From 4a51a8f96715ffb2a42189b93b9fa91b453b8530 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:39:12 -0400 Subject:  [AAF-21] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Ia1dd196befd061f6ba0c2be6bf4456a30ea50f97 Signed-off-by: sg481n --- .../java/com/att/cadi/lur/aaf/test/JU_JMeter.java | 146 ++++++ .../com/att/cadi/lur/aaf/test/JU_Lur2_0Call.java | 576 +++++++++++++++++++++ .../com/att/cadi/lur/aaf/test/JU_PermEval.java | 109 ++++ .../att/cadi/lur/aaf/test/MultiThreadPermHit.java | 146 ++++++ .../java/com/att/cadi/lur/aaf/test/TestAccess.java | 123 +++++ 5 files changed, 1100 insertions(+) create mode 100644 aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_JMeter.java create mode 100644 aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_Lur2_0Call.java create mode 100644 aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_PermEval.java create mode 100644 aaf/src/test/java/com/att/cadi/lur/aaf/test/MultiThreadPermHit.java create mode 100644 aaf/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java (limited to 'aaf/src/test/java/com/att/cadi/lur/aaf') diff --git a/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_JMeter.java b/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_JMeter.java new file mode 100644 index 0000000..b71a9ba --- /dev/null +++ b/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_JMeter.java @@ -0,0 +1,146 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cadi.lur.aaf.test; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.PrintWriter; +import java.io.StringWriter; +import java.net.HttpURLConnection; +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; +import java.util.Properties; + +import org.junit.BeforeClass; +import org.junit.Test; + +import com.att.cadi.Permission; +import com.att.cadi.PropAccess; +import com.att.cadi.aaf.v2_0.AAFAuthn; +import com.att.cadi.aaf.v2_0.AAFConHttp; +import com.att.cadi.aaf.v2_0.AAFLurPerm; +import com.att.cadi.aaf.v2_0.AAFTaf; +import com.att.cadi.config.Config; +import com.att.cadi.locator.DNSLocator; +import com.att.cadi.principal.CachedBasicPrincipal; + +import junit.framework.Assert; + +public class JU_JMeter { + private static AAFConHttp aaf; + private static AAFAuthn aafAuthn; + private static AAFLurPerm aafLur; + private static ArrayList perfIDs; + + private static AAFTaf aafTaf; + private static PropAccess access; + + @BeforeClass + public static void before() throws Exception { + if(aafLur==null) { + Properties props = System.getProperties(); + props.setProperty("AFT_LATITUDE", "32.780140"); + props.setProperty("AFT_LONGITUDE", "-96.800451"); + props.setProperty("DME2_EP_REGISTRY_CLASS","DME2FS"); + props.setProperty("AFT_DME2_EP_REGISTRY_FS_DIR","/Volumes/Data/src/authz/dme2reg"); + props.setProperty("AFT_ENVIRONMENT", "AFTUAT"); + props.setProperty("SCLD_PLATFORM", "NON-PROD"); + props.setProperty(Config.AAF_URL,"https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=DEV/routeOffer=BAU_SE"); + props.setProperty(Config.AAF_READ_TIMEOUT, "2000"); + int timeToLive = 3000; + props.setProperty(Config.AAF_CLEAN_INTERVAL, Integer.toString(timeToLive)); + props.setProperty(Config.AAF_HIGH_COUNT, "4"); + + String aafPerfIDs = props.getProperty("AAF_PERF_IDS"); + perfIDs = new ArrayList(); + File perfFile = null; + if(aafPerfIDs!=null) { + perfFile = new File(aafPerfIDs); + } + + access = new PropAccess(); + aaf = new AAFConHttp(access, new DNSLocator(access,"https","localhost","8100")); + aafTaf = new AAFTaf(aaf,false); + aafLur = aaf.newLur(aafTaf); + aafAuthn = aaf.newAuthn(aafTaf); + aaf.basicAuth("testid@aaf.att.com", "whatever"); + + if(perfFile==null||!perfFile.exists()) { + perfIDs.add(new CachedBasicPrincipal(aafTaf, + "Basic dGVzdGlkOndoYXRldmVy", + "aaf.att.com",timeToLive)); + perfIDs.add(new Princ("ab1234@aaf.att.com")); // Example of Local ID, which isn't looked up + } else { + BufferedReader ir = new BufferedReader(new FileReader(perfFile)); + try { + String line; + while((line = ir.readLine())!