summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java8
-rw-r--r--src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java66
-rw-r--r--src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java14
-rw-r--r--src/test/java/org/onap/aai/validation/TestApplication.java41
-rw-r--r--src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java31
-rw-r--r--src/test/resources/model-validation/instance-validator/auth/auth_policy.json55
-rw-r--r--src/test/resources/model-validation/instance-validator/auth/tomcat_keystorebin0 -> 32 bytes
-rw-r--r--src/test/resources/model-validation/instance-validator/validation-service-auth.properties2
-rw-r--r--src/test/resources/test-application.properties24
9 files changed, 171 insertions, 70 deletions
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
index fc40e0b..c565c9c 100644
--- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
+++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
@@ -30,17 +30,19 @@ public class AAIMicroServiceAuth {
private static LogHelper applicationLogger = LogHelper.INSTANCE;
private ValidationServiceAuthConfig validationServiceAuthConfig;
+ private AAIMicroServiceAuthCore authCore;
@Inject
public AAIMicroServiceAuth(final ValidationServiceAuthConfig validationServiceAuthConfig) throws AAIAuthException {
this.validationServiceAuthConfig = validationServiceAuthConfig;
+ this.authCore = new AAIMicroServiceAuthCore();
if (!validationServiceAuthConfig.isAuthenticationDisable()) {
- AAIMicroServiceAuthCore.init(validationServiceAuthConfig.getAuthPolicyFile());
+ authCore.init(validationServiceAuthConfig.getAuthPolicyFile());
}
}
public boolean authBasic(String username, String authFunction) throws AAIAuthException {
- return AAIMicroServiceAuthCore.authorize(username, authFunction);
+ return authCore.authorize(username, authFunction);
}
public String authUser(String authUser, String authFunction) throws AAIAuthException {
@@ -60,7 +62,7 @@ public class AAIMicroServiceAuth {
}
applicationLogger.debug("Got one:" + cookie);
- return AAIMicroServiceAuthCore.authorize(username.toString(), authFunction);
+ return authCore.authorize(username.toString(), authFunction);
}
public boolean validateRequest(HttpServletRequest req, String action, String apiPath) throws AAIAuthException {
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java
index 4373711..9bd8e2b 100644
--- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java
+++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuthCore.java
@@ -1,20 +1,24 @@
/**
- * ============LICENSE_START===================================================
- * Copyright (c) 2018 Amdocs
- * ============================================================================
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2018-2019 European Software Marketing Ltd.
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ============LICENSE_END=====================================================
+ * ============LICENSE_END=========================================================
*/
+
package org.onap.aai.auth;
import com.fasterxml.jackson.core.JsonProcessingException;
@@ -43,54 +47,39 @@ public class AAIMicroServiceAuthCore {
private static LogHelper applicationLogger = LogHelper.INSTANCE;
- public static final String APPCONFIG_DIR = (System.getProperty("CONFIG_HOME") == null)
- ? Paths.get(System.getProperty("APP_HOME"), "appconfig").toString() : System.getProperty("CONFIG_HOME");
-
- private static Path appConfigAuthDir = Paths.get(APPCONFIG_DIR, "auth");
- private static Path defaultAuthFileName = appConfigAuthDir.resolve("auth_policy.json");
+ private Path appConfigAuthDir;
private static boolean usersInitialized = false;
private static HashMap<String, AAIAuthUser> users;
private static boolean timerSet = false;
- private static String policyAuthFileName;
+ private String policyAuthFileName;
public enum HttpMethods {
- GET,
- PUT,
- DELETE,
- HEAD,
- POST
- }
-
- // Don't instantiate
- private AAIMicroServiceAuthCore() {}
-
- public static String getDefaultAuthFileName() {
- return defaultAuthFileName.toString();
+ GET, PUT, DELETE, HEAD, POST
}
- public static void setDefaultAuthFileName(String defaultAuthFileName) {
- AAIMicroServiceAuthCore.defaultAuthFileName = Paths.get(defaultAuthFileName);
+ public AAIMicroServiceAuthCore() {
+ appConfigAuthDir = Paths.get(System.getProperty("CONFIG_HOME"), "auth");
}
/**
* @param authPolicyFile
* @throws AAIAuthException
- * if the policy file cannot be loaded
+ * if the policy file cannot be loaded
*/
- public static synchronized void init(String authPolicyFile) throws AAIAuthException {
-
+ public void init(String authPolicyFile) throws AAIAuthException {
try {
- policyAuthFileName = AAIMicroServiceAuthCore.getConfigFile(authPolicyFile);
+ policyAuthFileName = getConfigFile(authPolicyFile);
} catch (IOException e) {
applicationLogger.debug("Exception while retrieving policy file.");
applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e);
throw new AAIAuthException(e.getMessage());
}
+
if (policyAuthFileName == null) {
throw new AAIAuthException("Auth policy file could not be found");
}
- AAIMicroServiceAuthCore.reloadUsers();
+ reloadUsers();
TimerTask task = new FileWatcher(new File(policyAuthFileName)) {
@Override
@@ -98,7 +87,7 @@ public class AAIMicroServiceAuthCore {
// here we implement the onChange
