diff options
Diffstat (limited to 'aai-aaf-auth/src/test/java/org')
4 files changed, 406 insertions, 0 deletions
diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIAuthCoreTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIAuthCoreTest.java new file mode 100644 index 00000000..6fca4fdb --- /dev/null +++ b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIAuthCoreTest.java @@ -0,0 +1,235 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.aaf.auth; + +import org.junit.Before; +import org.junit.Test; +import org.onap.aai.aaf.auth.exceptions.AAIUnrecognizedFunctionException; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class AAIAuthCoreTest extends AAISetup { + + private AAIAuthCore authCore; + + @Before + public void setup() { + authCore = new AAIAuthCore("/aai"); + } + + @Test + public void getAuthPolicyFunctionNameTest() { + + String uri = "/aai/v3/search/edge-tag-query"; + assertEquals("Get aai function name from " + uri, "search", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/v10/search/edge-tag-query"; + assertEquals("Get aai function name from " + uri, "search", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/search/model"; + assertEquals("Get aai function name from " + uri, "search", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/v9/cloud-infrastructure/cloud-regions/cloud-region/somecloudregion/some-cloud-owner"; + assertEquals("Get aai function name from " + uri, "cloud-infrastructure", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/v8/network/pnfs/pnf/ff4ca01orc/p-interfaces"; + assertEquals("Get aai function name from " + uri, "network", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/util/echo"; + assertEquals("Get aai function name from " + uri, "util", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/tools"; + assertEquals("Get aai function name from " + uri, "tools", authCore.getAuthPolicyFunctName(uri)); + + uri = "/aai/v12/bulk/single-transaction"; + assertEquals("Get aai function name from " + uri, "bulk", authCore.getAuthPolicyFunctName(uri)); + + } + + @Test + public void validUsernameAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("testUser".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); + } + + @Test + public void validUsernameInvalidHttpMethodAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("testUser".toLowerCase(), "/aai/v0/testFunction/someUri", "POST", "")); + } + + @Test(expected = AAIUnrecognizedFunctionException.class) + public void validUsernameInvalidFunctionInURIAuthTest() throws AAIUnrecognizedFunctionException { + authCore.authorize("testUser".toLowerCase(), "/aai/v0/badFunction/someUri", "PUT", ""); + } + + @Test + public void invalidUsernameAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("invlaidTestUser".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); + } + + @Test + public void validUsernameIsTheExactWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("testWildcardId".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); + } + + @Test + public void validUsernameContainsTheWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("cn=blah, testWildcardId, O=".toLowerCase(), "/aai/v0/testFunction/someUri", + "PUT", "", "aafWildCardIssuer")); + } + + @Test + public void validUsernameContainsTheWildcardIdInvalidIssuerAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("cn=blah, testWildcardId, O=".toLowerCase(), "/aai/v0/testFunction/someUri", + "PUT", "", "invalidIssuer")); + } + + @Test + public void invalidUsernameContainsRegularUsernameAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse( + authCore.authorize("cn=blah, testUser, O=".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); + } + + @Test + public void haProxyUsernameAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/util/echo", "GET", "")); + } + + @Test + public void haProxyUsernameInvalidFunctionAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", "")); + } + + @Test + public void validUsernameViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", + "testUser".toLowerCase())); + } + + @Test + public void validUsernameInvalidHttpMethodViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "POST", + "testUser".toLowerCase())); + } + + @Test(expected = AAIUnrecognizedFunctionException.class) + public void validUsernameInvalidFunctionInURIViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/badFunction/someUri", "PUT", + "testUser".toLowerCase()); + } + + @Test + public void invalidUsernameViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", + "invlaidTestUser".toLowerCase())); + } + + @Test + public void validUsernameIsTheExactWildcardIdViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", + "testWildcardId".toLowerCase())); + } + + @Test + public void validUsernameContainsTheWildcardIdViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", + "cn=blah, testWildcardId, O=".toLowerCase(), "aafWildCardIssuer")); + } + + @Test + public void invalidUsernameContainsRegularUsernameViaHaProxyAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", + "cn=blah, testUser, O=".toLowerCase())); + } + + @Test + public void haProxyUsernameTwiceAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("ha-proxy-user".toLowerCase(), "/aai/v0/testFunction/someUri", "PUT", + "ha-proxy-user".toLowerCase())); + } + + @Test + public void haProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/util/echo", "GET", "", + "aafWildCardIssuer")); + } + + @Test + public void haProxyWildcardIdInvalidFunctionAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), + "/aai/v0/testFunction/someUri", "PUT", "")); + } + + @Test + public void validUsernameViaHaProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/testFunction/someUri", + "PUT", "testUser".toLowerCase(), "aafWildCardIssuer")); + } + + @Test + public void validUsernameInvalidHttpMethodViaHaProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), + "/aai/v0/testFunction/someUri", "POST", "testUser".toLowerCase())); + } + + @Test(expected = AAIUnrecognizedFunctionException.class) + public void