=null) { + if((line=line.trim()).length()>0) + perfIDs.add(new Princ(line)); + } + } finally { + ir.close(); + } + } + Assert.assertNotNull(aafLur); + } + } + + private static class Princ implements Principal { + private String name; + public Princ(String name) { + this.name = name; + } + public String getName() { + return name; + } + + }; + + private static int index = -1; + + private synchronized Principal getIndex() { + if(perfIDs.size()<=++index)index=0; + return perfIDs.get(index); + } + @Test + public void test() { + try { + aafAuthn.validate("testid@aaf.att.com", "whatever"); + List perms = new ArrayList(); + aafLur.fishAll(getIndex(), perms); +// Assert.assertFalse(perms.isEmpty()); +// for(Permission p : perms) { +// //access.log(Access.Level.AUDIT, p.permType()); +// } + } catch (Exception e) { + StringWriter sw = new StringWriter(); + e.printStackTrace(new PrintWriter(sw)); + Assert.assertFalse(sw.toString(),true); + } + } + +} diff --git a/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_Lur2_0Call.java b/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_Lur2_0Call.java new file mode 100644 index 0000000..2608980 --- /dev/null +++ b/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_Lur2_0Call.java @@ -0,0 +1,576 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cadi.lur.aaf.test; + +import static org.junit.Assert.assertEquals; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.security.Principal; +import java.util.Collection; +import java.util.Enumeration; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.AsyncContext; +import javax.servlet.DispatcherType; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.ServletInputStream; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.servlet.http.Part; + +import org.junit.BeforeClass; +import org.junit.Test; + +import com.att.cadi.CadiException; +import com.att.cadi.Lur; +import com.att.cadi.Permission; +import com.att.cadi.PropAccess; +import com.att.cadi.Symm; +import com.att.cadi.Taf.LifeForm; +import com.att.cadi.aaf.AAFPermission; +import com.att.cadi.aaf.v2_0.AAFConHttp; +import com.att.cadi.aaf.v2_0.AAFLurPerm; +import com.att.cadi.aaf.v2_0.AAFTaf; +import com.att.cadi.locator.DNSLocator; +import com.att.cadi.lur.ConfigPrincipal; +import com.att.cadi.lur.LocalPermission; +import com.att.cadi.taf.TafResp; + +public class JU_Lur2_0Call { + private static AAFConHttp aaf; + private static PropAccess access; + + @BeforeClass + public static void setUpBeforeClass() throws Exception { + access = new PropAccess(); + aaf = new AAFConHttp(access,new DNSLocator(access,"https","localhost","8100")); + aaf.basicAuth("testid", "whatever"); + } + + @Test + public void test() throws Exception { + + AAFLurPerm aafLur = aaf.newLur(); + + Principal pri = new ConfigPrincipal("testid@aaf.att.com","whatever"); + for (int i = 0; i < 10; ++i) { + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|write"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|kumquat|write"),false); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|read"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|kumquat|read"),true); + + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","write"),true); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","kumquat","write"),false); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","read"),true); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","kumquat","read"),true); + + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!kum.*|read"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|!wr*"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance"),true); + + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!kum.*","read"),true); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","!wr*"),true); + + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!kum[Qq]uat|read"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!my[iI]nstance|!wr*"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!my[iI]nstance|!wr*"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|!wr*"),true); + + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!kum[Qq]uat","read"),true); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!my[iI]nstance","!wr*"),true); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","!my[iI]nstance","!wr*"),true); + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service","myInstance","!wr*"),true); + + + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!my.nstance|!wr*"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|my.nstance|!wr*"),false); + + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|my.nstance|!wr*"),false); + + //Maitrayee, aren't we going to have issues if we do RegExp with "."