From 124e11e9e7ea4652f8a538093ab48df9f575ce2a Mon Sep 17 00:00:00 2001 From: Zlatko Murgoski Date: Wed, 21 Aug 2019 11:14:04 +0200 Subject: Not Secured healtcheck https://jira.onap.org/browse/DCAEGEN2-1539 Issue-ID: DCAEGEN2-1539 Change-Id: I55c9387e64a5a6b710785ecbfa695683d821599a Signed-off-by: Zlatko Murgoski --- src/test/java/org/onap/dcae/TLSTest.java | 5 + src/test/java/org/onap/dcae/TLSTestBase.java | 19 +- .../onap/dcae/restapi/ApiAuthInterceptionTest.java | 253 +++++++++++---------- 3 files changed, 145 insertions(+), 132 deletions(-) (limited to 'src/test/java/org/onap') diff --git a/src/test/java/org/onap/dcae/TLSTest.java b/src/test/java/org/onap/dcae/TLSTest.java index 3cf0a162..49a089cc 100644 --- a/src/test/java/org/onap/dcae/TLSTest.java +++ b/src/test/java/org/onap/dcae/TLSTest.java @@ -4,6 +4,7 @@ * ================================================================================ * Copyright (C) 2018 Nokia. All rights reserved. * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -102,6 +103,7 @@ public class TLSTest extends TLSTestBase { @Override protected void configureSettings(ApplicationSettings settings) { when(settings.authMethod()).thenReturn(AuthMethodType.NO_AUTH.value()); + when(settings.httpPort()).thenReturn(1111); } } @@ -115,6 +117,7 @@ public class TLSTest extends TLSTestBase { when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString()); when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, "$2a$10$51tDgG2VNLde5E173Ay/YO.Fq.aD.LR2Rp8pY3QAKriOSPswvGviy")); + when(settings.httpPort()).thenReturn(1111); } } @@ -126,6 +129,7 @@ public class TLSTest extends TLSTestBase { when(settings.truststoreFileLocation()).thenReturn(TRUSTSTORE.toString()); when(settings.truststorePasswordFileLocation()).thenReturn(TRUSTSTORE_PASSWORD_FILE.toString()); when(settings.certSubjectMatcher()).thenReturn(CERT_SUBJECT_MATCHER.toString()); + when(settings.httpPort()).thenReturn(1111); } } @@ -134,6 +138,7 @@ public class TLSTest extends TLSTestBase { protected void configureSettings(ApplicationSettings settings) { super.configureSettings(settings); when(settings.authMethod()).thenReturn(AuthMethodType.CERT_BASIC_AUTH.value()); + when(settings.httpPort()).thenReturn(1111); } } } \ No newline at end of file diff --git a/src/test/java/org/onap/dcae/TLSTestBase.java b/src/test/java/org/onap/dcae/TLSTestBase.java index df10ead9..1eb5728e 100644 --- a/src/test/java/org/onap/dcae/TLSTestBase.java +++ b/src/test/java/org/onap/dcae/TLSTestBase.java @@ -4,6 +4,7 @@ * ================================================================================ * Copyright (C) 2018 Nokia. All rights reserved. * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,12 +22,20 @@ package org.onap.dcae; -import org.json.JSONObject; +import static org.onap.dcae.TestingUtilities.configureKeyStore; +import static org.onap.dcae.TestingUtilities.createRestTemplateWithSsl; +import static org.onap.dcae.TestingUtilities.readFile; +import static org.onap.dcae.TestingUtilities.rethrow; +import static org.onap.dcae.TestingUtilities.sslBuilderWithTrustStore; + +import java.nio.file.Path; +import java.nio.file.Paths; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Mockito; import org.onap.dcae.common.EventSender; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.boot.web.server.LocalServerPort; import org.springframework.context.annotation.Bean; @@ -37,12 +46,6 @@ import org.springframework.http.client.support.BasicAuthenticationInterceptor; import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.web.client.RestTemplate; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.concurrent.LinkedBlockingQueue; - -import static org.onap.dcae.TestingUtilities.*; - @Configuration @ExtendWith(SpringExtension.class) public class TLSTestBase { @@ -66,7 +69,7 @@ public class TLSTestBase { protected abstract void configureSettings(final ApplicationSettings settings); } - @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) + @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) protected abstract class TestClassBase { @MockBean diff --git a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java index 4398faad..e6d67cf4 100644 --- a/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java +++ b/src/test/java/org/onap/dcae/restapi/ApiAuthInterceptionTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * org.onap.dcaegen2.collectors.ves * ================================================================================ - * Copyright (C) 2018 Nokia. All rights reserved. + * Copyright (C) 2018 - 2019 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,18 +20,8 @@ package org.onap.dcae.restapi; -import static org.mockito.Mockito.atLeastOnce; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - import io.vavr.collection.HashMap; import io.vavr.collection.Map; -import java.io.IOException; -import java.io.PrintWriter; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; @@ -45,128 +35,143 @@ import org.springframework.http.HttpStatus; import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + @RunWith(MockitoJUnitRunner.Silent.class) public class ApiAuthInterceptionTest { - private static final String USERNAME = "Foo"; - private static final String PASSWORD = "Bar"; - private static final Map CREDENTIALS = HashMap.of(USERNAME, PASSWORD); + private static final String USERNAME = "Foo"; + private static final String PASSWORD = "Bar"; + private static final Map CREDENTIALS = HashMap.of(USERNAME, PASSWORD); - @Mock - private Logger log; + @Mock + private Logger log; - @Mock - private ApplicationSettings settings; + @Mock + private ApplicationSettings settings; - @Mock - private HttpServletResponse response; + @Mock + private HttpServletResponse