From 4528a9aac1841e7c4d5ec87392b8929f4ef6bc45 Mon Sep 17 00:00:00 2001 From: efiacor Date: Fri, 16 Jul 2021 12:18:44 +0100 Subject: [DMAAP-KAFKA] Fix sonar coverage etc Signed-off-by: efiacor Change-Id: Ia33a8740bf28fc66d06246c82e1c518d5e4b677e Issue-ID: DMAAP-1629 --- .../base/authorization/AuthorizationProvider.java | 9 +- .../AuthorizationProviderFactory.java | 10 +- .../kafka/base/authorization/Cadi3AAFProvider.java | 45 ++-- .../kafkaAuthorize/KafkaCustomAuthorizer.java | 231 -------------------- .../dmaap/kafkaAuthorize/PlainLoginModule1.java | 70 ------- .../dmaap/kafkaAuthorize/PlainSaslServer1.java | 209 ------------------ .../kafkaAuthorize/PlainSaslServerProvider1.java | 41 ---- .../kafkaauthorize/KafkaCustomAuthorizer.java | 233 +++++++++++++++++++++ .../dmaap/kafkaauthorize/PlainLoginModule1.java | 68 ++++++ .../dmaap/kafkaauthorize/PlainSaslServer1.java | 203 ++++++++++++++++++ .../kafkaauthorize/PlainSaslServerProvider1.java | 42 ++++ .../AuthorizationProviderFactoryTest.java | 5 +- .../base/authorization/Cadi3AAFProviderTest.java | 29 +-- .../kafka/base/authorization/JUnitTestSuite.java | 41 ---- .../kafka/base/authorization/TestRunner.java | 41 ---- .../onap/dmaap/kafkaAuthorize/JUnitTestSuite.java | 41 ---- .../kafkaAuthorize/KafkaCustomAuthorizerTest.java | 218 ------------------- .../kafkaAuthorize/PlainLoginModule1Test.java | 66 ------ .../dmaap/kafkaAuthorize/PlainSaslServer1Test.java | 163 -------------- .../org/onap/dmaap/kafkaAuthorize/TestRunner.java | 41 ---- .../kafkaauthorize/KafkaCustomAuthorizerTest.java | 216 +++++++++++++++++++ .../kafkaauthorize/PlainLoginModule1Test.java | 80 +++++++ .../dmaap/kafkaauthorize/PlainSaslServer1Test.java | 184 ++++++++++++++++ src/test/resources/cadi.properties | 21 +- src/test/resources/org.onap.dmaap.mr.keyfile | 54 ++--- src/test/resources/org.onap.dmaap.mr.p12 | Bin 4261 -> 4637 bytes src/test/resources/org.onap.dmaap.mr.trust.jks | Bin 1413 -> 1413 bytes 27 files changed, 1106 insertions(+), 1255 deletions(-) delete mode 100644 src/main/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizer.java delete mode 100644 src/main/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1.java delete mode 100644 src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1.java delete mode 100644 src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServerProvider1.java create mode 100644 src/main/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizer.java create mode 100644 src/main/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1.java create mode 100644 src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1.java create mode 100644 src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServerProvider1.java delete mode 100644 src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/JUnitTestSuite.java delete mode 100644 src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/TestRunner.java delete mode 100644 src/test/java/org/onap/dmaap/kafkaAuthorize/JUnitTestSuite.java delete mode 100644 src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java delete mode 100644 src/test/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1Test.java delete mode 100644 src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java delete mode 100644 src/test/java/org/onap/dmaap/kafkaAuthorize/TestRunner.java create mode 100644 src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java create mode 100644 src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java create mode 100644 src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java diff --git a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProvider.java b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProvider.java index da96929..551cf81 100644 --- a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProvider.java +++ b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProvider.java @@ -3,6 +3,7 @@ * org.onap.dmaap * ================================================================================ * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,11 +21,13 @@ *******************************************************************************/ package org.onap.dmaap.commonauth.kafka.base.authorization; +import java.io.IOException; + public interface AuthorizationProvider { - public boolean hasPermission(String userId, String permission, String instance, String action); + boolean hasPermission(String userId, String permission, String instance, String action); - public String getId(); + String getId(); - public String authenticate(String userId, String password) throws Exception; + String authenticate(String userId, String password) throws IOException; } diff --git a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactory.java b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactory.java index 6b872af..bdced2d 100644 --- a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactory.java +++ b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactory.java @@ -3,6 +3,7 @@ * org.onap.dmaap * ================================================================================ * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,9 +24,12 @@ package org.onap.dmaap.commonauth.kafka.base.authorization; import java.util.HashMap; import java.util.Map; import java.util.ServiceLoader; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -public class AuthorizationProviderFactory { - private static final Map AUTHORIZATION_PROVIDER_MAP = new HashMap(); +public class AuthorizationProviderFactory { + private static final Logger logger = LoggerFactory.getLogger(AuthorizationProviderFactory.class); + private static final Map AUTHORIZATION_PROVIDER_MAP = new HashMap<>(); private static final AuthorizationProviderFactory AUTHORIZATION_PROVIDER_FACTORY = new AuthorizationProviderFactory(); private AuthorizationProviderFactory() { @@ -36,7 +40,7 @@ public class AuthorizationProviderFactory { } } catch (Exception ee) { - System.out.println(ee); + logger.error(ee.getMessage(), ee); System.exit(0); } } diff --git a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java index b5193cc..92e27b7 100644 --- a/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java +++ b/src/main/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProvider.java @@ -3,6 +3,7 @@ * org.onap.dmaap * ================================================================================ * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,14 +25,8 @@ import java.io.FileInputStream; import java.io.IOException; import java.util.Map; import java.util.Properties; - import javax.security.auth.login.AppConfigurationEntry; import javax.security.auth.login.Configuration; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; @@ -39,6 +34,8 @@ import org.onap.aaf.cadi.aaf.v2_0.AAFCon; import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur; import org.onap.aaf.cadi.principal.UnAuthPrincipal; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class Cadi3AAFProvider implements AuthorizationProvider { @@ -51,16 +48,17 @@ public class Cadi3AAFProvider implements AuthorizationProvider { private static AAFAuthn aafAuthn; private static AbsAAFLur aafLur; private static boolean enableCadi = false; + private static final String ENABLE_CADI = "enableCadi"; private static final Logger logger = LoggerFactory.getLogger(Cadi3AAFProvider.class); static { - if (System.getProperty("enableCadi") != null) { - if (System.getProperty("enableCadi").equals("true")) { + if (System.getProperty(ENABLE_CADI) != null) { + if (System.getProperty(ENABLE_CADI).equals("true")) { enableCadi = true; } } else{ - if (System.getenv("enableCadi") != null && System.getenv("enableCadi").equals("true")) { + if (System.getenv(ENABLE_CADI) != null && System.getenv(ENABLE_CADI).equals("true")) { enableCadi = true; } } @@ -78,8 +76,7 @@ public class Cadi3AAFProvider implements AuthorizationProvider { apiKey = "apiKey"; } else { - for (int i = 0; i < entries.length; i++) { - AppConfigurationEntry entry = entries[i]; + for (AppConfigurationEntry entry : entries) { Map optionsMap = entry.getOptions(); kafkaUsername = (String) optionsMap.get("username"); apiKey = (String) optionsMap.get("password"); @@ -87,7 +84,7 @@ public class Cadi3AAFProvider implements AuthorizationProvider { } } } catch (Exception e) { - logger.error("CRITICAL ERROR: JAAS configuration incorrectly set: " + e.getMessage()); + logger.error("CRITICAL ERROR: JAAS configuration incorrectly set: {}", e.getMessage()); } } @@ -100,13 +97,6 @@ public class Cadi3AAFProvider implements AuthorizationProvider { return enableCadi; } - public static AAFAuthn getAafAuthn() throws CadiException { - if (aafAuthn == null) { - throw new CadiException("Cadi is uninitialized in Cadi3AAFProvider.getAafAuthn()"); - } - return aafAuthn; - } - public Cadi3AAFProvider() { setup(); } @@ -115,7 +105,7 @@ public class Cadi3AAFProvider implements AuthorizationProvider { if (access == null) { Properties props = new Properties(); - FileInputStream fis = null; + FileInputStream fis; try { if (System.getProperty("CADI_PROPERTIES") != null) { fis = new FileInputStream(System.getProperty("CADI_PROPERTIES")); @@ -158,8 +148,7 @@ public class Cadi3AAFProvider implements AuthorizationProvider { public boolean hasPermission(String userId, String permission, String instance, String action) { boolean hasPermission = false; try { - logger.info("^ Event at hasPermission to validate userid " + userId + " with " + permission + " " + instance - + " " + action); + logger.info("^ Event at hasPermission to validate userid {} with {} {} {}", userId, permission, instance, action); // AAF Style permissions are in the form // Resource Name, Resource Type, Action if (userId.equals("admin")) { @@ -169,7 +158,7 @@ public class Cadi3AAFProvider implements AuthorizationProvider { AAFPermission perm = new AAFPermission(null, permission, instance, action); if (aafLur != null) { hasPermission = aafLur.fish(new UnAuthPrincipal(userId), perm); - logger.trace("Permission: " + perm.getKey() + " for user :" + userId + " found: " + hasPermission); + logger.trace("Permission: {} for user : {} found: {}" , perm.getKey(), userId, hasPermission); } else { logger.error("AAF client not initialized. Not able to find permissions."); } @@ -183,16 +172,16 @@ public class Cadi3AAFProvider implements AuthorizationProvider { return "CADI_AAF_PROVIDER"; } - public String authenticate(String userId, String password) throws Exception { + public String authenticate(String userId, String password) throws IOException { - logger.info("^Event received with username " + userId); + logger.info("^Event received with username {}", userId); if (!enableCadi) { return null; } else { if (userId.equals(kafkaUsername)) { if (password.equals(apiKey)) { - logger.info("by passes the authentication for the admin " + kafkaUsername); + logger.info("by passes the authentication for the admin {}", kafkaUsername); return null; } else { String errorMessage = "Authentication failed for user " + kafkaUsername; @@ -203,10 +192,10 @@ public class Cadi3AAFProvider implements AuthorizationProvider { } String aafResponse = aafAuthn.validate(userId, password); - logger.info("aafResponse=" + aafResponse + " for " + userId); + logger.info("aafResponse = {} for {}", aafResponse, userId); if (aafResponse != null) { - logger.error("Authentication failed for user ." + userId); + logger.error("Authentication failed for user {}", userId); } return aafResponse; } diff --git a/src/main/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizer.java b/src/main/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizer.java deleted file mode 100644 index 950cd9f..0000000 --- a/src/main/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizer.java +++ /dev/null @@ -1,231 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import java.util.EnumSet; -import java.util.Map; - -import org.apache.kafka.common.acl.AclOperation; -import org.apache.kafka.common.security.auth.KafkaPrincipal; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; -import org.onap.dmaap.commonauth.kafka.base.authorization.Cadi3AAFProvider; - -import kafka.network.RequestChannel.Session; -import kafka.security.auth.Acl; -import kafka.security.auth.Authorizer; -import kafka.security.auth.Operation; -import kafka.security.auth.Resource; -import scala.collection.immutable.Set; - -/** - * A trivial Kafka Authorizer for use with SSL and AAF - * Authentication/Authorization. - * - */ -public class KafkaCustomAuthorizer implements Authorizer { - - private String[] adminPermission = new String[3]; - public static final EnumSet TOPIC_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.DESCRIBE_CONFIGS); - public static final EnumSet TOPIC_READ_WRITE_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.WRITE, - AclOperation.READ, AclOperation.DESCRIBE_CONFIGS); - public static final EnumSet TOPIC_ADMIN_OPERATIONS = EnumSet.of(AclOperation.ALTER, - AclOperation.ALTER_CONFIGS, AclOperation.CREATE); - - private static final Logger logger = LoggerFactory.getLogger(KafkaCustomAuthorizer.class); - - @Override - public void configure(final Map arg0) { - // TODO Auto-generate method stub - } - - @Override - public void addAcls(final Set arg0, final Resource arg1) { - // TODO Auto-generated method stub - - } - - private String[] getTopicPermission(String topicName, AclOperation aclOperation) { - - String namspace = topicName.substring(0, topicName.lastIndexOf(".")); - String[] permission = new String[3]; - if (TOPIC_READ_WRITE_DESCRIBE_OPERATIONS.contains(aclOperation)) { - permission[0] = namspace + ".topic"; - String instancePart = (System.getenv("pubSubInstPart") != null) ? System.getenv("pubSubInstPart") - : ".topic"; - permission[1] = instancePart + topicName; - - if (aclOperation.equals(AclOperation.WRITE)) { - permission[2] = "pub"; - } else if (aclOperation.equals(AclOperation.READ)) { - permission[2] = "sub"; - - } else if (TOPIC_DESCRIBE_OPERATIONS.contains(aclOperation)) { - permission[2] = "view"; - - } - } else if (aclOperation.equals(AclOperation.DELETE)) { - permission = new String(System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|destroy").split("\\|"); - - } else if (TOPIC_ADMIN_OPERATIONS.contains(aclOperation)) { - permission = new String(System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|create").split("\\|"); - } - - return permission; - } - - private String[] getAdminPermission() { - - if (adminPermission[0] == null) { - adminPermission[0] = System.getProperty("namespace") + ".kafka.access"; - adminPermission[1] = "*"; - adminPermission[2] = "*"; - } - - return adminPermission; - } - - private String[] getPermission(AclOperation aclOperation, String resource, String topicName) { - String[] permission = new String[3]; - switch (aclOperation) { - - case ALTER: - case ALTER_CONFIGS: - case CREATE: - case DELETE: - if (resource.equals("Topic")) { - permission = getTopicPermission(topicName, aclOperation); - } else if (resource.equals("Cluster")) { - permission = getAdminPermission(); - } - break; - case DESCRIBE_CONFIGS: - case READ: - case WRITE: - if (resource.equals("Topic")) { - permission = getTopicPermission(topicName, aclOperation); - } - break; - case IDEMPOTENT_WRITE: - if (resource.equals("Cluster")) { - permission = getAdminPermission(); - } - break; - default: - break; - - } - - return permission; - - } - - @Override - public boolean authorize(final Session arg0, final Operation arg1, final Resource arg2) { - if (arg0.principal() == null) { - return false; - } - - String fullName = arg0.principal().getName(); - fullName = fullName != null ? fullName.trim() : fullName; - String topicName = null; - String[] permission = new String[3]; - - String resource = arg2.resourceType().name(); - - if (resource.equals("Topic")) { - topicName = arg2.name(); - } - - if (fullName != null && fullName.equals(Cadi3AAFProvider.getKafkaUsername())) { - return true; - } - - if ((!Cadi3AAFProvider.isCadiEnabled())||(null != topicName && !topicName.startsWith("org.onap"))) { - return true; - } - - permission = getPermission(arg1.toJava(), resource, topicName); - - if (permission[0] == null) { - return true; - } else { - - try { - - if (null != topicName) { - boolean hasResp = AuthorizationProviderFactory.getProviderFactory().getProvider() - .hasPermission(fullName, permission[0], permission[1], permission[2]); - if (hasResp) { - logger.info("Successful Authorization for " + fullName + " on " + topicName + " for " - + permission[0] + "|" + permission[1] + "|" + permission[2]); - } - if (!hasResp) { - logger.info(fullName + " is not allowed in " + permission[0] + "|" + permission[1] + "|" - + permission[2]); - return false; - } - } - } catch (final Exception e) { - return false; - } - return true; - - } - } - - @Override - public void close() { - // TODO Auto-generated method stub - - } - - @Override - public scala.collection.immutable.Map> getAcls() { - // TODO Auto-generated method stub - return null; - } - - @Override - public scala.collection.immutable.Map> getAcls(final KafkaPrincipal arg0) { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean removeAcls(final Resource arg0) { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean removeAcls(final Set arg0, final Resource arg1) { - // TODO