summaryrefslogtreecommitdiffstats
path: root/cadi
diff options
context:
space:
mode:
Diffstat (limited to 'cadi')
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java178
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java99
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java118
-rw-r--r--cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java4
4 files changed, 397 insertions, 2 deletions
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java
new file mode 100644
index 00000000..3698b36a
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/cert/test/JU_AAFListedCertIdentity.java
@@ -0,0 +1,178 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.aaf.cert.test;
+
+import static org.mockito.Mockito.*;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
+import org.junit.*;
+import org.mockito.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.net.HttpURLConnection;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.cert.AAFListedCertIdentity;
+import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.rosetta.env.RosettaDF;
+
+import aaf.v2_0.Certs;
+import aaf.v2_0.Certs.Cert;
+import aaf.v2_0.Users;
+import aaf.v2_0.Users.User;
+
+public class JU_AAFListedCertIdentity {
+
+ @Mock private AAFCon<?> conMock;
+ @Mock private Rcli<Object> rcliMock;
+ @Mock private RosettaDF<Users> userDFMock;
+ @Mock private RosettaDF<Certs> certDFMock;
+ @Mock private Future<Users> futureUsersMock;
+ @Mock private Future<Certs> futureCertsMock;
+
+ @Mock private Users usersMock;
+ @Mock private User userMock1;
+ @Mock private User userMock2;
+ @Mock private User userMock3;
+
+ @Mock private Certs certsMock;
+ @Mock private Cert certMock1;
+ @Mock private Cert certMock2;
+ @Mock private Cert certMock3;
+
+ @Mock private HttpServletRequest reqMock;
+ @Mock private X509Certificate x509Mock;
+
+ private List<User> usersList;
+ private List<Cert> certsList;
+
+ private PropAccess access;
+
+ private ByteArrayOutputStream outStream;
+
+ private static final String USERS = "user1,user2,user3";
+ private static final String ID = "id";
+ private static final String FINGERPRINT = "fingerprint";
+
+ private static final byte[] certBytes = "certificate".getBytes();
+
+ @Before
+ public void setup() throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException {
+ MockitoAnnotations.initMocks(this);
+
+ certsList = new ArrayList<>();
+ certsList.add(certMock1);
+ certsList.add(certMock2);
+ certsList.add(certMock3);
+
+ usersList = new ArrayList<>();
+ usersList.add(userMock1);
+ usersList.add(userMock2);
+ usersList.add(userMock3);
+
+ outStream = new ByteArrayOutputStream();
+ access = new PropAccess(new PrintStream(outStream), new String[0]);
+ outStream.reset();
+ access.setProperty(Config.AAF_CERT_IDS, USERS);
+ setFinal(conMock, conMock.getClass().getField("usersDF"), userDFMock);
+ setFinal(conMock, conMock.getClass().getField("certsDF"), certDFMock);
+ setFinal(conMock, conMock.getClass().getField("access"), access);
+ }
+
+ @Test
+ public void test() throws APIException, CadiException, CertificateException {
+ doReturn(rcliMock).when(conMock).client(Config.AAF_DEFAULT_VERSION);
+ when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/tguard/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock);
+ when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/basicAuth/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock);
+ when(rcliMock.read("/authz/users/perm/com.att.aaf.trust/csp/authenticate", Users.class, userDFMock)).thenReturn(futureUsersMock);
+
+ when(futureUsersMock.get(5000)).thenReturn(true);
+ futureUsersMock.value = usersMock;
+ when(usersMock.getUser()).thenReturn(usersList);
+
+ when(rcliMock.read("/authn/cert/id/user1", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock);
+ when(rcliMock.read("/authn/cert/id/user2", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock);
+ when(rcliMock.read("/authn/cert/id/user3", Certs.class, conMock.certsDF)).thenReturn(futureCertsMock);
+
+ when(futureCertsMock.get(5000)).thenReturn(true);
+ futureCertsMock.value = certsMock;
+ when(certsMock.getCert()).thenReturn(certsList);
+
+ when(userMock1.getId()).thenReturn("user1");
+ when(userMock2.getId()).thenReturn("user2");
+ when(userMock3.getId()).thenReturn("user3");
+
+ prepareCert(certMock1);
+ prepareCert(certMock2);
+ prepareCert(certMock3);
+
+ AAFListedCertIdentity certID = new AAFListedCertIdentity(access, conMock);
+
+ when(x509Mock.getEncoded()).thenReturn(certBytes);
+ certID.identity(reqMock, null, null);
+ certID.identity(reqMock, null, certBytes);
+ certID.identity(reqMock, x509Mock, null);
+ certID.identity(reqMock, x509Mock, certBytes);
+
+ Set<String> hashSetOfUsers = AAFListedCertIdentity.trusted("basicAuth");
+ assertThat(hashSetOfUsers.contains("user1"), is(true));
+ assertThat(hashSetOfUsers.contains("user2"), is(true));
+ assertThat(hashSetOfUsers.contains("user3"), is(true));
+
+ }
+
+ private void setFinal(Object object, Field field, Object newValue) throws IllegalArgumentException, IllegalAccessException, NoSuchFieldException, SecurityException {
+ field.setAccessible(true);
+
+ Field modifiersField = Field.class.getDeclaredField("modifiers");
+ modifiersField.setAccessible(true);
+ modifiersField.setInt(field, field.getModifiers() & Modifier.FINAL);
+
+ field.set(object, newValue);
+ }
+
+ private void prepareCert(Cert cert) {
+ Date date = new Date();
