diff options
Diffstat (limited to 'src')
9 files changed, 171 insertions, 70 deletions
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java index fc40e0b..c565c9c 100644 --- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java +++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java @@ -30,17 +30,19 @@ public class AAIMicroServiceAuth { private static LogHelper applicationLogger = LogHelper.INSTANCE; private ValidationServiceAuthConfig validationServiceAuthConfig; + private AAIMicroServiceAuthCore authCore; @Inject public AAIMicroServiceAuth(final ValidationServiceAuthConfig validationServiceAuthConfig) throws AAIAuthException { this.validationServiceAuthConfig = validationServiceAuthConfig; + this.authCore = new AAIMicroServiceAuthCore(); if (!validationServiceAuthConfig.isAuthenticationDisable()) { - AAIMicroServiceAuthCore.init(validationServiceAuthConfig.getAuthPolicyFile()); + authCore.init(validationServiceAuthConfig.getAuthPolicyFile()); } } public boolean authBasic(String username, String authFunction) throws AAIAuthException { - return AAIMicroServiceAuthCore.authorize(username, authFunction); + return authCore.authorize(username, authFunction); } public String authUser(String authUser, String authFunction) throws AAIAuthException { @@ -60,7 +62,7 @@ public class AAIMicroServiceAuth { } applicationLogger.debug("Got one:" + cookie); - return AAIMicroServiceAuthCore.authorize(username.toString(), authFunction); + return authCore.authorize(username.toString(), authFunction); } public boolean validateRequest(HttpServletRequest req, String action, String apiPath) throws AAIAuthException { diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java index 4373711..9bd8e2b 100644 --- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java +++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java @@ -1,20 +1,24 @@ /** - * ============LICENSE_START=================================================== - * Copyright (c) 2018 Amdocs - * ============================================================================ + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2018-2019 European Software Marketing Ltd. + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * ============LICENSE_END===================================================== + * ============LICENSE_END========================================================= */ + package org.onap.aai.auth; import com.fasterxml.jackson.core.JsonProcessingException; @@ -43,54 +47,39 @@ public class AAIMicroServiceAuthCore { private static LogHelper applicationLogger = LogHelper.INSTANCE; - public static final String APPCONFIG_DIR = (System.getProperty("CONFIG_HOME") == null) - ? Paths.get(System.getProperty("APP_HOME"), "appconfig").toString() : System.getProperty("CONFIG_HOME"); - - private static Path appConfigAuthDir = Paths.get(APPCONFIG_DIR, "auth"); - private static Path defaultAuthFileName = appConfigAuthDir.resolve("auth_policy.json"); + private Path appConfigAuthDir; private static boolean usersInitialized = false; private static HashMap<String, AAIAuthUser> users; private static boolean timerSet = false; - private static String policyAuthFileName; + private String policyAuthFileName; public enum HttpMethods { - GET, - PUT, - DELETE, - HEAD, - POST - } - - // Don't instantiate - private AAIMicroServiceAuthCore() {} - - public static String getDefaultAuthFileName() { - return defaultAuthFileName.toString(); + GET, PUT, DELETE, HEAD, POST } - public static void setDefaultAuthFileName(String defaultAuthFileName) { - AAIMicroServiceAuthCore.defaultAuthFileName = Paths.get(defaultAuthFileName); + public AAIMicroServiceAuthCore() { + appConfigAuthDir = Paths.get(System.getProperty("CONFIG_HOME"), "auth"); } /** * @param authPolicyFile * @throws AAIAuthException - * if the policy file cannot be loaded + * if the policy file cannot be loaded */ - public static synchronized void init(String authPolicyFile) throws AAIAuthException { - + public void init(String authPolicyFile) throws AAIAuthException { try { - policyAuthFileName = AAIMicroServiceAuthCore.getConfigFile(authPolicyFile); + policyAuthFileName = getConfigFile(authPolicyFile); } catch (IOException e) { applicationLogger.debug("Exception while retrieving policy file."); applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e); throw new AAIAuthException(e.getMessage()); } + if (policyAuthFileName == null) { throw new AAIAuthException("Auth policy file could not be found"); } - AAIMicroServiceAuthCore.reloadUsers(); + reloadUsers(); TimerTask task = new FileWatcher(new File(policyAuthFileName)) { @Override @@ -98,7 +87,7 @@ public class AAIMicroServiceAuthCore { // here we implement the onChange applicationLogger.debug("File " + file.getName() + " has been changed!"); try { - AAIMicroServiceAuthCore.reloadUsers(); + reloadUsers(); } catch (AAIAuthException e) { applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e); } @@ -115,7 +104,7 @@ public class AAIMicroServiceAuthCore { } } - public static String getConfigFile(String authPolicyFile) throws IOException { + public String getConfigFile(String authPolicyFile) throws IOException { File authFile = new File(authPolicyFile); if (authFile.exists()) { return authFile.getCanonicalPath(); @@ -123,20 +112,15 @@ public class AAIMicroServiceAuthCore { authFile = appConfigAuthDir.resolve(authPolicyFile).toFile(); if (authFile.exists()) { return authFile.getCanonicalPath(); + } else { + return null; } - if (getDefaultAuthFileName() != null) { - authFile = new File(getDefaultAuthFileName()); - if (authFile.exists()) { - return getDefaultAuthFileName(); - } - } - return null; } /** * @throws AAIAuthException */ - public static synchronized void reloadUsers() throws AAIAuthException { + public synchronized void reloadUsers() throws AAIAuthException { users = new HashMap<>(); ObjectMapper mapper = new ObjectMapper(); @@ -248,7 +232,7 @@ public class AAIMicroServiceAuthCore { } } - public static boolean authorize(String username, String authFunction) throws AAIAuthException { + public boolean authorize(String username, String authFunction) throws AAIAuthException { if (!usersInitialized || users == null) { throw new AAIAuthException("Auth module not initialized"); } diff --git a/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java b/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java index cd42e02..6805b5e 100644 --- a/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java +++ b/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java @@ -1,7 +1,10 @@ -/* - * ============LICENSE_START=================================================== - * Copyright (c) 2018 Amdocs - * ============================================================================ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2018-2019 European Software Marketing Ltd. + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,8 +16,9 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * ============LICENSE_END===================================================== + * ============LICENSE_END========================================================= */ + package org.onap.aai.validation.config; import org.springframework.beans.factory.annotation.Value; diff --git a/src/test/java/org/onap/aai/validation/TestApplication.java b/src/test/java/org/onap/aai/validation/TestApplication.java index 3dfa177..9f66df9 100644 --- a/src/test/java/org/onap/aai/validation/TestApplication.java +++ b/src/test/java/org/onap/aai/validation/TestApplication.java @@ -20,6 +20,9 @@ */ package org.onap.aai.validation; +import java.io.IOException; +import org.hamcrest.Description; +import org.hamcrest.TypeSafeMatcher; import org.junit.Before; import org.junit.Rule; import org.junit.Test; @@ -33,7 +36,7 @@ import org.springframework.test.context.TestPropertySource; * */ @SpringBootTest(classes = ValidationServiceApplication.class) -@TestPropertySource(locations = {"classpath:oxm-reader/schemaIngest.properties", "classpath:application.properties"}) +@TestPropertySource(locations = {"classpath:oxm-reader/schemaIngest.properties", "classpath:test-application.properties"}) @ContextConfiguration(locations = {"classpath:validation-service-beans.xml"}) public class TestApplication { @@ -63,4 +66,40 @@ public class TestApplication { ValidationServiceApplication.main(new String[] {}); } + @Test + public void testApplicationWithEmptyKeyStorePassword() { + System.setProperty("KEY_STORE_PASSWORD", ""); + final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect"); + expectedEx.expectCause(expectedCause); + ValidationServiceApplication.main(new String[] {}); + } + + @Test + public void testApplicationWithIncorrectKeyStorePassword() { + System.setProperty("KEY_STORE_PASSWORD", "test"); + final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect"); + expectedEx.expectCause(expectedCause); + ValidationServiceApplication.main(new String[] {}); + } + + private static class CauseMatcher extends TypeSafeMatcher<Throwable> { + + private final Class<? extends Throwable> type; + private final String expectedMessage; + + public CauseMatcher(Class<? extends Throwable> type, String expectedMessage) { + this.type = type; + this.expectedMessage = expectedMessage; + } + + @Override + protected boolean matchesSafely(Throwable item) { + return item.getClass().isAssignableFrom(type) && item.getMessage().contains(expectedMessage); + } + + @Override + public void describeTo(Description description) { + description.appendValue(type).appendText(" and message ").appendValue(expectedMessage); + } + } } diff --git a/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java index f9bd177..7217224 100644 --- a/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java +++ b/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java @@ -1,7 +1,10 @@ -/* - * ============LICENSE_START=================================================== - * Copyright (c) 2018 Amdocs - * ============================================================================ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2018-2019 European Software Marketing Ltd. + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,8 +16,9 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * ============LICENSE_END===================================================== + * ============LICENSE_END========================================================= */ + package org.onap.aai.validation.auth; import static org.hamcrest.CoreMatchers.equalTo; @@ -35,19 +39,16 @@ import org.junit.Test; import org.mockito.Mockito; import org.onap.aai.auth.AAIAuthException; import org.onap.aai.auth.AAIMicroServiceAuth; -import org.onap.aai.auth.AAIMicroServiceAuthCore; import org.onap.aai.validation.config.ValidationServiceAuthConfig; import org.springframework.mock.web.MockHttpServletRequest; /** * Tests @{link AAIMicroServiceAuth} */ - public class MicroServiceAuthTest { static { - System.setProperty("APP_HOME", "."); - System.setProperty("CONFIG_HOME", Paths.get(System.getProperty("user.dir"), "src/test/resources").toString()); + System.setProperty("CONFIG_HOME", Paths.get("src/test/resources").toString()); } private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us"; @@ -62,15 +63,9 @@ public class MicroServiceAuthTest { */ @Test(expected = AAIAuthException.class) public void missingPolicyFile() throws AAIAuthException, IOException { - String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName(); - try { - AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file"); - ValidationServiceAuthConfig authConfig = new ValidationServiceAuthConfig(); - authConfig.setAuthPolicyFile("invalid.file.name"); - new AAIMicroServiceAuth(authConfig); - } finally { - AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile); - } + ValidationServiceAuthConfig authConfig = new ValidationServiceAuthConfig(); + authConfig.setAuthPolicyFile("invalid.file.name"); + new AAIMicroServiceAuth(authConfig); } /** diff --git a/src/test/resources/model-validation/instance-validator/auth/auth_policy.json b/src/test/resources/model-validation/instance-validator/auth/auth_policy.json new file mode 100644 index 0000000..2bf63d1 --- /dev/null +++ b/src/test/resources/model-validation/instance-validator/auth/auth_policy.json @@ -0,0 +1,55 @@ +{"roles": [ + { + "name": "admin", + "functions": [ + { + "name": "actions", + "methods": [ + {"name": "GET"}, + {"name": "DELETE"}, + {"name": "PUT"} + ] + }, + { + "name": "validate", + "methods": [{"name": "POST"}] + } + ], + "users": [ + {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"}, + {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"} + ] + }, + { + "name": "ops", + "functions": [{ + "name": "actions", + "methods": [{"name": "POST"}] + }], + "users": [ + {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"}, + {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"} + ] + }, + { + "name": "basicauth", + "functions": [{ + "name": "util", + "methods": [{"name": "GET"}] + }], + "users": [{ + "user": "aai", + "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30" + }] + }, + { + "name": "nofuncauth", + "functions": [{ + "name": "nofuncutil" + }], + "users": [{ + "user": "aai", + "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30" + }] + } +]} diff --git a/src/test/resources/model-validation/instance-validator/auth/tomcat_keystore b/src/test/resources/model-validation/instance-validator/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..f7dc0ea --- /dev/null +++ b/src/test/resources/model-validation/instance-validator/auth/tomcat_keystore diff --git a/src/test/resources/model-validation/instance-validator/validation-service-auth.properties b/src/test/resources/model-validation/instance-validator/validation-service-auth.properties index 1c1ed97..8e07a2a 100644 --- a/src/test/resources/model-validation/instance-validator/validation-service-auth.properties +++ b/src/test/resources/model-validation/instance-validator/validation-service-auth.properties @@ -14,5 +14,5 @@ # limitations under the License. # ============LICENSE_END===================================================== -auth.policy.file=appconfig-local/auth/auth_policy.json +auth.policy.file=${CONFIG_HOME}/auth/auth_policy.json auth.authentication.disable=false
\ No newline at end of file diff --git a/src/test/resources/test-application.properties b/src/test/resources/test-application.properties index 38b2962..c703e85 100644 --- a/src/test/resources/test-application.properties +++ b/src/test/resources/test-application.properties @@ -1,6 +1,28 @@ +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2018-2019 European Software Marketing Ltd. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +APP_HOME=. +CONFIG_HOME=src/test/resources + consumer.topic.names=aai-event,aai-data-export publisher.topic.names=aai-data-integrity -topics.properties.location=src/test/resources/topic-config/ +topics.properties.location=${CONFIG_HOME}/topic-config/ server.ssl.key-store= |