Auto-generated method stub - return false; - } - - public Set getAcls(Resource arg0) { - // TODO Auto-generated method stub - return null; - } -} diff --git a/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1.java b/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1.java deleted file mode 100644 index dd21682..0000000 --- a/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1.java +++ /dev/null @@ -1,70 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import java.util.Map; - -import javax.security.auth.Subject; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.login.LoginException; -import javax.security.auth.spi.LoginModule; - -public class PlainLoginModule1 implements LoginModule { - - private static final String USERNAME_CONFIG = "username"; - private static final String PASSWORD_CONFIG = "password"; - - static { - PlainSaslServerProvider1.initialize(); - } - - @Override - public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, - Map options) { - String username = (String) options.get(USERNAME_CONFIG); - if (username != null) - subject.getPublicCredentials().add(username); - String password = (String) options.get(PASSWORD_CONFIG); - if (password != null) - subject.getPrivateCredentials().add(password); - - } - - @Override - public boolean login() throws LoginException { - return true; - } - - @Override - public boolean logout() throws LoginException { - return true; - } - - @Override - public boolean commit() throws LoginException { - return true; - } - - @Override - public boolean abort() throws LoginException { - return false; - } -} diff --git a/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1.java b/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1.java deleted file mode 100644 index 6213b9b..0000000 --- a/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1.java +++ /dev/null @@ -1,209 +0,0 @@ -/****************************************************************************** - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import java.io.UnsupportedEncodingException; -import java.nio.charset.StandardCharsets; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; - -import javax.security.auth.callback.Callback; -import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.NameCallback; -import javax.security.sasl.Sasl; -import javax.security.sasl.SaslException; -import javax.security.sasl.SaslServer; -import javax.security.sasl.SaslServerFactory; - -import org.apache.kafka.common.errors.SaslAuthenticationException; -import org.apache.kafka.common.security.JaasContext; -import org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler; -import org.apache.kafka.common.security.plain.PlainAuthenticateCallback; -import org.apache.kafka.common.security.plain.internals.PlainSaslServer; -import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; - -/** - * Simple SaslServer implementation for SASL/PLAIN. In order to make this - * implementation fully pluggable, authentication of username/password is fully - * contained within the server implementation. - *

- * Valid users with passwords are specified in the Jaas configuration file. Each - * user is specified with user_ as key and as value. This - * is consistent with Zookeeper Digest-MD5 implementation. - *

- * To avoid storing clear passwords on disk or to integrate with external - * authentication servers in production systems, this module can be replaced - * with a different implementation. - * - */ -public class PlainSaslServer1 implements SaslServer { - - public static final String PLAIN_MECHANISM = "PLAIN"; - - private boolean complete; - private String authorizationId; - - - /** - * @throws SaslAuthenticationException if username/password combination is invalid or if the requested - * authorization id is not the same as username. - *

- * Note: This method may throw {@link SaslAuthenticationException} to provide custom error messages - * to clients. But care should be taken to avoid including any information in the exception message that - * should not be leaked to unauthenticated clients. It may be safer to throw {@link SaslException} in - * some cases so that a standard error message is returned to clients. - *

- */ - @Override - public byte[] evaluateResponse(byte[] responseBytes) throws SaslAuthenticationException { - /* - * Message format (from https://tools.ietf.org/html/rfc4616): - * - * message = [authzid] UTF8NUL authcid UTF8NUL passwd - * authcid = 1*SAFE ; MUST accept up to 255 octets - * authzid = 1*SAFE ; MUST accept up to 255 octets - * passwd = 1*SAFE ; MUST accept up to 255 octets - * UTF8NUL = %x00 ; UTF-8 encoded NUL character - * - * SAFE = UTF1 / UTF2 / UTF3 / UTF4 - * ;; any UTF-8 encoded Unicode character except NUL - */ - String response = new String(responseBytes, StandardCharsets.UTF_8); - List tokens = extractTokens(response); - String authorizationIdFromClient = tokens.get(0); - String username = tokens.get(1); - String password = tokens.get(2); - - if (username.isEmpty()) { - throw new SaslAuthenticationException("Authentication failed: username not specified"); - } - if (password.isEmpty()) { - throw new SaslAuthenticationException("Authentication failed: password not specified"); - } - - String aafResponse = "Not Verified"; - try { - aafResponse = AuthorizationProviderFactory.getProviderFactory().getProvider().authenticate(username, - password); - } catch (Exception e) { - } - if (null != aafResponse) { - throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username); - } - - - if (!authorizationIdFromClient.isEmpty() && !authorizationIdFromClient.equals(username)) - throw new SaslAuthenticationException("Authentication failed: Client requested an authorization id that is different from username"); - - this.authorizationId = username; - - complete = true; - return new byte[0]; - } - - private List extractTokens(String string) { - List tokens = new ArrayList<>(); - int startIndex = 0; - for (int i = 0; i < 4; ++i) { - int endIndex = string.indexOf("\u0000", startIndex); - if (endIndex == -1) { - tokens.add(string.substring(startIndex)); - break; - } - tokens.add(string.substring(startIndex, endIndex)); - startIndex = endIndex + 1; - } - - if (tokens.size() != 3) - throw new SaslAuthenticationException("Invalid SASL/PLAIN response: expected 3 tokens, got " + - tokens.size()); - - return tokens; - } - - @Override - public String getAuthorizationID() { - if (!complete) - throw new IllegalStateException("Authentication exchange has not completed"); - return authorizationId; - } - - @Override - public String getMechanismName() { - return PLAIN_MECHANISM; - } - - @Override - public Object getNegotiatedProperty(String propName) { - if (!complete) - throw new IllegalStateException("Authentication exchange has not completed"); - return null; - } - - @Override - public boolean isComplete() { - return complete; - } - - @Override - public byte[] unwrap(byte[] incoming, int offset, int len) { - if (!complete) - throw new IllegalStateException("Authentication exchange has not completed"); - return Arrays.copyOfRange(incoming, offset, offset + len); - } - - @Override - public byte[] wrap(byte[] outgoing, int offset, int len) { - if (!complete) - throw new IllegalStateException("Authentication exchange has not completed"); - return Arrays.copyOfRange(outgoing, offset, offset + len); - } - - @Override - public void dispose() { - } - - public static class PlainSaslServerFactory1 implements SaslServerFactory { - - @Override - public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Map props, CallbackHandler cbh) - throws SaslException { - - if (!PLAIN_MECHANISM.equals(mechanism)) - throw new SaslException(String.format("Mechanism \'%s\' is not supported. Only PLAIN is supported.", mechanism)); - - return new PlainSaslServer1(); - } - - @Override - public String[] getMechanismNames(Map props) { - if (props == null) return new String[]{PLAIN_MECHANISM}; - String noPlainText = (String) props.get(Sasl.POLICY_NOPLAINTEXT); - if ("true".equals(noPlainText)) - return new String[]{}; - else - return new String[]{PLAIN_MECHANISM}; - } - } -} - diff --git a/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServerProvider1.java b/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServerProvider1.java deleted file mode 100644 index 441a023..0000000 --- a/src/main/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServerProvider1.java +++ /dev/null @@ -1,41 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import java.security.Provider; -import java.security.Security; - -import org.onap.dmaap.kafkaAuthorize.PlainSaslServer1.PlainSaslServerFactory1; - -public class