diff options
Diffstat (limited to 'cadi')
4 files changed, 397 insertions, 2 deletions
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java new file mode 100644 index 00000000..3698b36a --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java @@ -0,0 +1,178 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.aaf.cert.test; + +import static org.mockito.Mockito.*; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; + +import org.junit.*; +import org.mockito.*; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.net.HttpURLConnection; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; + +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.cert.AAFListedCertIdentity; +import org.onap.aaf.cadi.aaf.v2_0.AAFCon; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.client.Rcli; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.util.Chrono; +import org.onap.aaf.misc.rosetta.env.RosettaDF; + +import aaf.v2_0.Certs; +import aaf.v2_0.Certs.Cert; +import aaf.v2_0.Users; +import aaf.v2_0.Users.User; + +public class JU_AAFListedCertIdentity { + + @Mock private AAFCon<?> conMock; + @Mock private Rcli<Object> rcliMock; + @Mock private RosettaDF<Users> userDFMock; + @Mock private RosettaDF<Certs> certDFMock; + @Mock private Future<Users> futureUsersMock; + @Mock private Future<Certs> futureCertsMock; + + @Mock private Users usersMock; + @Mock private User userMock1; + @Mock private User userMock2; + @Mock private User userMock3; + + @Mock private Certs certsMock; + @Mock private Cert certMock1; + @Mock private Cert certMock2; + @Mock private Cert certMock3; + + @Mock private HttpServletRequest reqMock; + @Mock private X509Certificate x509Mock; + + private List<User> usersList; + private List<Cert> certsList; + + private PropAccess access; + + private ByteArrayOutputStream outStream; + + private static final String USERS = "user1,user2,user3"; + private static final String ID = "id"; + private static final String FINGERPRINT = "fingerprint"; + + private static final byte[] certBytes = "certificate".getBytes(); + + @Before + public void setup() throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { + MockitoAnnotations.initMocks(this); + + certsList = new ArrayList<>(); + certsList.add(certMock1); + certsList.add(certMock2); + certsList.add(certMock3); + + usersList = new ArrayList<>(); + usersList.add(userMock1); + usersList.add(userMock2); + usersList.add(userMock3); + + outStream = new ByteArrayOutputStream(); + access = new PropAccess(new PrintStream(outStream), new String[0]); + outStream.reset(); + access.setProperty(Config.AAF_CERT_IDS, USERS); + setFinal(conMock, conMock.getClass().getField("usersDF"), userDFMock); + setFinal(conMock, conMock.getClass().getField("certsDF"), certDFMock); + setFinal(conMock, conMock.getClass().getField("access"), access); + } + + @Test + public void test() throws APIException, CadiException, CertificateException { + doReturn(rcliMock).when(conMock).client(Config.AAF_DEFAULT_VERSION); + when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/tguard/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock); + when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/basicAuth/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock); + when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/csp/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock); + + when(futureUsersMock.get(5000)).thenReturn(true); + futureUsersMock.value = usersMock; + when(usersMock.getUser()).thenReturn(usersList); + + when(rcliMock.read("/authn/cert/id/user1", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock); + when(rcliMock.read("/authn/cert/id/user2", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock); + when(rcliMock.read("/authn/cert/id/user3", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock); + + when(futureCertsMock.get(5000)).thenReturn(true); + futureCertsMock.value = certsMock; + when(certsMock.getCert()).thenReturn(certsList); + + when(userMock1.getId()).thenReturn("user1"); + when(userMock2.getId()).thenReturn("user2"); + when(userMock3.getId()).thenReturn("user3"); + + prepareCert(certMock1); + prepareCert(certMock2); + prepareCert(certMock3); + + AAFListedCertIdentity certID = new AAFListedCertIdentity(access, conMock); + + when(x509Mock.getEncoded()).thenReturn(certBytes); + certID.identity(reqMock, null, null); + certID.identity(reqMock, null, certBytes); + certID.identity(reqMock, x509Mock, null); + certID.identity(reqMock, x509Mock, certBytes); + + Set<String> hashSetOfUsers = AAFListedCertIdentity.trusted("basicAuth"); + assertThat(hashSetOfUsers.contains("user1"), is(true)); + assertThat(hashSetOfUsers.contains("user2"), is(true)); + assertThat(hashSetOfUsers.contains("user3"), is(true)); + + } + + private void setFinal(Object object, Field field, Object newValue) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException { + field.setAccessible(true); + + Field modifiersField = Field.class.getDeclaredField("modifiers"); + modifiersField.setAccessible(true); + modifiersField.setInt(field, field.getModifiers() & Modifier.FINAL); + + field.set(object, newValue); + } + + private void prepareCert(Cert cert) { + Date date = new Date(); + when(cert.getExpires()).thenReturn(Chrono.timeStamp(new Date(date.getTime() + (60 * 60 * 24)))); + when(cert.getId()).thenReturn(ID); + when(cert.getFingerprint()).thenReturn(FINGERPRINT.getBytes()); + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java new file mode 100644 index 00000000..560014d1 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java @@ -0,0 +1,99 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.aaf.marshal.test; + +import static org.junit.Assert.