applicationLogger.debug("File " + file.getName() + " has been changed!");
try {
- AAIMicroServiceAuthCore.reloadUsers();
+ reloadUsers();
} catch (AAIAuthException e) {
applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e);
}
@@ -115,7 +104,7 @@ public class AAIMicroServiceAuthCore {
}
}
- public static String getConfigFile(String authPolicyFile) throws IOException {
+ public String getConfigFile(String authPolicyFile) throws IOException {
File authFile = new File(authPolicyFile);
if (authFile.exists()) {
return authFile.getCanonicalPath();
@@ -123,20 +112,15 @@ public class AAIMicroServiceAuthCore {
authFile = appConfigAuthDir.resolve(authPolicyFile).toFile();
if (authFile.exists()) {
return authFile.getCanonicalPath();
+ } else {
+ return null;
}
- if (getDefaultAuthFileName() != null) {
- authFile = new File(getDefaultAuthFileName());
- if (authFile.exists()) {
- return getDefaultAuthFileName();
- }
- }
- return null;
}
/**
* @throws AAIAuthException
*/
- public static synchronized void reloadUsers() throws AAIAuthException {
+ public synchronized void reloadUsers() throws AAIAuthException {
users = new HashMap<>();
ObjectMapper mapper = new ObjectMapper();
@@ -248,7 +232,7 @@ public class AAIMicroServiceAuthCore {
}
}
- public static boolean authorize(String username, String authFunction) throws AAIAuthException {
+ public boolean authorize(String username, String authFunction) throws AAIAuthException {
if (!usersInitialized || users == null) {
throw new AAIAuthException("Auth module not initialized");
}
diff --git a/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java b/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java
index cd42e02..6805b5e 100644
--- a/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java
+++ b/src/main/java/org/onap/aai/validation/config/ValidationServiceAuthConfig.java
@@ -1,7 +1,10 @@
-/*
- * ============LICENSE_START===================================================
- * Copyright (c) 2018 Amdocs
- * ============================================================================
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2018-2019 European Software Marketing Ltd.
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -13,8 +16,9 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ============LICENSE_END=====================================================
+ * ============LICENSE_END=========================================================
*/
+
package org.onap.aai.validation.config;
import org.springframework.beans.factory.annotation.Value;
diff --git a/src/test/java/org/onap/aai/validation/TestApplication.java b/src/test/java/org/onap/aai/validation/TestApplication.java
index 3dfa177..9f66df9 100644
--- a/src/test/java/org/onap/aai/validation/TestApplication.java
+++ b/src/test/java/org/onap/aai/validation/TestApplication.java
@@ -20,6 +20,9 @@
*/
package org.onap.aai.validation;
+import java.io.IOException;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeMatcher;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
@@ -33,7 +36,7 @@ import org.springframework.test.context.TestPropertySource;
*
*/
@SpringBootTest(classes = ValidationServiceApplication.class)
-@TestPropertySource(locations = {"classpath:oxm-reader/schemaIngest.properties", "classpath:application.properties"})
+@TestPropertySource(locations = {"classpath:oxm-reader/schemaIngest.properties", "classpath:test-application.properties"})
@ContextConfiguration(locations = {"classpath:validation-service-beans.xml"})
public class TestApplication {
@@ -63,4 +66,40 @@ public class TestApplication {
ValidationServiceApplication.main(new String[] {});
}
+ @Test
+ public void testApplicationWithEmptyKeyStorePassword() {
+ System.setProperty("KEY_STORE_PASSWORD", "");
+ final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect");
+ expectedEx.expectCause(expectedCause);
+ ValidationServiceApplication.main(new String[] {});
+ }
+
+ @Test
+ public void testApplicationWithIncorrectKeyStorePassword() {
+ System.setProperty("KEY_STORE_PASSWORD", "test");
+ final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect");
+ expectedEx.expectCause(expectedCause);
+ ValidationServiceApplication.main(new String[] {});
+ }
+
+ private static class CauseMatcher extends TypeSafeMatcher<Throwable> {
+
+ private final Class<? extends Throwable> type;
+ private final String expectedMessage;
+
+ public CauseMatcher(Class<? extends Throwable> type, String expectedMessage) {
+ this.type = type;
+ this.expectedMessage = expectedMessage;
+ }
+
+ @Override
+ protected boolean matchesSafely(Throwable item) {
+ return item.getClass().isAssignableFrom(type) && item.getMessage().contains(expectedMessage);
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendValue(type).appendText(" and message ").appendValue(expectedMessage);
+ }
+ }
}
diff --git a/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java
index f9bd177..7217224 100644
--- a/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java
+++ b/src/test/java/org/onap/aai/validation/auth/MicroServiceAuthTest.java
@@ -1,7 +1,10 @@
-/*
- * ============LICENSE_START===================================================
- * Copyright (c) 2018 Amdocs
- * ============================================================================
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2018-2019 European Software Marketing Ltd.