? + //Is it too expensive to only do Reg Ex in presence of special characters, []{}*, etc? Not sure this helps for GRID. + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|kum.quat|read"),true); + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|!kum..uat|read"),true); + + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance"),true); // ok if Stored Action is "*" + + // Key Evaluations + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|:myCluster:*:!my.*|write"),true); // ok if Stored Action is "*" + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|:myCluster:*|write"),false); // not ok if key lengths don't match "*" + print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|:myCluster:*:myCF|write"),true); // ok if Stored Action is "*" + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service",":myCluster:*:!my.*","write"),true); // ok if Stored Action is "*" + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service",":myCluster:*:myCF","write"),true); // ok if Stored Action is "*" + print(aafLur, pri, new AAFPermission("com.test.JU_Lur2_0Call.service",":myCluster:*","write"),false); // not ok if key lengths don't match + + } + + print(aafLur, pri, new LocalPermission("bogus"),false); + +// try { +// Thread.sleep(7000); +// } catch (InterruptedException e) { +// e.printStackTrace(); +// } + for (int i = 0; i < 10; ++i) + print(aafLur, pri, new LocalPermission("supergroup"),false); + + System.out.println("All Done"); + } + @Test + public void testTaf() throws Exception { + AAFTaf aaft = new AAFTaf(aaf,true); + + TafResp resp; + // No Header + resp = aaft.validate(LifeForm.CBLF, new Req(), null); + assertEquals(TafResp.RESP.TRY_AUTHENTICATING, resp.isAuthenticated()); + + String auth = "Basic " + Symm.base64.encode("testid:whatever"); + resp = aaft.validate(LifeForm.CBLF, new Req("Authorization",auth), null); + assertEquals(TafResp.RESP.IS_AUTHENTICATED, resp.isAuthenticated()); + + } +// @Test +// public void testRole() throws CadiException { +// TestAccess ta = new TestAccess(); +// AAFLurRole1_0 aafLur = new AAFLurRole1_0( +// ta, +//// "http://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=1.0.0/envContext=UAT/routeOffer=BAU_SE", +// "http://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=1.0.0/envContext=DEV/routeOffer=D1", +// "m12345", "m12345pass", 50000, // dme Time +// // 5*60000); // 5 minutes User Expiration +// 50000, // 5 seconds after Expiration +// 200); // High Count of items.. These do not take much memory +// +// Principal pri = new ConfigPrincipal("xy1234","whatever); +// for (int i = 0; i < 10; ++i) { +//// print(aafLur, pri, new LocalPermission("*|*|*|com.att.authz")); +// print(aafLur, pri, new LocalPermission("service|myInstance|write"),false); +// print(aafLur, pri, new LocalPermission("com.test.JU_Lur2_0Call.service|myInstance|write"),false); +// print(aafLur, pri, new LocalPermission("com.att.cadi"),true); +// print(aafLur, pri, new LocalPermission("global"),true); +// print(aafLur, pri, new LocalPermission("kumquat"),false); +// } +// +// print(aafLur, pri, new LocalPermission("bogus"),false); +// +// for (int i = 0; i < 10; ++i) +// print(aafLur, pri, new LocalPermission("supergroup"),false); +// +// System.out.println("All Done"); +// } + + + private void print(Lur aafLur, Principal pri, Permission perm, boolean shouldBe) + throws CadiException { + long start = System.nanoTime(); + + // The Call + boolean ok = aafLur.fish(pri, perm); + + assertEquals(shouldBe,ok); + float ms = (System.nanoTime() - start) / 1000000f; + if (ok) { + System.out.println("Yes, part of " + perm.getKey() + " (" + ms + + "ms)"); + } else { + System.out.println("No, not part of " + perm.getKey() + " (" + ms + + "ms)"); + } + } + + @SuppressWarnings("rawtypes") + public class Req implements HttpServletRequest { + private String[] headers; + + public Req(String ... headers) { + this.headers = headers; + } + + public Object getAttribute(String name) { + // TODO Auto-generated