+ when(cert.getExpires()).thenReturn(Chrono.timeStamp(new Date(date.getTime() + (60 * 60 * 24))));
+ when(cert.getId()).thenReturn(ID);
+ when(cert.getFingerprint()).thenReturn(FINGERPRINT.getBytes());
+ }
+
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java
new file mode 100644
index 00000000..560014d1
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertMarshal.java
@@ -0,0 +1,99 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.aaf.marshal.test;
+
+import static org.junit.Assert.*;
+import static org.hamcrest.CoreMatchers.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.junit.*;
+
+import org.onap.aaf.cadi.aaf.marshal.CertMarshal;
+import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.rosetta.OutRaw;
+import org.onap.aaf.misc.rosetta.ParseException;
+import org.onap.aaf.misc.rosetta.marshal.DataWriter;
+
+import aaf.v2_0.Certs.Cert;
+
+public class JU_CertMarshal {
+
+ private static final String fingerprint = "fingerprint";
+ private static final String id = "id";
+ private static final String x500 = "x500";
+
+ private String fingerprintAsString;
+
+ private XMLGregorianCalendar expires;
+
+ private ByteArrayOutputStream outStream;
+
+ @Before
+ public void setup() {
+ expires = Chrono.timeStamp();
+ outStream = new ByteArrayOutputStream();
+ StringBuilder sb = new StringBuilder();
+ DataWriter.HEX_BINARY.write(fingerprint.getBytes(), sb);
+ fingerprintAsString = sb.toString();
+ }
+
+ @Test
+ public void test() throws ParseException, IOException {
+ Cert cert = setupCert();
+ CertMarshal cm = new CertMarshal();
+ OutRaw raw = new OutRaw();
+
+ raw.extract(cert, new PrintStream(outStream), cm);
+
+ String[] output = outStream.toString().split("\n");
+
+ String[] expected = new String[] {
+ "{ - ",
+ ", - fingerprint : \"" + fingerprintAsString + "\"",
+ ", - id : \"" + id + "\"",
+ ", - x500 : \"" + x500 + "\"",
+ ", - expires : \"" + Chrono.dateTime(expires) + "\"",
+ "} - ",
+ };
+
+ assertThat(output.length, is(expected.length));
+
+ for (int i = 0; i < output.length; i++) {
+ assertThat(output[i], is(expected[i]));
+ }
+ }
+
+ private Cert setupCert() {
+ Cert cert = new Cert();
+ cert.setId(id);
+ cert.setX500(x500);
+ cert.setExpires(expires);
+ cert.setFingerprint(fingerprint.getBytes());
+ return cert;
+ }
+
+}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java
new file mode 100644
index 00000000..6598fbe4
--- /dev/null
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/marshal/test/JU_CertsMarshal.java
@@ -0,0 +1,118 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.aaf.marshal.test;
+
+import org.junit.*;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.ArrayList;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+import org.onap.aaf.cadi.aaf.marshal.CertsMarshal;
+import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.rosetta.OutRaw;
+import org.onap.aaf.misc.rosetta.ParseException;
+import org.onap.aaf.misc.rosetta.marshal.DataWriter;
+
+import aaf.v2_0.Certs;
+import aaf.v2_0.Certs.Cert;
+
+public class JU_CertsMarshal {
+
+ private static final String fingerprint = "fingerprint";
+ private static final String id = "id";
+ private static final String x500 = "x500";
+
+ private String fingerprintAsString;
+
+ private XMLGregorianCalendar expires;
+
+ private ByteArrayOutputStream outStream;
+
+ @Before
+ public void setup() {
+ expires = Chrono.timeStamp();
+ outStream = new ByteArrayOutputStream();
+ StringBuilder sb = new StringBuilder();
+ DataWriter.HEX_BINARY.write(fingerprint.getBytes(), sb);
+ fingerprintAsString = sb.toString();
+ }
+
+ @Test
+ public void test() throws ParseException, IOException {
+ CertsStub certs = new CertsStub();
+ CertsMarshal cm = new CertsMarshal();
+ OutRaw raw = new OutRaw();
+
+ raw.extract(certs, new PrintStream(outStream), cm);
+ String[] output = outStream.toString().split("\n");
+
+ String[] expected = new String[] {
+ "{ - ",
+ "[ - cert",
+ "{ - ",
+ ", - fingerprint : \"" + fingerprintAsString + "\"",
+ ", - id : \"" + id + "\"",
+ ", - x500 : \"" + x500 + "\"",
+ ", - expires : \"" + Chrono.dateTime(expires) + "\"",
+ "} - ",
+ ", - ",
+ "{ - ",
+ ", - fingerprint : \"" + fingerprintAsString + "\"",
+ ", - id : \"" + id + "\"",
+ ", - x500 : \"" + x500 + "\"",
+ ", - expires : \"" + Chrono.dateTime(expires) + "\"",
+ "} - ",
+ "] - ",
+ "} - ",
+ };
+
+ assertThat(output.length, is(expected.length));
+
+ for (int i = 0; i < output.length; i++) {
+ assertThat(output[i], is(expected[i]));
+ }
+ }
+
+ private Cert setupCert() {
+ Cert cert = new Cert();
+ cert.setId(id);
+ cert.setX500(x500);
+ cert.setExpires(expires);
+ cert.setFingerprint(fingerprint.getBytes());
+ return cert;
+ }
+
+ private class CertsStub extends Certs {
+ public CertsStub() {
+ cert = new ArrayList<>();
+ for (int i = 0; i < 2; i++) {
+ cert.add(setupCert());
+ }
+ }
+ }
+
+}
diff --git a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
index 90935900..bfdc6bf1 100644
--- a/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
+++ b/cadi/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java
@@ -31,9 +31,9 @@ import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Access.Level;
/**
- * We treate "roles" and "permissions" in a similar way for first pass.
+ * We treat "roles" and "permissions" in a similar way for first pass.
*
- * @author jg1555
+ * @author JonathanGathman
*
*/
public class AAFAuthorizationInfo implements AuthorizationInfo {