diff options
Diffstat (limited to 'src/test/java/org/onap/dmaap/kafkaauthorize')
3 files changed, 480 insertions, 0 deletions
diff --git a/src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java b/src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java new file mode 100644 index 0000000..098d472 --- /dev/null +++ b/src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java @@ -0,0 +1,216 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.apache.kafka.common.acl.AclOperation; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import kafka.network.RequestChannel.Session; +import kafka.security.auth.Operation; +import kafka.security.auth.Resource; +import kafka.security.auth.ResourceType; + +@RunWith(PowerMockRunner.class) +@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) +@PrepareForTest({ AuthorizationProviderFactory.class }) +public class KafkaCustomAuthorizerTest { + @Mock + Session arg0; + @Mock + Operation arg1; + @Mock + Resource arg2; + @Mock + KafkaPrincipal principal; + @Mock + ResourceType resourceType; + @Mock + AuthorizationProviderFactory factory; + @Mock + AuthorizationProvider provider; + + KafkaCustomAuthorizer authorizer; + + static { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + System.setProperty("enableCadi", "true"); + } + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + PowerMockito.when(principal.getName()).thenReturn("fullName"); + PowerMockito.when(arg0.principal()).thenReturn(principal); + PowerMockito.when(arg1.name()).thenReturn("Write"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg2.resourceType()).thenReturn(resourceType); + PowerMockito.when(arg2.name()).thenReturn("namespace.Topic"); + PowerMockito.mockStatic(AuthorizationProviderFactory.class); + PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); + PowerMockito.when(factory.getProvider()).thenReturn(provider); + + } + + @Test + public void testAuthorizerSuccess() { + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(true); + authorizer = new KafkaCustomAuthorizer(); + assertTrue(authorizer.authorize(arg0, arg1, arg2)); + } + + @Test + public void testAuthorizerFailure() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure1() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Cluster"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure2() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.WRITE); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure3() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DESCRIBE); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + @Test + public void testAuthorizerFailure4() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.READ); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure5() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Cluster"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.IDEMPOTENT_WRITE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure6() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DELETE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + +} diff --git a/src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java new file mode 100644 index 0000000..33a0708 --- /dev/null +++ b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java @@ -0,0 +1,80 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; + +@PowerMockIgnore({"jdk.internal.reflect.*"}) +@PrepareForTest({ PlainLoginModule1.class }) +public class PlainLoginModule1Test { + + static PlainLoginModule1 pLogin = new PlainLoginModule1(); + static Subject subject; + @Mock + static CallbackHandler callbackHandler; + + @Mock + static Map<String, String> mymap1; + + @Mock + static Map<String, ?> mymap2; + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + PowerMockito.when(mymap1.get("username")).thenReturn("user1"); + PowerMockito.when(mymap1.get("password")).thenReturn("pass1"); + pLogin.initialize(subject, callbackHandler, mymap1, mymap2); + } + + @Test + public void testLogin() { + assertTrue(pLogin.login()); + } + + @Test + public void testLogout() { + assertTrue(pLogin.logout()); + } + + @Test + public void testCommit() { + assertTrue(pLogin.commit()); + } + + @Test + public void testAbort() { + assertFalse(pLogin.abort()); + } +} diff --git a/src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java new file mode 100644 index 0000000..6128978 --- /dev/null +++ b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java @@ -0,0 +1,184 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.util.Map; +import javax.security.auth.callback.CallbackHandler; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import org.apache.kafka.common.errors.SaslAuthenticationException; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; +import org.onap.dmaap.kafkaauthorize.PlainSaslServer1.PlainSaslServerFactory1; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +@RunWith(PowerMockRunner.class) +@PowerMockIgnore({"javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) +@PrepareForTest({ AuthorizationProviderFactory.class }) +public class PlainSaslServer1Test { + + PlainSaslServer1 sslServer = new PlainSaslServer1(); + + @Mock + AuthorizationProviderFactory factory; + @Mock + AuthorizationProvider provider; + @Mock + CallbackHandler callbackHandler; + @Mock + static Map<String, String> props; + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + PowerMockito.mockStatic(AuthorizationProviderFactory.class); + PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); + PowerMockito.when(factory.getProvider()).thenReturn(provider); + } + + public void testAuthentication() throws Exception { + String response = "authorizationID\u0000username\u0000password"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + assertNotNull(sslServer.evaluateResponse(response.getBytes())); + + } + + @Test + public void testAuthenticationEmptyAuth() throws Exception { + String response = "\u0000username\u0000password"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + assertNotNull(sslServer.evaluateResponse(response.getBytes())); + } + + @Test + public void testAuthenticationEmptyUser() throws Exception { + String response = "authorizationID\u0000\u0000password"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + try { + sslServer.evaluateResponse(response.getBytes()); + } + catch (SaslAuthenticationException e) { + assertNotNull(e); + } + } + + @Test + public void testAuthenticationEmptyPassword() throws Exception { + String response = "authorizationID\u0000username\u0000"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + try { + sslServer.evaluateResponse(response.getBytes()); + } + catch (SaslAuthenticationException e) { + assertNotNull(e); + } + } + + @Test + public void testGetAuthorizationIdWithException() { + try { + sslServer.getAuthorizationID(); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } + } + + @Test + public void testGetNegotiatedPropertyWithException() { + try { + sslServer.getNegotiatedProperty("test"); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } + } + + @Test + public void testIsComplete() { + try { + sslServer.getNegotiatedProperty("test"); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } + assert(true); + } + + @Test + public void testUnwrap() { + try { + sslServer.unwrap(new byte[1], 0, 0); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } catch (SaslAuthenticationException e) { + e.printStackTrace(); + } + assert(true); + } + + @Test + public void testWrap() { + try { + sslServer.wrap(new byte[1], 0, 0); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } catch (SaslAuthenticationException e) { + e.printStackTrace(); + } + assert(true); + } + + @Test + public void testGetMech() { + assertEquals("PLAIN", sslServer.getMechanismName()); + } + + @Test + public void testIsCompleteBool() { + assertFalse(sslServer.isComplete()); + } + + @Test + public void testPlainSaslServer1() throws SaslException { + PlainSaslServerFactory1 plainSaslServerFactory1 = new PlainSaslServerFactory1(); + PlainSaslServer1 saslServer1 = (PlainSaslServer1) plainSaslServerFactory1.createSaslServer(PlainSaslServer1.PLAIN_MECHANISM, "https", "mySaslServer", props, callbackHandler); + assertNotNull(saslServer1); + Mockito.when(props.get(Sasl.POLICY_NOPLAINTEXT)).thenReturn("javax.security.sasl.policy.noplaintext"); + assertEquals(new String[]{"PLAIN"}, plainSaslServerFactory1.getMechanismNames(props)); + } +} |