method stub + return null; + } + + @SuppressWarnings("unchecked") + public Enumeration getAttributeNames() { + // TODO Auto-generated method stub + return null; + } + + public String getCharacterEncoding() { + // TODO Auto-generated method stub + return null; + } + + public void setCharacterEncoding(String env) + throws UnsupportedEncodingException { + // TODO Auto-generated method stub + + } + + public int getContentLength() { + // TODO Auto-generated method stub + return 0; + } + + public String getContentType() { + // TODO Auto-generated method stub + return null; + } + + public ServletInputStream getInputStream() throws IOException { + // TODO Auto-generated method stub + return null; + } + + public String getParameter(String name) { + // TODO Auto-generated method stub + return null; + } + + @SuppressWarnings("unchecked") + public Enumeration getParameterNames() { + // TODO Auto-generated method stub + return null; + } + + public String[] getParameterValues(String name) { + // TODO Auto-generated method stub + return null; + } + + @SuppressWarnings("unchecked") + public Map getParameterMap() { + // TODO Auto-generated method stub + return null; + } + + public String getProtocol() { + // TODO Auto-generated method stub + return null; + } + + public String getScheme() { + // TODO Auto-generated method stub + return null; + } + + public String getServerName() { + // TODO Auto-generated method stub + return null; + } + + public int getServerPort() { + // TODO Auto-generated method stub + return 0; + } + + public BufferedReader getReader() throws IOException { + // TODO Auto-generated method stub + return null; + } + + public String getRemoteAddr() { + // TODO Auto-generated method stub + return null; + } + + public String getRemoteHost() { + // TODO Auto-generated method stub + return null; + } + + public void setAttribute(String name, Object o) { + // TODO Auto-generated method stub + + } + + public void removeAttribute(String name) { + // TODO Auto-generated method stub + + } + + public Locale getLocale() { + // TODO Auto-generated method stub + return null; + } + + @SuppressWarnings("unchecked") + public Enumeration getLocales() { + // TODO Auto-generated method stub + return null; + } + + public boolean isSecure() { + // TODO Auto-generated method stub + return false; + } + + public RequestDispatcher getRequestDispatcher(String path) { + // TODO Auto-generated method stub + return null; + } + + public String getRealPath(String path) { + // TODO Auto-generated method stub + return null; + } + + public int getRemotePort() { + // TODO Auto-generated method stub + return 0; + } + + public String getLocalName() { + // TODO Auto-generated method stub + return null; + } + + public String getLocalAddr() { + // TODO Auto-generated method stub + return null; + } + + public int getLocalPort() { + // TODO Auto-generated method stub + return 0; + } + + public String getAuthType() { + // TODO Auto-generated method stub + return null; + } + + public Cookie[] getCookies() { + // TODO Auto-generated method stub + return null; + } + + public long getDateHeader(String name) { + // TODO Auto-generated method stub + return 0; + } + + public String getHeader(String name) { + for(int i=1;i getParts() throws IOException, ServletException { + // TODO Auto-generated method stub + return null; + } + + @Override + public Part getPart(String name) throws IOException, ServletException { + // TODO Auto-generated method stub + return null; + } + + } +} diff --git a/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_PermEval.java b/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_PermEval.java new file mode 100644 index 0000000..efd108f --- /dev/null +++ b/aaf/src/test/java/com/att/cadi/lur/aaf/test/JU_PermEval.java @@ -0,0 +1,109 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cadi.lur.aaf.test; + +import static org.junit.Assert.*; + +import org.junit.AfterClass; +import org.junit.Test; + +import com.att.cadi.aaf.PermEval; + +public class JU_PermEval { + + @AfterClass + public static void tearDownAfterClass() throws Exception { + } + + @Test + public void test() { + assertTrue(PermEval.evalInstance(":com.att.temp:role:write",":!com.att.