PlainSaslServerProvider1 extends Provider { - - private static final long serialVersionUID = 1L; - - protected PlainSaslServerProvider1() { - super("Simple SASL/PLAIN Server Provider", 1.0, "Simple SASL/PLAIN Server Provider for Kafka"); - super.put("SaslServerFactory." + PlainSaslServer1.PLAIN_MECHANISM, PlainSaslServerFactory1.class.getName()); - } - - public static void initialize() { - Security.insertProviderAt(new PlainSaslServerProvider1(),1); - } -} - diff --git a/src/main/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizer.java b/src/main/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizer.java new file mode 100644 index 0000000..09f704a --- /dev/null +++ b/src/main/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizer.java @@ -0,0 +1,233 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import java.util.EnumSet; +import java.util.Map; + +import org.apache.kafka.common.acl.AclOperation; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; +import org.onap.dmaap.commonauth.kafka.base.authorization.Cadi3AAFProvider; + +import kafka.network.RequestChannel.Session; +import kafka.security.auth.Acl; +import kafka.security.auth.Authorizer; +import kafka.security.auth.Operation; +import kafka.security.auth.Resource; +import scala.collection.immutable.Set; + +/** + * A trivial Kafka Authorizer for use with SSL and AAF + * Authentication/Authorization. + * + */ +public class KafkaCustomAuthorizer implements Authorizer { + + private final String[] adminPermission = new String[3]; + protected static final EnumSet TOPIC_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.DESCRIBE_CONFIGS); + protected static final EnumSet TOPIC_READ_WRITE_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.WRITE, + AclOperation.READ, AclOperation.DESCRIBE_CONFIGS); + protected static final EnumSet TOPIC_ADMIN_OPERATIONS = EnumSet.of(AclOperation.ALTER, + AclOperation.ALTER_CONFIGS, AclOperation.CREATE); + static final String TOPIC = "Topic"; + + private static final Logger logger = LoggerFactory.getLogger(KafkaCustomAuthorizer.class); + + @Override + public void configure(final Map arg0) { + // TODO Auto-generate method stub + } + + @Override + public void addAcls(final Set arg0, final Resource arg1) { + // TODO Auto-generated method stub + + } + + private String[] getTopicPermission(String topicName, AclOperation aclOperation) { + + String namspace = topicName.substring(0, topicName.lastIndexOf(".")); + String[] permission = new String[3]; + if (TOPIC_READ_WRITE_DESCRIBE_OPERATIONS.contains(aclOperation)) { + permission[0] = namspace + ".topic"; + String instancePart = (System.getenv("pubSubInstPart") != null) ? System.getenv("pubSubInstPart") + : ".topic"; + permission[1] = instancePart + topicName; + + if (aclOperation.equals(AclOperation.WRITE)) { + permission[2] = "pub"; + } else if (aclOperation.equals(AclOperation.READ)) { + permission[2] = "sub"; + + } else if (TOPIC_DESCRIBE_OPERATIONS.contains(aclOperation)) { + permission[2] = "view"; + + } + } else if (aclOperation.equals(AclOperation.DELETE)) { + permission = (System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|destroy").split("\\|"); + + } else if (TOPIC_ADMIN_OPERATIONS.contains(aclOperation)) { + permission = (System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|create").split("\\|"); + } + + return permission; + } + + private String[] getAdminPermission() { + + if (adminPermission[0] == null) { + adminPermission[0] = System.getProperty("namespace") + ".kafka.access"; + adminPermission[1] = "*"; + adminPermission[2] = "*"; + } + + return adminPermission; + } + + private String[] getPermission(AclOperation aclOperation, String resource, String topicName) { + String[] permission = new String[3]; + switch (aclOperation) { + + case ALTER: + case ALTER_CONFIGS: + case CREATE: + case DELETE: + if (resource.equals(TOPIC)) { + permission = getTopicPermission(topicName, aclOperation); + } else if (resource.equals("Cluster")) { + permission = getAdminPermission(); + } + break; + case DESCRIBE_CONFIGS: + case READ: + case WRITE: + if (resource.equals(TOPIC)) { + permission = getTopicPermission(topicName, aclOperation); + } + break; + case IDEMPOTENT_WRITE: + if (resource.equals("Cluster")) { + permission = getAdminPermission(); + } + break; + default: + break; + + } + return permission; + + } + + @Override + public boolean authorize(final Session arg0, final Operation arg1, final Resource arg2) { + if (arg0.principal() == null) { + return false; + } + + String fullName = arg0.principal().getName(); + fullName = fullName != null ? fullName.trim() : fullName; + String topicName = null; + String[] permission; + + String resource = arg2.resourceType().name(); + + if (resource.equals(TOPIC)) { + topicName = arg2.name(); + } + + if (fullName != null && fullName.equals(Cadi3AAFProvider.getKafkaUsername())) { + return true; + } + + if ((!Cadi3AAFProvider.isCadiEnabled())||(null != topicName && !topicName.startsWith("org.onap"))) { + return true; + } + + permission = getPermission(arg1.toJava(), resource, topicName); + + if (permission[0] != null) { + return !checkPermissions(fullName, topicName, permission); + } + return true; + } + + private boolean checkPermissions(String fullName, String topicName, String[] permission) { + try { + + if (null != topicName) { + boolean hasResp = AuthorizationProviderFactory.getProviderFactory().getProvider() + .hasPermission(fullName, permission[0], permission[1], permission[2]); + if (hasResp) { + logger.info("Successful Authorization for {} on {} for {} | {} | {}", fullName, topicName, + permission[0], permission[1], permission[2]); + } + if (!hasResp) { + logger.info("{} is not allowed in {} | {} | {}", fullName, permission[0], permission[1], + permission[2]); + return true; + } + } + } catch (final Exception e) { + return true; + } + return false; + } + + @Override + public void close() { + // TODO Auto-generated method stub + + } + + @Override + public scala.collection.immutable.Map> getAcls() { + // TODO Auto-generated method stub + return null; + } + + @Override + public scala.collection.immutable.Map> getAcls(final KafkaPrincipal arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean removeAcls(final Resource arg0) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean removeAcls(final Set arg0, final Resource arg1) { + // TODO Auto-generated method stub + return false; + } + + public Set getAcls(Resource arg0) { + // TODO Auto-generated method stub + return null; + } +} diff --git a/src/main/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1.java b/src/main/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1.java new file mode 100644 index 0000000..f230418 --- /dev/null +++ b/src/main/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1.java @@ -0,0 +1,68 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.spi.LoginModule; + +public class PlainLoginModule1 implements LoginModule { + + private static final String USERNAME_CONFIG = "username"; + private static final String PASSWORD_CONFIG = "password"; + + static { + PlainSaslServerProvider1.initialize(); + } + + @Override + public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { + String username = (String) options.get(USERNAME_CONFIG); + if (username != null) + subject.getPublicCredentials().add(username); + String password = (String) options.get(PASSWORD_CONFIG); + if (password != null) + subject.getPrivateCredentials().add(password); + + } + + @Override + public boolean login() { + return true; + } + + @Override + public boolean logout() { + return true; + } + + @Override + public boolean commit() { + return true; + } + + @Override + public boolean abort() { + return false; + } +} diff --git a/src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1.java b/src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1.java new file mode 100644 index 0000000..ae15bbc --- /dev/null +++ b/src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1.java @@ -0,0 +1,203 @@ +/****************************************************************************** + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import java.nio.charset.StandardCharsets; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import javax.security.auth.callback.CallbackHandler; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import javax.security.sasl.SaslServer; +import javax.security.sasl.SaslServerFactory; +import org.apache.kafka.common.errors.SaslAuthenticationException; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; + +/** + * Simple SaslServer implementation for SASL/PLAIN. In order to make this + * implementation fully pluggable, authentication of username/password is fully + * contained within the server implementation. + *

