.CADI_KEYFILE)); } } @@ -183,8 +164,8 @@ public class AAFSSO { if (user == null) { err = new StringBuilder("Add -D" + Config.AAF_APPID + "=<id> "); } - - if (encrypted_pass == null && alias==null) { + + if (encrypted_pass == null && alias == null) { if (err == null) { err = new StringBuilder(); } else { @@ -193,42 +174,35 @@ public class AAFSSO { err.append("-D" + Config.AAF_APPPASS + "=<passwd> "); } } - + public void setLogDefault() { - access.setLogLevel(PropAccess.DEFAULT); - if(stdout!=null) { - System.setOut(stdout); - } + this.setLogDefault(PropAccess.DEFAULT); } public void setStdErrDefault() { access.setLogLevel(PropAccess.DEFAULT); - if(stderr!=null) { - System.setErr(stderr); - } + System.setErr(System.err); } public void setLogDefault(Level level) { access.setLogLevel(level); - if(stdout!=null) { - System.setOut(stdout); - } + System.setOut(System.out); } - + public boolean loginOnly() { return loginOnly; } public void addProp(String key, String value) { - if(diskprops!=null) { + if (diskprops != null) { diskprops.setProperty(key, value); } } - + public void writeFiles() throws IOException { - // Store Creds, if they work - if(diskprops!=null) { - if(!dot_aaf.exists()) { + // Store Creds, if they work + if (diskprops != null) { + if (!dot_aaf.exists()) { dot_aaf.mkdirs(); } FileOutputStream fos = new FileOutputStream(sso); @@ -236,18 +210,12 @@ public class AAFSSO { diskprops.store(fos, "AAF Single Signon"); } finally { fos.close(); - sso.setWritable(false,false); - sso.setExecutable(false,false); - sso.setReadable(false,false); - sso.setReadable(true,true); + setReadonly(sso); } } - if(sso!=null) { - sso.setReadable(false,false); - sso.setWritable(false,false); - sso.setExecutable(false,false); - sso.setReadable(true,true); - sso.setWritable(true,true); + if (sso != null) { + setReadonly(sso); + sso.setWritable(true, true); } } @@ -258,21 +226,21 @@ public class AAFSSO { public StringBuilder err() { return err; } - + public String user() { return user; } - + public String enc_pass() { return encrypted_pass; } - + public boolean useX509() { return use_X509; } - + public void close() { - if(close!=null) { + if (close != null) { try { close.invoke(null); } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { @@ -281,4 +249,37 @@ public class AAFSSO { close = null; } } + + private String[] parseArgs(String[] args) + { + List<String> larg = new ArrayList<String>(args.length); + + // Cover for bash's need to escape *.. (\\*) + // also, remove SSO if required + for (int i = 0; i < args.length; ++i) { + if ("\\*".equals(args[i])) { + args[i] = "*"; + } + + if ("-logout".equalsIgnoreCase(args[i])) { + removeSSO = true; + } else if ("-login".equalsIgnoreCase(args[i])) { + loginOnly = true; + } else if ("-noexit".equalsIgnoreCase(args[i])) { + doExit = false; + } else { + larg.add(args[i]); + } + } + String[] nargs = new String[larg.size()]; + larg.toArray(nargs); + return nargs; + } + + private void setReadonly(File file) { + file.setExecutable(false, false); + file.setWritable(false, false); + file.setReadable(false, false); + file.setReadable(true, true); + } } diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java new file mode 100644 index 00000000..1e469eca --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java @@ -0,0 +1,130 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.aaf.v2_0.test; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.aaf.cadi.Lur; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.v2_0.AAFTrustChecker; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.principal.TaggedPrincipal; +import org.onap.aaf.cadi.taf.TafResp; +import org.onap.aaf.cadi.taf.TrustNotTafResp; +import org.onap.aaf.cadi.taf.TrustTafResp; +import org.onap.aaf.misc.env.Env; + +public class JU_AAFTrustChecker { + + private final static String type = "type"; + private final static String instance = "instance"; + private final static String action = "action"; + private final static String key = type + '|' + instance + '|' + action; + private final static String name = "name"; + private final static String otherName = "otherName"; + + private PropAccess access; + + @Mock private Env envMock; + @Mock private TafResp trespMock; + @Mock private HttpServletRequest reqMock; + @Mock private TaggedPrincipal tpMock; + @Mock private Lur lurMock; + @Mock private TaggedPrincipal princMock; + + @Before + public void setup() { + MockitoAnnotations.initMocks(this); + access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]); + } + + @Test + public void test() { + AAFTrustChecker trustChecker; + + // coverage calls + trustChecker = new AAFTrustChecker(access); + trustChecker = new AAFTrustChecker(envMock); + + access.setProperty(Config.CADI_TRUST_PERM, "example"); + when(envMock.getProperty(Config.CADI_TRUST_PERM)).thenReturn("example"); + trustChecker = new AAFTrustChecker(access); + trustChecker = new AAFTrustChecker(envMock); + + access.setProperty(Config.CADI_TRUST_PERM, key); + when(envMock.getProperty(Config.CADI_TRUST_PERM)).thenReturn(key); + trustChecker = new AAFTrustChecker(access); + trustChecker = new AAFTrustChecker(envMock); + + trustChecker.setLur(lurMock); + + assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock)); + + when(reqMock.getHeader(null)).thenReturn("comma,comma,comma"); + assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock)); + + when(reqMock.getHeader(null)).thenReturn("colon:colon:colon:colon,comma,comma"); + assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock)); + + when(reqMock.getHeader(null)).thenReturn("colon:colon:colon:AS,comma,comma"); + when(trespMock.getPrincipal()).thenReturn(tpMock); + when(tpMock.getName()).thenReturn(name); + when(lurMock.fish(princMock, null)).thenReturn(true); + TafResp tntResp = trustChecker.mayTrust(trespMock, reqMock); + + assertThat(tntResp instanceof TrustNotTafResp, is(true)); + assertThat(tntResp.toString(), is("name requested trust as colon, but does not have Authorization")); + + when(reqMock.getHeader(null)).thenReturn(name + ":colon:colon:AS,comma,comma"); + assertThat(trustChecker.mayTrust(trespMock, reqMock), is(trespMock)); + + when(envMock.getProperty(Config.CADI_ALIAS, null)).thenReturn(name); + when(envMock.getProperty(Config.CADI_TRUST_PERM)).thenReturn(null); + trustChecker = new AAFTrustChecker(envMock); + trustChecker.setLur(lurMock); + + when(trespMock.getPrincipal()).thenReturn(princMock); + when(princMock.getName()).thenReturn(otherName); + when(lurMock.fish(princMock, null)).thenReturn(true); + TafResp ttResp = trustChecker.mayTrust(trespMock, reqMock); + assertThat(ttResp instanceof TrustTafResp, is(true)); + assertThat(ttResp.toString(), is(name + " by trust of " + name + " validated using colon by colon, null")); + + when(princMock.getName()).thenReturn(name); + ttResp = trustChecker.mayTrust(trespMock, reqMock); + assertThat(ttResp instanceof TrustTafResp, is(true)); + assertThat(ttResp.toString(), is(name + " by trust of " + name + " validated using colon by colon, null")); + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java index 861e32e0..6bbed0ed 100644 --- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/oauth/test/JU_TokenPerm.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,18 +21,78 @@ package org.onap.aaf.cadi.oauth.test; -import static org.hamcrest.CoreMatchers.*; -import static org.junit.Assert.*; -import org.junit.*; +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; +import static org.mockito.Mockito.when; + +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import java.io.IOException; import java.io.StringReader; +import java.nio.file.Files; +import java.nio.file.Path; import org.onap.aaf.cadi.Permission; +import org.onap.aaf.cadi.oauth.TokenPerm; import org.onap.aaf.cadi.oauth.TokenPerm.LoadPermissions; +import org.onap.aaf.cadi.persist.Persist; +import org.onap.aaf.misc.env.APIException; import org.onap.aaf.misc.rosetta.ParseException; +import org.onap.aaf.misc.rosetta.env.RosettaDF; + +import aaf.v2_0.Perms; +import aafoauth.v2_0.Introspect; public class JU_TokenPerm { + private static final byte[] hash = "hashstring".getBytes(); + + private static final String clientId = "clientId"; + private static final String username = "username"; + private static final String token = "token"; + private static final String scopes = "scopes"; + private static final String content = "content"; + + private static final long expires = 10000L; + + private static Path path; + + @Mock private Persist<Introspect, ?