*:role:write")); + + // TRUE + assertTrue(PermEval.evalAction("fred","fred")); + assertTrue(PermEval.evalAction("fred,wilma","fred")); + assertTrue(PermEval.evalAction("barney,betty,fred,wilma","fred")); + assertTrue(PermEval.evalAction("*","fred")); + + assertTrue(PermEval.evalInstance("fred","fred")); + assertTrue(PermEval.evalInstance("fred,wilma","fred")); + assertTrue(PermEval.evalInstance("barney,betty,fred,wilma","fred")); + assertTrue(PermEval.evalInstance("*","fred")); + + assertTrue(PermEval.evalInstance(":fred:fred",":fred:fred")); + assertTrue(PermEval.evalInstance(":fred:fred,wilma",":fred:fred")); + assertTrue(PermEval.evalInstance(":fred:barney,betty,fred,wilma",":fred:fred")); + assertTrue(PermEval.evalInstance("*","fred")); + assertTrue(PermEval.evalInstance(":*:fred",":fred:fred")); + assertTrue(PermEval.evalInstance(":fred:*",":fred:fred")); + assertTrue(PermEval.evalInstance(":fred:fred",":!f.*:fred")); + assertTrue(PermEval.evalInstance(":fred:fred",":fred:!f.*")); + + /// FALSE + assertFalse(PermEval.evalInstance("fred","wilma")); + assertFalse(PermEval.evalInstance("fred,barney,betty","wilma")); + assertFalse(PermEval.evalInstance(":fred:fred",":fred:wilma")); + assertFalse(PermEval.evalInstance(":fred:fred",":wilma:fred")); + assertFalse(PermEval.evalInstance(":fred:fred",":wilma:!f.*")); + assertFalse(PermEval.evalInstance(":fred:fred",":!f.*:wilma")); + assertFalse(PermEval.evalInstance(":fred:fred",":!w.*:!f.*")); + assertFalse(PermEval.evalInstance(":fred:fred",":!f.*:!w.*")); + + assertFalse(PermEval.evalInstance(":fred:fred",":fred:!x.*")); + + // MSO Tests 12/3/2015 + assertFalse(PermEval.evalInstance("/v1/services/features/*","/v1/services/features")); + assertFalse(PermEval.evalInstance(":v1:services:features:*",":v1:services:features")); + assertTrue(PermEval.evalInstance("/v1/services/features/*","/v1/services/features/api1")); + assertTrue(PermEval.evalInstance(":v1:services:features:*",":v1:services:features:api2")); + // MSO - Xue Gao + assertTrue(PermEval.evalInstance(":v1:requests:*",":v1:requests:test0-service")); + + + + // Same tests, with Slashes + assertTrue(PermEval.evalInstance("/fred/fred","/fred/fred")); + assertTrue(PermEval.evalInstance("/fred/fred,wilma","/fred/fred")); + assertTrue(PermEval.evalInstance("/fred/barney,betty,fred,wilma","/fred/fred")); + assertTrue(PermEval.evalInstance("*","fred")); + assertTrue(PermEval.evalInstance("/*/fred","/fred/fred")); + assertTrue(PermEval.evalInstance("/fred/*","/fred/fred")); + assertTrue(PermEval.evalInstance("/fred/fred","/!f.*/fred")); + assertTrue(PermEval.evalInstance("/fred/fred","/fred/!f.*")); + + /// FALSE + assertFalse(PermEval.evalInstance("fred","wilma")); + assertFalse(PermEval.evalInstance("fred,barney,betty","wilma")); + assertFalse(PermEval.evalInstance("/fred/fred","/fred/wilma")); + assertFalse(PermEval.evalInstance("/fred/fred","/wilma/fred")); + assertFalse(PermEval.evalInstance("/fred/fred","/wilma/!f.*")); + assertFalse(PermEval.evalInstance("/fred/fred","/!f.*/wilma")); + assertFalse(PermEval.evalInstance("/fred/fred","/!w.*/!f.*")); + assertFalse(PermEval.evalInstance("/fred/fred","/!f.*/!w.*")); + + assertFalse(PermEval.evalInstance("/fred/fred","/fred/!x.*")); + + } + +} diff --git a/aaf/src/test/java/com/att/cadi/lur/aaf/test/MultiThreadPermHit.java b/aaf/src/test/java/com/att/cadi/lur/aaf/test/MultiThreadPermHit.java new file mode 100644 index 0000000..cec5404 --- /dev/null +++ b/aaf/src/test/java/com/att/cadi/lur/aaf/test/MultiThreadPermHit.java @@ -0,0 +1,146 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cadi.lur.aaf.test; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; + +import com.att.cadi.Access; +import com.att.cadi.Permission; +import com.att.cadi.PropAccess; +import com.att.cadi.aaf.AAFPermission; +import com.att.cadi.aaf.v2_0.AAFAuthn; +import com.att.cadi.aaf.v2_0.AAFConHttp; +import com.att.cadi.aaf.v2_0.AAFLurPerm; +import com.att.cadi.config.Config; +import com.att.cadi.locator.PropertyLocator; + +public class MultiThreadPermHit { + public static void main(String args[]) { + // Link or reuse to your Logging mechanism + PropAccess myAccess = new PropAccess(); // + + // + try { + AAFConHttp con = new AAFConHttp(myAccess,new PropertyLocator("https://mithrilcsp.sbc.com:8100")); + + // AAFLur has pool of DME clients as needed, and Caches Client lookups + final AAFLurPerm aafLur = con.newLur(); + aafLur.setDebug("m12345@aaf.att.com"); + + // Note: If you need both Authn and Authz construct the following: + AAFAuthn aafAuthn = con.newAuthn(aafLur); + + // Do not set Mech ID until after you construct AAFAuthn, + // because we initiate "401" info to determine the Realm of + // of the service we're after. + final String id = myAccess.getProperty(Config.AAF_MECHID,null); + final String pass = myAccess.decrypt(myAccess.getProperty(Config.AAF_MECHPASS,null),false); + if(id!