1 files changed, 219 insertions, 0 deletions

diff --git a/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
new file mode 100644
index 000000000..ebf01a1ba
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
@@ -0,0 +1,219 @@
+/*
+ * ============LICENSE_START=======================================================
+ * ONAP : ccsdk features
+ * ================================================================================
+ * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
+ * All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ */
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.BearerToken;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
+import org.opendaylight.aaa.api.Authentication;
+import org.opendaylight.aaa.api.TokenStore;
+import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
+import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
+import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager;
+import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
+
+public class TestRealm {
+
+    private static OAuth2RealmToTest realm;
+    private static TokenCreator tokenCreator;
+
+    @BeforeClass
+    public static void init() throws IllegalArgumentException, Exception {
+
+        try {
+            Config config = Config.getInstance(TestConfig.TEST_CONFIG_FILENAME);
+            tokenCreator = TokenCreator.getInstance(config);
+            TokenAuthRealm.prepareForLoad(new AuthenticationManager(), new TokenAuthenticators(), new TokenStore() {
+                @Override
+                public void put(String token, Authentication auth) {
+
+                }
+
+                @Override
+                public Authentication get(String token) {
+                    return null;
+                }
+
+                @Override
+                public boolean delete(String token) {
+                    return false;
+                }
+
+                @Override
+                public long tokenExpiration() {
+                    return 0;
+                }
+            });
+            realm = new OAuth2RealmToTest();
+        } catch (IOException e) {
+            fail(e.getMessage());
+        }
+    }
+
+
+    @Test
+    public void testTokenSupport() {
+        assertTrue(realm.supports(new UsernamePasswordToken()));
+        assertTrue(realm.supports(new BearerToken("")));
+    }
+
+
+    @Test
+    public void testAuthorizationInfo() {
+        //bearer token use case
+        PrincipalCollection c = mock(PrincipalCollection.class);
+        final List<String> roles = Arrays.asList("admin", "provision");
+        UserTokenPayload userData = createUserData("", roles);
+
+        DecodedJWT decodedJwt = tokenCreator.verify(tokenCreator.createNewJWT(userData).getToken());
+        when(c.getPrimaryPrincipal()).thenReturn(decodedJwt);
+
+        AuthorizationInfo ai = realm.doGetAuthorizationInfo(c);
+        for (String role : roles) {
+            assertTrue(ai.getRoles().contains(role));
+        }
+        assertEquals(roles.size(), ai.getRoles().size());
+        //odl token use case
+        ODLPrincipal principal = mock(ODLPrincipal.class);
+        when(principal.getRoles()).thenReturn(new HashSet<String>(roles));
+        PrincipalCollection c2 = mock(PrincipalCollection.class);
+        when(c2.getPrimaryPrincipal()).thenReturn(principal);
+        ai = realm.doGetAuthorizationInfo(c2);
+        for (String role : roles) {
+            assertTrue(ai.getRoles().contains(role));
+        }
+        assertEquals(roles.size(), ai.getRoles().size());
+
+    }
+
+    @Test
+    public void testUrlTrimming(){
+        final String internalUrl="https://test.identity.onap:49333";
+        final String externalUrl="https://test.identity.onap:49333";
+        final String testUrl1 = "/my/token/endpoint";
+        final String testUrl2 = internalUrl+testUrl1;
+        final String testUrl3 = externalUrl+testUrl1;
+
+        assertEquals(testUrl1, AuthService.trimUrl(internalUrl, testUrl1));
+        assertEquals(testUrl1, AuthService.trimUrl(internalUrl, testUrl2));
+        assertEquals(testUrl1, AuthService.trimUrl(externalUrl, testUrl3));
+
+        assertEquals(testUrl2, AuthService.extendUrl(internalUrl, testUrl3));
+
+
+
+    }
+    @Test
+    public void testAssertCredentialsMatch() {
+        //bearer token use case
+        UserTokenPayload userData = createUserData("", Arrays.asList("admin", "provision"));
+        AuthenticationToken atoken = new BearerToken(tokenCreator.createNewJWT(userData).getToken());
+        AuthenticationInfo ai = null;
+        try {
+            realm.assertCredentialsMatch(atoken, ai);
+        } catch (AuthenticationException e) {
+            fail(e.getMessage());
+        }
+        //odl token use case
+        atoken = new UsernamePasswordToken("admin", "admin");
+        try {
+            realm.assertCredentialsMatch(atoken, ai);
+        } catch (AuthenticationException e) {
+            fail(e.getMessage());
+        }
+    }
+
+    @Test
+    public void testAuthenticationInfo() {
+        //bearer token use case
+        UserTokenPayload userData = createUserData("", Arrays.asList("admin", "provision"));
+        AuthenticationToken atoken = new BearerToken(tokenCreator.createNewJWT(userData).getToken());
+        AuthenticationInfo ai = null;
+        try {
+            ai = realm.doGetAuthenticationInfo(atoken);
+        } catch (AuthenticationException e) {
+            fail(e.getMessage());
+        }
+        //odl token use case
+        ai=null;
+        atoken = new UsernamePasswordToken("admin", "admin");
+        try {
+            ai = realm.doGetAuthenticationInfo(atoken);
+        } catch (AuthenticationException e) {
+            fail(e.getMessage());
+        }
+    }
+
+    private static UserTokenPayload createUserData(String username, List<String> roles) {
+        UserTokenPayload userData = new UserTokenPayload();
+        userData.setExp(tokenCreator.getDefaultExp());
+        userData.setFamilyName("");
+        userData.setGivenName("");
+        userData.setPreferredUsername(username);
+        userData.setRoles(roles);
+        return userData;
+    }
+
+    public static class OAuth2RealmToTest extends OAuth2Realm {
+
+        public OAuth2RealmToTest() throws IllegalArgumentException, Exception {
+            super();
+        }
+
+        @Override
+        public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg) {
+            return super.doGetAuthorizationInfo(arg);
+        }
+
+        @Override
+        public void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)
+                throws AuthenticationException {
+            super.assertCredentialsMatch(atoken, ai);
+        }
+
+        @Override
+        public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+            return super.doGetAuthenticationInfo(token);
+        }
+    }
+}