> persistMock; + @Mock private RosettaDF<Perms> dfMock; + @Mock private Introspect introspectMock; + + @Before + public void setup() throws IOException { + MockitoAnnotations.initMocks(this); + + when(introspectMock.getExp()).thenReturn(expires); + when(introspectMock.getClientId()).thenReturn(clientId); + when(introspectMock.getUsername()).thenReturn(username); + when(introspectMock.getAccessToken()).thenReturn(token); + when(introspectMock.getScope()).thenReturn(scopes); + when(introspectMock.getExp()).thenReturn(expires); + + path = Files.createTempFile("fake", ".txt"); + } + + @Test + public void tokenTest() throws APIException { + TokenPerm tokenPerm = new TokenPerm(persistMock, dfMock, introspectMock, hash, path); + assertThat(tokenPerm.perms().size(), is(0)); + assertThat(tokenPerm.getClientId(), is(clientId)); + assertThat(tokenPerm.getUsername(), is(username)); + assertThat(tokenPerm.getToken(), is(token)); + assertThat(tokenPerm.getScopes(), is(scopes)); + assertThat(tokenPerm.getIntrospect(), is(introspectMock)); + + when(introspectMock.getContent()).thenReturn(content); + tokenPerm = new TokenPerm(persistMock, dfMock, introspectMock, hash, path); + } + @Test public void test() throws ParseException { String json; @@ -132,5 +192,5 @@ public class JU_TokenPerm { fail(e.getMessage()); } } - + } diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java new file mode 100644 index 00000000..34997fe6 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/sso/test/JU_AAFSSO.java @@ -0,0 +1,122 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.sso.test; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.IOException; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.sso.AAFSSO; + +public class JU_AAFSSO { + + private static final String resourceDirString = "src/test/resources"; + private static final String aafDir = resourceDirString + "/aaf"; + + private ByteArrayInputStream inStream; + + @Before + public void setup() { + System.setProperty("user.home", aafDir); + + // Simulate user input + inStream = new ByteArrayInputStream("test\npassword".getBytes()); + System.setIn(inStream); + } + + @After + public void tearDown() { + recursiveDelete(new File(aafDir)); + } + + @Test + public void test() throws IOException, CadiException { + AAFSSO sso; + String[] args; + + args = new String[] { + "-login", + "-noexit", + }; + sso = new AAFSSO(args); + + assertThat(new File(aafDir).exists(), is(true)); + assertThat(new File(aafDir + "/.aaf").exists(), is(true)); + assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true)); + assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true)); + assertThat(sso.loginOnly(), is(true)); + + assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(false)); + sso.writeFiles(); + assertThat(new File(aafDir + "/.aaf/sso.props").exists(), is(true)); + + sso.setLogDefault(); + sso.setStdErrDefault(); + + inStream.reset(); + args = new String[] { + "-logout", + "\\*", + "-noexit", + }; + sso = new AAFSSO(args); + + assertThat(new File(aafDir).exists(), is(true)); + assertThat(new File(aafDir + "/.aaf").exists(), is(true)); + assertThat(new File(aafDir + "/.aaf/keyfile").exists(), is(true)); + assertThat(new File(aafDir + "/.aaf/sso.out").exists(), is(true)); + assertThat(sso.loginOnly(), is(false)); + + PropAccess access = sso.access(); + assertThat(sso.enc_pass(), is(access.getProperty(Config.AAF_APPPASS))); + assertThat(sso.user(), is(access.getProperty(Config.AAF_APPID))); + + sso.addProp("key", "value"); + assertThat(sso.err(), is(nullValue())); + + assertThat(sso.useX509(), is(false)); + + sso.close(); + sso.close(); + } + + private void recursiveDelete(File file) { + for (File f : file.listFiles()) { + if (f.isDirectory()) { + recursiveDelete(f); + } + f.delete(); + } + file.delete(); + } + +} |