sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java


1

@media only all and (prefers-color-scheme: dark) {
.highlight .hll { background-color: #49483e }
.highlight .c { color: #75715e } /* Comment */
.highlight .err { color: #960050; background-color: #1e0010 } /* Error */
.highlight .k { color: #66d9ef } /* Keyword */
.highlight .l { color: #ae81ff } /* Literal */
.highlight .n { color: #f8f8f2 } /* Name */
.highlight .o { color: #f92672 } /* Operator */
.highlight .p { color: #f8f8f2 } /* Punctuation */
.highlight .ch { color: #75715e } /* Comment.Hashbang */
.highlight .cm { color: #75715e } /* Comment.Multiline */
.highlight .cp { color: #75715e } /* Comment.Preproc */
.highlight .cpf { color: #75715e } /* Comment.PreprocFile */
.highlight .c1 { color: #75715e } /* Comment.Single */
.highlight .cs { color: #75715e } /* Comment.Special */
.highlight .gd { color: #f92672 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gi { color: #a6e22e } /* Generic.Inserted */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #75715e } /* Generic.Subheading */
.highlight .kc { color: #66d9ef } /* Keyword.Constant */
.highlight .kd { color: #66d9ef } /* Keyword.Declaration */
.highlight .kn { color: #f92672 } /* Keyword.Namespace */
.highlight .kp { color: #66d9ef } /* Keyword.Pseudo */
.highlight .kr { color: #66d9ef } /* Keyword.Reserved */
.highlight .kt { color: #66d9ef } /* Keyword.Type */
.highlight .ld { color: #e6db74 } /* Literal.Date */
.highlight .m { color: #ae81ff } /* Literal.Number */
.highlight .s { color: #e6db74 } /* Literal.String */
.highlight .na { color: #a6e22e } /* Name.Attribute */
.highlight .nb { color: #f8f8f2 } /* Name.Builtin */
.highlight .nc { color: #a6e22e } /* Name.Class */
.highlight .no { color: #66d9ef } /* Name.Constant */
.highlight .nd { color: #a6e22e } /* Name.Decorator */
.highlight .ni { color: #f8f8f2 } /* Name.Entity */
.highlight .ne { color: #a6e22e } /* Name.Exception */
.highlight .nf { color: #a6e22e } /* Name.Function */
.highlight .nl { color: #f8f8f2 } /* Name.Label */
.highlight .nn { color: #f8f8f2 } /* Name.Namespace */
.highlight .nx { color: #a6e22e } /* Name.Other */
.highlight .py { color: #f8f8f2 } /* Name.Property */
.highlight .nt { color: #f92672 } /* Name.Tag */
.highlight .nv { color: #f8f8f2 } /* Name.Variable */
.highlight .ow { color: #f92672 } /* Operator.Word */
.highlight .w { color: #f8f8f2 } /* Text.Whitespace */
.highlight .mb { color: #ae81ff } /* Literal.Number.Bin */
.highlight .mf { color: #ae81ff } /* Literal.Number.Float */
.highlight .mh { color: #ae81ff } /* Literal.Number.Hex */
.highlight .mi { color: #ae81ff } /* Literal.Number.Integer */
.highlight .mo { color: #ae81ff } /* Literal.Number.Oct */
.highlight .sa { color: #e6db74 } /* Literal.String.Affix */
.highlight .sb { color: #e6db74 } /* Literal.String.Backtick */
.highlight .sc { color: #e6db74 } /* Literal.String.Char */
.highlight .dl { color: #e6db74 } /* Literal.String.Delimiter */
.highlight .sd { color: #e6db74 } /* Literal.String.Doc */
.highlight .s2 { color: #e6db74 } /* Literal.String.Double */
.highlight .se { color: #ae81ff } /* Literal.String.Escape */
.highlight .sh { color: #e6db74 } /* Literal.String.Heredoc */
.highlight .si { color: #e6db74 } /* Literal.String.Interpol */
.highlight .sx { color: #e6db74 } /* Literal.String.Other */
.highlight .sr { color: #e6db74 } /* Literal.String.Regex */
.highlight .s1 { color: #e6db74 } /* Literal.String.Single */
.highlight .ss { color: #e6db74 } /* Literal.String.Symbol */
.highlight .bp { color: #f8f8f2 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #a6e22e } /* Name.Function.Magic */
.highlight .vc { color: #f8f8f2 } /* Name.Variable.Class */
.highlight .vg { color: #f8f8f2 } /* Name.Variable.Global */
.highlight .vi { color: #f8f8f2 } /* Name.Variable.Instance */
.highlight .vm { color: #f8f8f2 } /* Name.Variable.Magic */
.highlight .il { color: #ae81ff } /* Literal.Number.Integer.Long */
}
@media (prefers-color-scheme: light) {
.highlight .hll { background-color: #ffffcc }
.highlight .c { color: #888888 } /* Comment */
.highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */
.highlight .k { color: #008800; font-weight: bold } /* Keyword */
.highlight .ch { color: #888888 } /* Comment.Hashbang */
.highlight .cm { color: #888888 } /* Comment.Multiline */
.highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */
.highlight .cpf { color: #888888 } /* Comment.PreprocFile */
.highlight .c1 { color: #888888 } /* Comment.Single */
.highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */
.highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .gr { color: #aa0000 } /* Generic.Error */
.highlight .gh { color: #333333 } /* Generic.Heading */
.highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */
.highlight .go { color: #888888 } /* Generic.Output */
.highlight .gp { color: #555555 } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #666666 } /* Generic.Subheading */
.highlight .gt { color: #aa0000 } /* Generic.Traceback */
.highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008800 } /* Keyword.Pseudo */
.highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */
.highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */
.highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */
.highlight .na { color: #336699 } /* Name.Attribute */
.highlight .nb { color: #003388 } /* Name.Builtin */
.highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */
.highlight .no { color: #003366; font-weight: bold } /* Name.Constant */
.highlight .nd { color: #555555 } /* Name.Decorator */
.highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */
.highlight .nl { color: #336699; font-style: italic } /* Name.Label */
.highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */
.highlight .py { color: #336699; font-weight: bold } /* Name.Property */
.highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #336699 } /* Name.Variable */
.highlight .ow { color: #008800 } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */
.highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */
.highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */
.highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */
.highlight .mo { color: #00/*
 * ============LICENSE_START=======================================================
 * ONAP : ccsdk features
 * ================================================================================
 * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
 * All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 *
 */
package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.BearerToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.subject.PrincipalCollection;
import org.junit.BeforeClass;
import org.junit.Test;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
import org.opendaylight.aaa.api.Authentication;
import org.opendaylight.aaa.api.TokenStore;
import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager;
import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;