+ * Valid users with passwords are specified in the Jaas configuration file. Each + * user is specified with user_ as key and as value. This + * is consistent with Zookeeper Digest-MD5 implementation. + *

+ * To avoid storing clear passwords on disk or to integrate with external + * authentication servers in production systems, this module can be replaced + * with a different implementation. + * + */ +public class PlainSaslServer1 implements SaslServer { + + public static final String PLAIN_MECHANISM = "PLAIN"; + + private boolean complete; + private String authorizationId; + private static final String AUTH_EXC_NOT_COMPLETE = "Authentication exchange has not completed"; + + + /** + * @throws SaslAuthenticationException if username/password combination is invalid or if the requested + * authorization id is not the same as username. + *

+ * Note: This method may throw {@link SaslAuthenticationException} to provide custom error messages + * to clients. But care should be taken to avoid including any information in the exception message that + * should not be leaked to unauthenticated clients. It may be safer to throw {@link SaslException} in + * some cases so that a standard error message is returned to clients. + *

+ */ + @Override + public byte[] evaluateResponse(byte[] responseBytes) throws SaslAuthenticationException { + /* + * Message format (from https://tools.ietf.org/html/rfc4616): + * + * message = [authzid] UTF8NUL authcid UTF8NUL passwd + * authcid = 1*SAFE ; MUST accept up to 255 octets + * authzid = 1*SAFE ; MUST accept up to 255 octets + * passwd = 1*SAFE ; MUST accept up to 255 octets + * UTF8NUL = %x00 ; UTF-8 encoded NUL character + * + * SAFE = UTF1 / UTF2 / UTF3 / UTF4 + * ;; any UTF-8 encoded Unicode character except NUL + */ + String response = new String(responseBytes, StandardCharsets.UTF_8); + List tokens = extractTokens(response); + String authorizationIdFromClient = tokens.get(0); + String username = tokens.get(1); + String password = tokens.get(2); + + if (username.isEmpty()) { + throw new SaslAuthenticationException("Authentication failed: username not specified"); + } + if (password.isEmpty()) { + throw new SaslAuthenticationException("Authentication failed: password not specified"); + } + + String aafResponse = "Not Verified"; + try { + aafResponse = AuthorizationProviderFactory.getProviderFactory().getProvider().authenticate(username, + password); + } catch (Exception ignored) { + throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username); + } + if (null != aafResponse) { + throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username); + } + + if (!authorizationIdFromClient.isEmpty() && !authorizationIdFromClient.equals(username)) + throw new SaslAuthenticationException("Authentication failed: Client requested an authorization id that is different from username"); + + this.authorizationId = username; + + complete = true; + return new byte[0]; + } + + private List extractTokens(String string) { + List tokens = new ArrayList<>(); + int startIndex = 0; + for (int i = 0; i < 4; ++i) { + int endIndex = string.indexOf("\u0000", startIndex); + if (endIndex == -1) { + tokens.add(string.substring(startIndex)); + break; + } + tokens.add(string.substring(startIndex, endIndex)); + startIndex = endIndex + 1; + } + + if (tokens.size() != 3) + throw new SaslAuthenticationException("Invalid SASL/PLAIN response: expected 3 tokens, got " + + tokens.size()); + + return tokens; + } + + @Override + public String getAuthorizationID() { + if (!complete) + throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE); + return authorizationId; + } + + @Override + public String getMechanismName() { + return PLAIN_MECHANISM; + } + + @Override + public Object getNegotiatedProperty(String propName) { + if (!complete) + throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE); + return null; + } + + @Override + public boolean isComplete() { + return complete; + } + + @Override + public byte[] unwrap(byte[] incoming, int offset, int len) { + if (!complete) + throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE); + return Arrays.copyOfRange(incoming, offset, offset + len); + } + + @Override + public byte[] wrap(byte[] outgoing, int offset, int len) { + if (!complete) + throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE); + return Arrays.copyOfRange(outgoing, offset, offset + len); + } + + @Override + public void dispose() { + // TODO Auto-generate method stub + } + + public static class PlainSaslServerFactory1 implements SaslServerFactory { + + @Override + public SaslServer createSaslServer(String mechanism, String protocol, String serverName, Map props, CallbackHandler cbh) + throws SaslException { + + if (!PLAIN_MECHANISM.equals(mechanism)) + throw new SaslException(String.format("Mechanism '%s' is not supported. Only PLAIN is supported.", mechanism)); + + return new PlainSaslServer1(); + } + + @Override + public String[] getMechanismNames(Map props) { + if (props == null) return new String[]{PLAIN_MECHANISM}; + String noPlainText = (String) props.get(Sasl.POLICY_NOPLAINTEXT); + if ("true".equals(noPlainText)) + return new String[]{}; + else + return new String[]{PLAIN_MECHANISM}; + } + } +} + diff --git a/src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServerProvider1.java b/src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServerProvider1.java new file mode 100644 index 0000000..b9fbf7a --- /dev/null +++ b/src/main/java/org/onap/dmaap/kafkaauthorize/PlainSaslServerProvider1.java @@ -0,0 +1,42 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import java.security.Provider; +import java.security.Security; + +import org.onap.dmaap.kafkaauthorize.PlainSaslServer1.PlainSaslServerFactory1; + +public class PlainSaslServerProvider1 extends Provider { + + private static final long serialVersionUID = 1L; + + protected PlainSaslServerProvider1() { + super("Simple SASL/PLAIN Server Provider", 1.0, "Simple SASL/PLAIN Server Provider for Kafka"); + super.put("SaslServerFactory." + PlainSaslServer1.PLAIN_MECHANISM, PlainSaslServerFactory1.class.getName()); + } + + public static void initialize() { + Security.insertProviderAt(new PlainSaslServerProvider1(),1); + } +} + diff --git a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java index 7f441f0..bf7890e 100644 --- a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java +++ b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/AuthorizationProviderFactoryTest.java @@ -20,6 +20,8 @@ *******************************************************************************/ package org.onap.dmaap.commonauth.kafka.base.authorization; +import static org.junit.Assert.assertNotNull; + import org.junit.Test; import org.junit.runner.RunWith; import org.powermock.core.classloader.annotations.PowerMockIgnore; @@ -31,8 +33,7 @@ public class AuthorizationProviderFactoryTest { @Test public void testFactory() { - AuthorizationProviderFactory.getProviderFactory().getProvider(); - + assertNotNull(AuthorizationProviderFactory.getProviderFactory().getProvider()); } } diff --git a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java index 1a2bd95..4f9de3d 100644 --- a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java +++ b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/Cadi3AAFProviderTest.java @@ -3,6 +3,7 @@ * org.onap.dmaap * ================================================================================ * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +25,7 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.when; import org.junit.Before; @@ -31,11 +33,7 @@ import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.MockitoAnnotations; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn; -import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp; -import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur; import org.powermock.core.classloader.annotations.PowerMockIgnore; import org.powermock.modules.junit4.PowerMockRunner; @@ -48,21 +46,15 @@ public class Cadi3AAFProviderTest { @Mock private static AAFAuthn aafAuthn; - - @Mock - private static AAFConHttp aafCon; - - @Mock - private static AbsAAFLur aafLur; - @Mock - private static PropAccess access; + static { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + System.setProperty("enableCadi", "true"); + } @Before - public void setUp() throws Exception { + public void setUp() { MockitoAnnotations.initMocks(this); - System.setProperty("enableCadi", "true"); - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); cadi3AAFProvider = new Cadi3AAFProvider(); } @@ -73,14 +65,12 @@ public class Cadi3AAFProviderTest { @Test public void testHasAdminPermission() { - assertEquals(cadi3AAFProvider.hasPermission("admin", "permission", "instance", "action"), true); + assertTrue(cadi3AAFProvider.hasPermission("admin", "permission", "instance", "action")); } - @Test(expected = NullPointerException.class) public void tesAuthenticate() throws Exception { - System.setProperty("enableCadi", "true"); when(aafAuthn.validate("userId", "password")).thenReturn("valid"); - assertEquals(cadi3AAFProvider.authenticate("userId", "password"), "valid"); + assertEquals("valid", cadi3AAFProvider.authenticate("userId", "password")); } @Test @@ -92,5 +82,4 @@ public class Cadi3AAFProviderTest { public void tesAuthenticateAdminwtWrongCred() throws Exception { assertNotNull(cadi3AAFProvider.authenticate("kafkaUsername", "api")); } - } diff --git a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/JUnitTestSuite.java b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/JUnitTestSuite.java deleted file mode 100644 index e9b52d1..0000000 --- a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/JUnitTestSuite.java +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP Policy Engine - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.commonauth.kafka.base.authorization; - -import junit.framework.TestSuite; -import org.junit.runner.RunWith; -import org.junit.runners.Suite; -import org.junit.runners.Suite.SuiteClasses; -import org.apache.log4j.Logger; - -@RunWith(Suite.class) -@SuiteClasses({ AuthorizationProviderFactoryTest.class, Cadi3AAFProviderTest.class }) -public class JUnitTestSuite { - private static final Logger LOGGER = Logger.getLogger(JUnitTestSuite.class); - - public static void main(String[] args) { - LOGGER.info("Running the test suite"); - - TestSuite tstSuite = new TestSuite(); - LOGGER.info("Total Test Counts " + tstSuite.countTestCases()); - } - -} diff --git a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/TestRunner.java b/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/TestRunner.java deleted file mode 100644 index 7f7ea11..0000000 --- a/src/test/java/org/onap/dmaap/commonauth/kafka/base/authorization/TestRunner.java +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP Policy Engine - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.commonauth.kafka.base.authorization; - -import org.junit.runner.JUnitCore; -import org.junit.runner.Result; -import org.junit.runner.notification.Failure; -import org.apache.log4j.Logger; - -public class TestRunner { - private static final Logger LOGGER = Logger.getLogger(TestRunner.class); - - public static void main(String[] args) { - // TODO Auto-generated method stub - Result result = JUnitCore.runClasses(JUnitTestSuite.class); - for (Failure failure : result.getFailures()) { - LOGGER.info(failure.toString()); - - } - LOGGER.info(result.wasSuccessful()); - } - -} diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/JUnitTestSuite.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/JUnitTestSuite.java deleted file mode 100644 index 9486662..0000000 --- a/src/test/java/org/onap/dmaap/kafkaAuthorize/JUnitTestSuite.java +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP Policy Engine - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.kafkaAuthorize; - -import junit.framework.TestSuite; -import org.junit.runner.RunWith; -import org.junit.runners.Suite; -import org.junit.runners.Suite.SuiteClasses; -import org.apache.log4j.Logger; - -@RunWith(Suite.class) -@SuiteClasses({ KafkaCustomAuthorizerTest.class, PlainSaslServer1Test.class, PlainLoginModule1Test.class }) -public class JUnitTestSuite { - private static final Logger LOGGER = Logger.getLogger(JUnitTestSuite.class); - - public static void main(String[] args) { - LOGGER.info("Running the test suite"); - - TestSuite tstSuite = new TestSuite(); - LOGGER.info("Total Test Counts " + tstSuite.countTestCases()); - } - -} diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java deleted file mode 100644 index 7f01be4..0000000 --- a/src/test/java/org/onap/dmaap/kafkaAuthorize/KafkaCustomAuthorizerTest.java +++ /dev/null @@ -1,218 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -import org.apache.kafka.common.acl.AclOperation; -import org.apache.kafka.common.security.auth.KafkaPrincipal; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.mockito.MockitoAnnotations; -import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; -import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PowerMockIgnore; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -import kafka.network.RequestChannel.Session; -import kafka.security.auth.Operation; -import kafka.security.auth.Resource; -import kafka.security.auth.ResourceType; - -@RunWith(PowerMockRunner.class) -@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) -@PrepareForTest({ AuthorizationProviderFactory.class }) -public class KafkaCustomAuthorizerTest { - @Mock - Session arg0; - @Mock - Operation arg1; - @Mock - Resource arg2; - @Mock - KafkaPrincipal principal; - @Mock - ResourceType resourceType; - @Mock - AuthorizationProviderFactory factory; - @Mock - AuthorizationProvider provider; - - KafkaCustomAuthorizer authorizer; - - static { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - } - - @Before - public void setUp() throws Exception { - - MockitoAnnotations.initMocks(this); - PowerMockito.when(principal.getName()).thenReturn("fullName"); - PowerMockito.when(arg0.principal()).thenReturn(principal); - PowerMockito.when(arg1.name()).thenReturn("Write"); - PowerMockito.when(resourceType.name()).thenReturn("Topic"); - PowerMockito.when(arg2.resourceType()).thenReturn(resourceType); - PowerMockito.when(arg2.name()).thenReturn("namespace.Topic"); - PowerMockito.mockStatic(AuthorizationProviderFactory.class); - PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); - PowerMockito.when(factory.getProvider()).thenReturn(provider); - - } - - @Test - public void testAuthorizerSuccess() { - - - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(true); - authorizer = new KafkaCustomAuthorizer(); - assertTrue(authorizer.authorize(arg0, arg1, arg2)); - - } - - @Test - public void testAuthorizerFailure() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); - System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - - @Test - public void testAuthorizerFailure1() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(resourceType.name()).thenReturn("Cluster"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); - System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - - @Test - public void testAuthorizerFailure2() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(resourceType.name()).thenReturn("Topic"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.WRITE); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - - @Test - public void testAuthorizerFailure3() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(resourceType.name()).thenReturn("Topic"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DESCRIBE); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - @Test - public void testAuthorizerFailure4() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(resourceType.name()).thenReturn("Topic"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.READ); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - - @Test - public void testAuthorizerFailure5() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(resourceType.name()).thenReturn("Cluster"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.IDEMPOTENT_WRITE); - System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - - @Test - public void testAuthorizerFailure6() { - System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); - PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); - PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DELETE); - System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); - PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) - .thenReturn(false); - authorizer = new KafkaCustomAuthorizer(); - try { - authorizer.authorize(arg0, arg1, arg2); - } catch (Exception e) { - assertTrue(true); - } - - } - - -} diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1Test.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1Test.java deleted file mode 100644 index 3fd9f0e..0000000 --- a/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainLoginModule1Test.java +++ /dev/null @@ -1,66 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import javax.security.auth.login.LoginException; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.MockitoAnnotations; -import org.powermock.core.classloader.annotations.PowerMockIgnore; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -@RunWith(PowerMockRunner.class) -@PowerMockIgnore({"jdk.internal.reflect.