response; - @Mock - private FilterChain obj; + @Mock + private Object obj; - @Mock - private PrintWriter writer; + @Mock + private PrintWriter writer; - @InjectMocks - private ApiAuthInterceptor sut; + @InjectMocks + private ApiAuthInterceptor sut; - private HttpServletRequest createEmptyRequest() { - return MockMvcRequestBuilders + private HttpServletRequest createEmptyRequest() { + return MockMvcRequestBuilders + .post("") + .buildRequest(null); + } + + private HttpServletRequest createRequestWithAuthorizationHeader() { + return SecurityMockMvcRequestPostProcessors + .httpBasic(USERNAME, PASSWORD) + .postProcessRequest( + MockMvcRequestBuilders .post("") - .buildRequest(null); - } - - private HttpServletRequest createRequestWithAuthorizationHeader() { - return SecurityMockMvcRequestPostProcessors - .httpBasic(USERNAME, PASSWORD) - .postProcessRequest( - MockMvcRequestBuilders - .post("") - .buildRequest(null)); - } - - @Test - public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException, ServletException { - // given - final HttpServletRequest request = createEmptyRequest(); - - when(settings.authMethod()).thenReturn(AuthMethodType.NO_AUTH.value()); - - // when - sut.doFilter(request, response, obj); - - // then - verify(obj, atLeastOnce()).doFilter(request, response); - } - - @Test - public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException, ServletException { - // given - final HttpServletRequest request = createEmptyRequest(); - - when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); - when(response.getWriter()).thenReturn(writer); - - // when - sut.doFilter(request, response, obj); - - // then - verify(response).setStatus(HttpStatus.UNAUTHORIZED.value()); - verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); - } - - @Test - public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() - throws IOException, ServletException { - // given - final HttpServletRequest request = createRequestWithAuthorizationHeader(); - - when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); - when(response.getWriter()).thenReturn(writer); - - // when - sut.doFilter(request, response, obj); - - // then - verify(response).setStatus(HttpStatus.UNAUTHORIZED.value()); - verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); - } - - @Test - public void shouldSucceed() throws IOException, ServletException { - // given - final HttpServletRequest request = createRequestWithAuthorizationHeader(); - when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); - when(settings.validAuthorizationCredentials()).thenReturn( - HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G")); - when(response.getWriter()).thenReturn(writer); - - // when - sut.doFilter(request, response, obj); - - // then - verify(obj, atLeastOnce()).doFilter(request, response); - } - - @Test - public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() - throws IOException, ServletException { - // given - final HttpServletRequest request = - MockMvcRequestBuilders - .post("") - .header(HttpHeaders.AUTHORIZATION, "FooBar") - .buildRequest(null); - - when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); - when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS); - when(response.getWriter()).thenReturn(writer); - - // when - sut.doFilter(request, response, obj); - - //then - verify(response).setStatus(HttpStatus.UNAUTHORIZED.value()); - verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); - } + .buildRequest(null)); + } + + @Test + public void shouldSucceedWhenAuthorizationIsDisabled() throws IOException { + // given + final HttpServletRequest request = createEmptyRequest(); + + when(settings.authMethod()).thenReturn(AuthMethodType.NO_AUTH.value()); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertTrue(isAuthorized); + } + + @Test + public void shouldFailDueToEmptyBasicAuthorizationHeader() throws IOException { + // given + final HttpServletRequest request = createEmptyRequest(); + + when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + + // then + assertFalse(isAuthorized); + + verify(response).setStatus(HttpStatus.UNAUTHORIZED.value()); + verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); + } + + @Test + public void shouldFailDueToBasicAuthenticationUserMissingFromSettings() throws IOException { + // given + final HttpServletRequest request = createRequestWithAuthorizationHeader(); + + when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertFalse(isAuthorized); + + verify(response).setStatus(HttpStatus.UNAUTHORIZED.value()); + verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); + } + + @Test + public void shouldSucceed() throws IOException { + // given + final HttpServletRequest request = createRequestWithAuthorizationHeader(); + when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); + when(settings.validAuthorizationCredentials()).thenReturn( + HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G")); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertTrue(isAuthorized); + } + + @Test + public void shouldFailDueToInvalidBasicAuthorizationHeaderValue() throws IOException { + // given + final HttpServletRequest request = + MockMvcRequestBuilders + .post("") + .header(HttpHeaders.AUTHORIZATION, "FooBar") + .buildRequest(null); + + when(settings.authMethod()).thenReturn(AuthMethodType.BASIC_AUTH.value()); + when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS); + when(response.getWriter()).thenReturn(writer); + + // when + final boolean isAuthorized = sut.preHandle(request, response, obj); + + // then + assertFalse(isAuthorized); + + verify(response).setStatus(HttpStatus.UNAUTHORIZED.value()); + verify(writer).write(ApiException.UNAUTHORIZED_USER.toJSON().toString()); + } } -- cgit 1.2.3-korg