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -13,8 +16,9 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- * ============LICENSE_END=====================================================
+ * ============LICENSE_END=========================================================
*/
+
package org.onap.aai.validation.auth;
import static org.hamcrest.CoreMatchers.equalTo;
@@ -35,19 +39,16 @@ import org.junit.Test;
import org.mockito.Mockito;
import org.onap.aai.auth.AAIAuthException;
import org.onap.aai.auth.AAIMicroServiceAuth;
-import org.onap.aai.auth.AAIMicroServiceAuthCore;
import org.onap.aai.validation.config.ValidationServiceAuthConfig;
import org.springframework.mock.web.MockHttpServletRequest;
/**
* Tests @{link AAIMicroServiceAuth}
*/
-
public class MicroServiceAuthTest {
static {
- System.setProperty("APP_HOME", ".");
- System.setProperty("CONFIG_HOME", Paths.get(System.getProperty("user.dir"), "src/test/resources").toString());
+ System.setProperty("CONFIG_HOME", Paths.get("src/test/resources").toString());
}
private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us";
@@ -62,15 +63,9 @@ public class MicroServiceAuthTest {
*/
@Test(expected = AAIAuthException.class)
public void missingPolicyFile() throws AAIAuthException, IOException {
- String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName();
- try {
- AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file");
- ValidationServiceAuthConfig authConfig = new ValidationServiceAuthConfig();
- authConfig.setAuthPolicyFile("invalid.file.name");
- new AAIMicroServiceAuth(authConfig);
- } finally {
- AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile);
- }
+ ValidationServiceAuthConfig authConfig = new ValidationServiceAuthConfig();
+ authConfig.setAuthPolicyFile("invalid.file.name");
+ new AAIMicroServiceAuth(authConfig);
}
/**
diff --git a/src/test/resources/model-validation/instance-validator/auth/auth_policy.json b/src/test/resources/model-validation/instance-validator/auth/auth_policy.json
new file mode 100644
index 0000000..2bf63d1
--- /dev/null
+++ b/src/test/resources/model-validation/instance-validator/auth/auth_policy.json
@@ -0,0 +1,55 @@
+{"roles": [
+ {
+ "name": "admin",
+ "functions": [
+ {
+ "name": "actions",
+ "methods": [
+ {"name": "GET"},
+ {"name": "DELETE"},
+ {"name": "PUT"}
+ ]
+ },
+ {
+ "name": "validate",
+ "methods": [{"name": "POST"}]
+ }
+ ],
+ "users": [
+ {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"},
+ {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"}
+ ]
+ },
+ {
+ "name": "ops",
+ "functions": [{
+ "name": "actions",
+ "methods": [{"name": "POST"}]
+ }],
+ "users": [
+ {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"},
+ {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"}
+ ]
+ },
+ {
+ "name": "basicauth",
+ "functions": [{
+ "name": "util",
+ "methods": [{"name": "GET"}]
+ }],
+ "users": [{
+ "user": "aai",
+ "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+ }]
+ },
+ {
+ "name": "nofuncauth",
+ "functions": [{
+ "name": "nofuncutil"
+ }],
+ "users": [{
+ "user": "aai",
+ "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30"
+ }]
+ }
+]}
diff --git a/src/test/resources/model-validation/instance-validator/auth/tomcat_keystore b/src/test/resources/model-validation/instance-validator/auth/tomcat_keystore
new file mode 100644
index 0000000..f7dc0ea
--- /dev/null
+++ b/src/test/resources/model-validation/instance-validator/auth/tomcat_keystore
Binary files differ
diff --git a/src/test/resources/model-validation/instance-validator/validation-service-auth.properties b/src/test/resources/model-validation/instance-validator/validation-service-auth.properties
index 1c1ed97..8e07a2a 100644
--- a/src/test/resources/model-validation/instance-validator/validation-service-auth.properties
+++ b/src/test/resources/model-validation/instance-validator/validation-service-auth.properties
@@ -14,5 +14,5 @@
# limitations under the License.
# ============LICENSE_END=====================================================
-auth.policy.file=appconfig-local/auth/auth_policy.json
+auth.policy.file=${CONFIG_HOME}/auth/auth_policy.json
auth.authentication.disable=false \ No newline at end of file
diff --git a/src/test/resources/test-application.properties b/src/test/resources/test-application.properties
index 38b2962..c703e85 100644
--- a/src/test/resources/test-application.properties
+++ b/src/test/resources/test-application.properties
@@ -1,6 +1,28 @@
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2019 European Software Marketing Ltd.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+APP_HOME=.
+CONFIG_HOME=src/test/resources
+
consumer.topic.names=aai-event,aai-data-export
publisher.topic.names=aai-data-integrity
-topics.properties.location=src/test/resources/topic-config/
+topics.properties.location=${CONFIG_HOME}/topic-config/
server.ssl.key-store=