public class TestRealm {

    private static OAuth2RealmToTest realm;
    private static TokenCreator tokenCreator;

    @BeforeClass
    public static void init() throws IllegalArgumentException, Exception {

        try {
            Config config = Config.getInstance(TestConfig.TEST_CONFIG_FILENAME);
            tokenCreator = TokenCreator.getInstance(config);
            TokenAuthRealm.prepareForLoad(new AuthenticationManager(), new TokenAuthenticators(), new TokenStore() {
                @Override
                public void put(String token, Authentication auth) {

                }

                @Override
                public Authentication get(String token) {
                    return null;
                }

                @Override
                public boolean delete(String token) {
                    return false;
                }

                @Override
                public long tokenExpiration() {
                    return 0;
                }
            });
            realm = new OAuth2RealmToTest();
        } catch (IOException e) {
            fail(e.getMessage());
        }
    }


    @Test
    public void testTokenSupport() {
        assertTrue(realm.supports(new UsernamePasswordToken()));
        assertTrue(realm.supports(new BearerToken("")));
    }


    @Test
    public void testAuthorizationInfo() {
        //bearer token use case
        PrincipalCollection c = mock(PrincipalCollection.class);
        final List<String> roles = Arrays.asList("admin", "provision");
        UserTokenPayload userData = createUserData("", roles);