*; +import static org.hamcrest.CoreMatchers.*; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.PrintStream; + +import javax.xml.datatype.XMLGregorianCalendar; + +import org.junit.*; + +import org.onap.aaf.cadi.aaf.marshal.CertMarshal; +import org.onap.aaf.misc.env.util.Chrono; +import org.onap.aaf.misc.rosetta.OutRaw; +import org.onap.aaf.misc.rosetta.ParseException; +import org.onap.aaf.misc.rosetta.marshal.DataWriter; + +import aaf.v2_0.Certs.Cert; + +public class JU_CertMarshal { + + private static final String fingerprint = "fingerprint"; + private static final String id = "id"; + private static final String x500 = "x500"; + + private String fingerprintAsString; + + private XMLGregorianCalendar expires; + + private ByteArrayOutputStream outStream; + + @Before + public void setup() { + expires = Chrono.timeStamp(); + outStream = new ByteArrayOutputStream(); + StringBuilder sb = new StringBuilder(); + DataWriter.HEX_BINARY.write(fingerprint.getBytes(), sb); + fingerprintAsString = sb.toString(); + } + + @Test + public void test() throws ParseException, IOException { + Cert cert = setupCert(); + CertMarshal cm = new CertMarshal(); + OutRaw raw = new OutRaw(); + + raw.extract(cert, new PrintStream(outStream), cm); + + String[] output = outStream.toString().split("\n"); + + String[] expected = new String[] { + "{ - ", + ", - fingerprint : \"" + fingerprintAsString + "\"", + ", - id : \"" + id + "\"", + ", - x500 : \"" + x500 + "\"", + ", - expires : \"" + Chrono.dateTime(expires) + "\"", + "} - ", + }; + + assertThat(output.length, is(expected.length)); + + for (int i = 0; i < output.length; i++) { + assertThat(output[i], is(expected[i])); + } + } + + private Cert setupCert() { + Cert cert = new Cert(); + cert.setId(id); + cert.setX500(x500); + cert.setExpires(expires); + cert.setFingerprint(fingerprint.getBytes()); + return cert; + } + +} diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java new file mode 100644 index 00000000..6598fbe4 --- /dev/null +++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java @@ -0,0 +1,118 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.cadi.aaf.marshal.test; + +import org.junit.*; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.PrintStream; +import java.util.ArrayList; + +import javax.xml.datatype.XMLGregorianCalendar; +import org.onap.aaf.cadi.aaf.marshal.CertsMarshal; +import org.onap.aaf.misc.env.util.Chrono; +import org.onap.aaf.misc.rosetta.OutRaw; +import org.onap.aaf.misc.rosetta.ParseException; +import org.onap.aaf.misc.rosetta.marshal.DataWriter; + +import aaf.v2_0.Certs; +import aaf.v2_0.Certs.Cert; + +public class JU_CertsMarshal { + + private static final String fingerprint = "fingerprint"; + private static final String id = "id"; + private static final String x500 = "x500"; + + private String fingerprintAsString; + + private XMLGregorianCalendar expires; + + private ByteArrayOutputStream outStream; + + @Before + public void setup() { + expires = Chrono.timeStamp(); + outStream = new ByteArrayOutputStream(); + StringBuilder sb = new StringBuilder(); + DataWriter.HEX_BINARY.write(fingerprint.getBytes(), sb); + fingerprintAsString = sb.toString(); + } + + @Test + public void test() throws ParseException, IOException { + CertsStub certs = new CertsStub(); + CertsMarshal cm = new CertsMarshal(); + OutRaw raw = new OutRaw(); + + raw.extract(certs, new PrintStream(outStream), cm); + String[] output = outStream.toString().split("\n"); + + String[] expected = new String[] { + "{ - ", + "[ - cert", + "{ - ", + ", - fingerprint : \"" + fingerprintAsString + "\"", + ", - id : \"" + id + "\"", + ", - x500 : \"" + x500 + "\"", + ", - expires : \"" + Chrono.dateTime(expires) + "\"", + "} - ", + ", - ", + "{ - ", + ", - fingerprint : \"" + fingerprintAsString + "\"", + ", - id : \"" + id + "\"", + ", - x500 : \"" + x500 + "\"", + ", - expires : \"" + Chrono.dateTime(expires) + "\"", + "} - ", + "] - ", + "} - ", + }; + + assertThat(output.length, is(expected.length)); + + for (int i = 0; i < output.length; i++) { + assertThat(output[i], is(expected[i])); + } + } + + private Cert setupCert() { + Cert cert = new Cert(); + cert.setId(id); + cert.setX500(x500); + cert.setExpires(expires); + cert.setFingerprint(fingerprint.getBytes()); + return cert; + } + + private class CertsStub extends Certs { + public CertsStub() { + cert = new ArrayList<>(); + for (int i = 0; i < 2; i++) { + cert.add(setupCert()); + } + } + } + +} diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 90935900..bfdc6bf1 100644 --- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -31,9 +31,9 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; /** - * We treate "roles" and "permissions" in a similar way for first pass. + * We treat "roles" and "permissions" in a similar way for first pass. * - * @author jg1555 + * @author JonathanGathman * */ public class AAFAuthorizationInfo implements AuthorizationInfo { |