*"}) -@PrepareForTest({ PlainLoginModule1.class }) -public class PlainLoginModule1Test { - - PlainLoginModule1 pLogin = new PlainLoginModule1(); - - @Before - public void setUp() throws Exception { - MockitoAnnotations.initMocks(this); - } - - @Test - public void testLogin() throws LoginException { - boolean b = pLogin.login(); - - assert(b==true); - } - - @Test - public void testLogout() throws LoginException { - assert(pLogin.logout()==true); - } - - @Test - public void testCommit() throws LoginException { - assert(pLogin.commit()==true); - } - - @Test - public void testAbort() throws LoginException { - assert(pLogin.abort()==false); - } -} diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java deleted file mode 100644 index c354378..0000000 --- a/src/test/java/org/onap/dmaap/kafkaAuthorize/PlainSaslServer1Test.java +++ /dev/null @@ -1,163 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START======================================================= - * org.onap.dmaap - * ================================================================================ - * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 -* - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - * - * - *******************************************************************************/ -package org.onap.dmaap.kafkaAuthorize; - -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -import javax.security.sasl.SaslException; - -import org.apache.kafka.common.errors.SaslAuthenticationException; -import org.apache.kafka.common.security.JaasContext; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.mockito.MockitoAnnotations; -import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; -import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PowerMockIgnore; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -@RunWith(PowerMockRunner.class) -@PowerMockIgnore({"javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) -@PrepareForTest({ AuthorizationProviderFactory.class }) -public class PlainSaslServer1Test { - - PlainSaslServer1 sslServer = new PlainSaslServer1(); - @Mock - JaasContext jaasContext; - @Mock - AuthorizationProviderFactory factory; - @Mock - AuthorizationProvider provider; - - @Before - public void setUp() throws Exception { - - MockitoAnnotations.initMocks(this); - PowerMockito.mockStatic(AuthorizationProviderFactory.class); - PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); - PowerMockito.when(factory.getProvider()).thenReturn(provider); - } - - public void testAuthentication() throws Exception { - String response = "authorizationID\u0000username\u0000password"; - PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); - assertNotNull(sslServer.evaluateResponse(response.getBytes())); - - } - - @Test - public void testAuthenticationEmptyAuth() throws Exception { - String response = "\u0000username\u0000password"; - PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); - sslServer.evaluateResponse(response.getBytes()); - assert(true); - } - - @Test - public void testAuthenticationEmptyUser() throws Exception { - String response = "authorizationID\u0000\u0000password"; - PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); - - try { - sslServer.evaluateResponse(response.getBytes()); - } - catch (SaslAuthenticationException e) { - assertNotNull(e); - } - } - @Test - public void testAuthenticationEmptyPassword() throws Exception { - String response = "authorizationID\u0000username\u0000"; - PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); - try { - sslServer.evaluateResponse(response.getBytes()); - } - catch (SaslAuthenticationException e) { - assertNotNull(e); - } - } - - @Test - public void testGetAuthorizationIdWithException() { - - try { - sslServer.getAuthorizationID(); - } - catch (IllegalStateException ise) { - assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); - } - } - - @Test - public void testGetNegotiatedPropertyWithException() { - - try { - sslServer.getNegotiatedProperty("test"); - } - catch (IllegalStateException ise) { - assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); - } - } - - @Test - public void testIsComplete() { - - try { - sslServer.getNegotiatedProperty("test"); - } - catch (IllegalStateException ise) { - assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); - } - assert(true); - } - - - @Test - public void testUnwrap() { - try { - sslServer.unwrap(new byte[1], 0, 0); - } - catch (IllegalStateException ise) { - assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); - } catch (SaslAuthenticationException e) { - e.printStackTrace(); - } - assert(true); - } - - @Test - public void testWrap() { - try { - sslServer.wrap(new byte[1], 0, 0); - } - catch (IllegalStateException ise) { - assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); - } catch (SaslAuthenticationException e) { - e.printStackTrace(); - } - assert(true); - } -} diff --git a/src/test/java/org/onap/dmaap/kafkaAuthorize/TestRunner.java b/src/test/java/org/onap/dmaap/kafkaAuthorize/TestRunner.java deleted file mode 100644 index 829d18d..0000000 --- a/src/test/java/org/onap/dmaap/kafkaAuthorize/TestRunner.java +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP Policy Engine - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.kafkaAuthorize; - -import org.junit.runner.JUnitCore; -import org.junit.runner.Result; -import org.junit.runner.notification.Failure; -import org.apache.log4j.Logger; - -public class TestRunner { - private static final Logger LOGGER = Logger.getLogger(TestRunner.class); - - public static void main(String[] args) { - // TODO Auto-generated method stub - Result result = JUnitCore.runClasses(JUnitTestSuite.class); - for (Failure failure : result.getFailures()) { - LOGGER.info(failure.toString()); - - } - LOGGER.info(result.wasSuccessful()); - } - -} diff --git a/src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java b/src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java new file mode 100644 index 0000000..098d472 --- /dev/null +++ b/src/test/java/org/onap/dmaap/kafkaauthorize/KafkaCustomAuthorizerTest.java @@ -0,0 +1,216 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.apache.kafka.common.acl.AclOperation; +import org.apache.kafka.common.security.auth.KafkaPrincipal; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +import kafka.network.RequestChannel.Session; +import kafka.security.auth.Operation; +import kafka.security.auth.Resource; +import kafka.security.auth.ResourceType; + +@RunWith(PowerMockRunner.class) +@PowerMockIgnore({"javax.net.ssl.*", "javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) +@PrepareForTest({ AuthorizationProviderFactory.class }) +public class KafkaCustomAuthorizerTest { + @Mock + Session arg0; + @Mock + Operation arg1; + @Mock + Resource arg2; + @Mock + KafkaPrincipal principal; + @Mock + ResourceType resourceType; + @Mock + AuthorizationProviderFactory factory; + @Mock + AuthorizationProvider provider; + + KafkaCustomAuthorizer authorizer; + + static { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + System.setProperty("enableCadi", "true"); + } + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + PowerMockito.when(principal.getName()).thenReturn("fullName"); + PowerMockito.when(arg0.principal()).thenReturn(principal); + PowerMockito.when(arg1.name()).thenReturn("Write"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg2.resourceType()).thenReturn(resourceType); + PowerMockito.when(arg2.name()).thenReturn("namespace.Topic"); + PowerMockito.mockStatic(AuthorizationProviderFactory.class); + PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); + PowerMockito.when(factory.getProvider()).thenReturn(provider); + + } + + @Test + public void testAuthorizerSuccess() { + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(true); + authorizer = new KafkaCustomAuthorizer(); + assertTrue(authorizer.authorize(arg0, arg1, arg2)); + } + + @Test + public void testAuthorizerFailure() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure1() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Cluster"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.CREATE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure2() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.WRITE); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure3() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DESCRIBE); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + @Test + public