        DecodedJWT decodedJwt = tokenCreator.verify(tokenCreator.createNewJWT(userData).getToken());
        when(c.getPrimaryPrincipal()).thenReturn(decodedJwt);

        AuthorizationInfo ai = realm.doGetAuthorizationInfo(c);
        for (String role : roles) {
            assertTrue(ai.getRoles().contains(role));
        }
        assertEquals(roles.size(), ai.getRoles().size());
        //odl token use case
        ODLPrincipal principal = mock(ODLPrincipal.class);
        when(principal.getRoles()).thenReturn(new HashSet<String>(roles));
        PrincipalCollection c2 = mock(PrincipalCollection.class);
        when(c2.getPrimaryPrincipal()).thenReturn(principal);
        ai = realm.doGetAuthorizationInfo(c2);
        for (String role : roles) {
            assertTrue(ai.getRoles().contains(role));
        }
        assertEquals(roles.size(), ai.getRoles().size());

    }

    @Test
    public void testUrlTrimming(){
        final String internalUrl="https://test.identity.onap:49333";
        final String externalUrl="https://test.identity.onap:49333";
        final String testUrl1 = "/my/token/endpoint";
        final String testUrl2 = internalUrl+testUrl1;
        final String testUrl3 = externalUrl+testUrl1;

        assertEquals(testUrl1, AuthService.trimUrl(internalUrl, testUrl1));
        assertEquals(testUrl1, AuthService.trimUrl(internalUrl, testUrl2));
        assertEquals(testUrl1, AuthService.trimUrl(externalUrl, testUrl3));

        assertEquals(testUrl2, AuthService.extendUrl(internalUrl, testUrl3));


    }
    @Test
    public void testAssertCredentialsMatch() {
        //bearer token use case
        UserTokenPayload userData = createUserData("", Arrays.asList("admin", "provision"));
        AuthenticationToken atoken = new BearerToken(tokenCreator.createNewJWT(userData).getToken());
        AuthenticationInfo ai = null;
        try {
            realm.assertCredentialsMatch(atoken, ai);
        } catch (AuthenticationException e) {
            fail(e.getMessage());
        }
        //odl token use case
        atoken = new UsernamePasswordToken("admin", "admin");
        try {
            realm.assertCredentialsMatch(atoken, ai);
        } catch (AuthenticationException e) {
            fail(e.getMessage());
        }
    }

    @Test
    public void testAuthenticationInfo() {
        //bearer token use case
        UserTokenPayload userData = createUserData("", Arrays.asList("admin", "provision"));
        AuthenticationToken atoken = new BearerToken(tokenCreator.createNewJWT(userData).getToken());
        AuthenticationInfo ai = null;
        try {
            ai = realm.doGetAuthenticationInfo(atoken);
        } catch (AuthenticationException e) {
            fail(e.getMessage());
        }
        //odl token use case
        ai=null;
        atoken = new UsernamePasswordToken("admin", "admin");
        try {
            ai = realm.doGetAuthenticationInfo(atoken);
        } catch (AuthenticationException e) {
            fail(e.getMessage());
        }
    }

    private static UserTokenPayload createUserData(String username, List<String> roles) {
        UserTokenPayload userData = new UserTokenPayload();
        userData.setExp(tokenCreator.getDefaultExp());
        userData.setFamilyName("");
        userData.setGivenName("");
        userData.setPreferredUsername(username);
        userData.setRoles(roles);
        return userData;
    }

    public static class OAuth2RealmToTest extends OAuth2Realm {

        public OAuth2RealmToTest() throws IllegalArgumentException, Exception {
            super();
        }

        @Override
        public AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg) {
            return super.doGetAuthorizationInfo(arg);
        }

        @Override
        public void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)
                throws AuthenticationException {
            super.assertCredentialsMatch(atoken, ai);
        }

        @Override
        public AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
            return super.doGetAuthenticationInfo(token);
        }
    }
}