validUsernameInvalidFunctionInURIViaHaProxyWildcardIdAuthTest() + throws AAIUnrecognizedFunctionException { + authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/badFunction/someUri", "PUT", + "testUser".toLowerCase()); + } + + @Test + public void invalidUsernameViaHaProxyWildcardIdAuthTest() throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), + "/aai/v0/testFunction/someUri", "PUT", "invlaidTestUser".toLowerCase())); + } + + @Test + public void validUsernameIsTheExactWildcardIdViaHaProxyWildcardIdAuthTest() + throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/testFunction/someUri", + "PUT", "testWildcardId".toLowerCase(), "aafWildCardIssuer")); + } + + @Test + public void validUsernameContainsTheWildcardIdViaHaProxyWildcardIdAuthTest() + throws AAIUnrecognizedFunctionException { + assertTrue(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), "/aai/v0/testFunction/someUri", + "PUT", "cn=blah, testWildcardId, O=".toLowerCase(), "aafWildCardIssuer")); + } + + @Test + public void validUsernameContainsTheWildcardIdViaHaProxyWildcardIdInvalidIssuerAuthTest() + throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), + "/aai/v0/testFunction/someUri", "PUT", "cn=blah, testWildcardId, O=".toLowerCase(), "invalidIssuer")); + } + + @Test + public void invalidUsernameContainsRegularUsernameViaHaProxyWildcardIdAuthTest() + throws AAIUnrecognizedFunctionException { + assertFalse(authCore.authorize("cn=blah, ha-proxy-wildcard-id, O=".toLowerCase(), + "/aai/v0/testFunction/someUri", "PUT", "cn=blah, testUser, O=".toLowerCase())); + } + +} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAISetup.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAISetup.java new file mode 100644 index 00000000..0827782e --- /dev/null +++ b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAISetup.java @@ -0,0 +1,31 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.aaf.auth; + +import org.junit.BeforeClass; + +public class AAISetup { + + @BeforeClass + public static void preSetup(){ + System.setProperty("AJSC_HOME", "."); + System.setProperty("BUNDLECONFIG_DIR", "src/test/resources/bundleconfig-local"); + } +} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIUserTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIUserTest.java new file mode 100644 index 00000000..e3b79cb7 --- /dev/null +++ b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/AAIUserTest.java @@ -0,0 +1,53 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.aaf.auth; + +import org.junit.Test; + +import static org.junit.Assert.assertEquals; + +public class AAIUserTest extends AAISetup { + + @Test + public void testIsAuth() { + AAIUser usr = new AAIUser("testUser"); + usr.addRole("testRole"); + usr.setUserAccess("auth", "GET"); + usr.setUserAccess("auth", "PUT"); + usr.setUserAccess("authentication", "PUT", "GET", "POST"); + + assertEquals(true, usr.hasAccess("auth", "GET")); + assertEquals(true, usr.hasAccess("auth", "PUT")); + assertEquals(true, usr.hasAccess("authentication", "POST")); + } + + @Test + public void testIsNotAuth() { + AAIUser usr = new AAIUser("testUser"); + usr.addRole("testRole"); + + assertEquals(false, usr.hasAccess("auth", "GET")); + + usr.setUserAccess("auth", "GET"); + assertEquals(false, usr.hasAccess("auth", "PUT")); + } + +} diff --git a/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/CertUtilTest.java b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/CertUtilTest.java new file mode 100644 index 00000000..9f307ac2 --- /dev/null +++ b/aai-aaf-auth/src/test/java/org/onap/aai/aaf/auth/CertUtilTest.java @@ -0,0 +1,87 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.aaf.auth; + +import org.junit.BeforeClass; +import org.junit.Test; + +import javax.servlet.http.HttpServletRequest; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.List; +import java.util.Properties; + +import static org.easymock.EasyMock.*; +import static org.junit.Assert.assertTrue; + +/** + * The Class CertUtilTest + */ +public class CertUtilTest extends AAISetup { + + @Test + public void testCadiCertIssuers() throws IOException { + String propFile = System.getProperty("BUNDLECONFIG_DIR") + "/aaf/cadi.properties"; + Properties cadiProperties = new Properties(); + cadiProperties.load(new FileInputStream(new File(propFile))); + + List<String> issuersList = CertUtil.getCadiCertIssuers(cadiProperties); + assertTrue("issuersList isn't populated", !issuersList.isEmpty()); + + int x = issuersList.get(0).indexOf(" "); + assertTrue("issuer contains spaces", x < 0); + } + + @Test + public void testAaiSslClientOuHeader() { + + HttpServletRequest mockRequest = createMock(HttpServletRequest.class); + expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_OU_HDR)).andReturn("m55555@org.onap.com:TEST").times(1, 4); + expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_CN_HDR)).andReturn("CN").times(1, 2); + expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_O_HDR)).andReturn("O").times(1, 2); + expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_L_HDR)).andReturn("L").times(1, 2); + expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_ST_HDR)).andReturn("ST").times(1, 2); + expect(mockRequest.getHeader(CertUtil.AAI_SSL_CLIENT_C_HDR)).andReturn("C").times(1, 2); + + replay(mockRequest); + String ou = CertUtil.getAaiSslClientOuHeader(mockRequest); + assertTrue("OU Header value is not as expected", ou.equals("m55555@org.onap.com:TEST")); + + assertTrue("Unexpected isHaProxy() return value", CertUtil.isHaProxy(mockRequest)); + + String mechId = CertUtil.getMechId(mockRequest); + assertTrue("mechid value is not as expected", mechId.equals("m55555@org.onap.com")); + + } + + @Test + public void testBuildUserChain() { + + // aaf.userchain.pattern=<AAF-ID>:${aaf.userchain.service.reference}:${aaf.userchain.auth.type}:AS + String aafUserChainPattern = "<AAF-ID>:org.onap.haproxy:X509:AS"; + String mechid = "m11111@onap.org"; + String result = CertUtil.buildUserChainHeader(mechid, aafUserChainPattern); + + assertTrue("user chain value is not as expected", "m11111@onap.org:org.onap.haproxy:X509:AS".equals(result)); + + } +} |