=null && pass!=null) { + try { + + // Normally, you obtain Principal from Authentication System. + // // For J2EE, you can ask the HttpServletRequest for getUserPrincipal() + // // If you use CADI as Authenticator, it will get you these Principals from + // // CSP or BasicAuth mechanisms. + // String id = "cluster_admin@gridcore.att.com"; + // + // // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason. + String ok; + ok = aafAuthn.validate(id, pass); + if(ok!=null) { + System.out.println(ok); + } + + List pond = new ArrayList(); + for(int i=0;i<20;++i) { + pond.clear(); + aafLur.fishAll(i+id, pond); + if(ok!=null && i%1000==0) { + System.out.println(i + " " + ok); + } + } + + for(int i=0;i<1000000;++i) { + ok = aafAuthn.validate( i+ id, "wrongPass"); + if(ok!=null && i%1000==0) { + System.out.println(i + " " + ok); + } + } + + final AAFPermission perm = new AAFPermission("com.att.aaf.access","*","*"); + + // Now you can ask the LUR (Local Representative of the User Repository about Authorization + // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object + // instead of creating your own LUR + for(int i=0;i<4;++i) { + if(aafLur.fish(id, perm)) { + System.out.println("Yes, " + id + " has permission for " + perm.getKey()); + } else { + System.out.println("No, " + id + " does not have permission for " + perm.getKey()); + } + } + + + // Or you can all for all the Permissions available + List perms = new ArrayList(); + + + aafLur.fishAll(id,perms); + System.out.println("Perms for " + id); + for(Permission prm : perms) { + System.out.println(prm.getKey()); + } + + System.out.println("Press any key to continue"); + System.in.read(); + + for(int j=0;j<5;++j) { + new Thread(new Runnable() { + @Override + public void run() { + for(int i=0;i<20;++i) { + if(aafLur.fish(id, perm)) { + System.out.println("Yes, " + id + " has permission for " + perm.getKey()); + } else { + System.out.println("No, " + id + " does not have permission for " + perm.getKey()); + } + } + } + }).start(); + } + + + } finally { + aafLur.destroy(); + } + } else { // checked on IDs + System.err.println(Config.AAF_MECHID + " and/or " + Config.AAF_MECHPASS + " are not set."); + } + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/aaf/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java b/aaf/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java new file mode 100644 index 0000000..0554d1d --- /dev/null +++ b/aaf/src/test/java/com/att/cadi/lur/aaf/test/TestAccess.java @@ -0,0 +1,123 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cadi.lur.aaf.test; + +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.PrintStream; + +import com.att.cadi.Access; +import com.att.cadi.Symm; +import com.att.cadi.config.Config; + +public class TestAccess implements Access { + private Symm symm; + private PrintStream out; + + public TestAccess(PrintStream out) { + this.out = out; + InputStream is = ClassLoader.getSystemResourceAsStream("cadi.properties"); + try { + System.getProperties().load(is); + } catch (IOException e) { + e.printStackTrace(out); + } finally { + try { + is.close(); + } catch (IOException e) { + e.printStackTrace(out); + } + } + + String keyfile = System.getProperty(Config.CADI_KEYFILE); + if(keyfile==null) { + System.err.println("No " + Config.CADI_KEYFILE + " in Classpath"); + } else { + try { + is = new FileInputStream(keyfile); + try { + symm = Symm.obtain(is); + } finally { + is.close(); + } + } catch (IOException e) { + e.printStackTrace(out); + } + } + + + + } + + public void log(Level level, Object... elements) { + boolean first = true; + for(int i=0;i