void testAuthorizerFailure4() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Topic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.READ); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure5() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(resourceType.name()).thenReturn("Cluster"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.IDEMPOTENT_WRITE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + @Test + public void testAuthorizerFailure6() { + System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties"); + PowerMockito.when(arg2.name()).thenReturn("org.onap.dmaap.mr.testtopic"); + PowerMockito.when(arg1.toJava()).thenReturn(AclOperation.DELETE); + System.setProperty("msgRtr.topicfactory.aaf", "org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:"); + PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub")) + .thenReturn(false); + authorizer = new KafkaCustomAuthorizer(); + try { + authorizer.authorize(arg0, arg1, arg2); + } catch (Exception e) { + assertTrue(true); + } + + } + + +} diff --git a/src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java new file mode 100644 index 0000000..33a0708 --- /dev/null +++ b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainLoginModule1Test.java @@ -0,0 +1,80 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * Modification copyright (C) 2021 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.util.Map; +import javax.security.auth.Subject; +import javax.security.auth.callback.CallbackHandler; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; + +@PowerMockIgnore({"jdk.internal.reflect.*"}) +@PrepareForTest({ PlainLoginModule1.class }) +public class PlainLoginModule1Test { + + static PlainLoginModule1 pLogin = new PlainLoginModule1(); + static Subject subject; + @Mock + static CallbackHandler callbackHandler; + + @Mock + static Map mymap1; + + @Mock + static Map mymap2; + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + PowerMockito.when(mymap1.get("username")).thenReturn("user1"); + PowerMockito.when(mymap1.get("password")).thenReturn("pass1"); + pLogin.initialize(subject, callbackHandler, mymap1, mymap2); + } + + @Test + public void testLogin() { + assertTrue(pLogin.login()); + } + + @Test + public void testLogout() { + assertTrue(pLogin.logout()); + } + + @Test + public void testCommit() { + assertTrue(pLogin.commit()); + } + + @Test + public void testAbort() { + assertFalse(pLogin.abort()); + } +} diff --git a/src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java new file mode 100644 index 0000000..6128978 --- /dev/null +++ b/src/test/java/org/onap/dmaap/kafkaauthorize/PlainSaslServer1Test.java @@ -0,0 +1,184 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * + *******************************************************************************/ +package org.onap.dmaap.kafkaauthorize; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.util.Map; +import javax.security.auth.callback.CallbackHandler; +import javax.security.sasl.Sasl; +import javax.security.sasl.SaslException; +import org.apache.kafka.common.errors.SaslAuthenticationException; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider; +import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory; +import org.onap.dmaap.kafkaauthorize.PlainSaslServer1.PlainSaslServerFactory1; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; + +@RunWith(PowerMockRunner.class) +@PowerMockIgnore({"javax.security.auth.*", "jdk.internal.reflect.*", "javax.crypto.*"}) +@PrepareForTest({ AuthorizationProviderFactory.class }) +public class PlainSaslServer1Test { + + PlainSaslServer1 sslServer = new PlainSaslServer1(); + + @Mock + AuthorizationProviderFactory factory; + @Mock + AuthorizationProvider provider; + @Mock + CallbackHandler callbackHandler; + @Mock + static Map props; + + @Before + public void setUp() { + MockitoAnnotations.initMocks(this); + PowerMockito.mockStatic(AuthorizationProviderFactory.class); + PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory); + PowerMockito.when(factory.getProvider()).thenReturn(provider); + } + + public void testAuthentication() throws Exception { + String response = "authorizationID\u0000username\u0000password"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + assertNotNull(sslServer.evaluateResponse(response.getBytes())); + + } + + @Test + public void testAuthenticationEmptyAuth() throws Exception { + String response = "\u0000username\u0000password"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + assertNotNull(sslServer.evaluateResponse(response.getBytes())); + } + + @Test + public void testAuthenticationEmptyUser() throws Exception { + String response = "authorizationID\u0000\u0000password"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + try { + sslServer.evaluateResponse(response.getBytes()); + } + catch (SaslAuthenticationException e) { + assertNotNull(e); + } + } + + @Test + public void testAuthenticationEmptyPassword() throws Exception { + String response = "authorizationID\u0000username\u0000"; + PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null); + try { + sslServer.evaluateResponse(response.getBytes()); + } + catch (SaslAuthenticationException e) { + assertNotNull(e); + } + } + + @Test + public void testGetAuthorizationIdWithException() { + try { + sslServer.getAuthorizationID(); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } + } + + @Test + public void testGetNegotiatedPropertyWithException() { + try { + sslServer.getNegotiatedProperty("test"); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } + } + + @Test + public void testIsComplete() { + try { + sslServer.getNegotiatedProperty("test"); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } + assert(true); + } + + @Test + public void testUnwrap() { + try { + sslServer.unwrap(new byte[1], 0, 0); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } catch (SaslAuthenticationException e) { + e.printStackTrace(); + } + assert(true); + } + + @Test + public void testWrap() { + try { + sslServer.wrap(new byte[1], 0, 0); + } + catch (IllegalStateException ise) { + assertTrue(ise.getMessage().equalsIgnoreCase("Authentication exchange has not completed")); + } catch (SaslAuthenticationException e) { + e.printStackTrace(); + } + assert(true); + } + + @Test + public void testGetMech() { + assertEquals("PLAIN", sslServer.getMechanismName()); + } + + @Test + public void testIsCompleteBool() { + assertFalse(sslServer.isComplete()); + } + + @Test + public void testPlainSaslServer1() throws SaslException { + PlainSaslServerFactory1 plainSaslServerFactory1 = new PlainSaslServerFactory1(); + PlainSaslServer1 saslServer1 = (PlainSaslServer1) plainSaslServerFactory1.createSaslServer(PlainSaslServer1.PLAIN_MECHANISM, "https", "mySaslServer", props, callbackHandler); + assertNotNull(saslServer1); + Mockito.when(props.get(Sasl.POLICY_NOPLAINTEXT)).thenReturn("javax.security.sasl.policy.noplaintext"); + assertEquals(new String[]{"PLAIN"}, plainSaslServerFactory1.getMechanismNames(props)); + } +} diff --git a/src/test/resources/cadi.properties b/src/test/resources/cadi.properties index acbb0de..fc14bf1 100644 --- a/src/test/resources/cadi.properties +++ b/src/test/resources/cadi.properties @@ -1,18 +1,19 @@ -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 +aaf_locate_url=https://aaf-locate.onap:8095 aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 aaf_env=DEV aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm -Challenge=enc:26N3deVSkeOeUORRKhI8aWTMLTGNMgO-EdGT7blB5O3XmNXtHcE4du9Bunz8k7O5 -cadi_alias=dmaapmr@mr.dmaap.onap.org -cadi_key_password=enc:je9_4VCevykPfd24WLzQDzCqokPRfmNsyhwUC3mXcibPFhzvjmCKyws3-r-oZEqo + +cadi_truststore=src/test/resources/org.onap.dmaap.mr.trust.jks +cadi_truststore_password=@MP:Wc^8}%n6tG1kr]MI{:#V + cadi_keyfile=src/test/resources/org.onap.dmaap.mr.keyfile + +cadi_alias=dmaapmr@mr.dmaap.onap.org cadi_keystore=src/test/resources/org.onap.dmaap.mr.p12 -cadi_keystore_password=enc:NHmvDrri9DSkZJ_-GLuOM0e-UGi_RpVgj9xYdpAamEILHm7I2E6rjbOif2G94UYW -cadi_keystore_password_jks=enc:wi5LqsAIJ8W29tFYNiPMgJ86n9BAgOrlcOq2_xPNzb6F5M_r487_GLiQT4iIcXbb -cadi_keystore_password_p12=enc:NHmvDrri9DSkZJ_-GLuOM0e-UGi_RpVgj9xYdpAamEILHm7I2E6rjbOif2G94UYW -cadi_truststore=src/test/resources/org.onap.dmaap.mr.trust.jks -cadi_truststore_password=enc:7U4uOSdXQblnjiDsrqyjXugG4nChBXBBjqZ5amRaCq5yeYzbC9hQpH7BwUzYTa59 +cadi_keystore_password=iAHma{haRm)lJ^ah5Au{nZ;$ cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US + +cadi_loglevel=INFO cadi_protocols=TLSv1.1,TLSv1.2 cadi_latitude=37.78187 -cadi_longitude=-122.26147 \ No newline at end of file +cadi_longitude=-122.26147 diff --git a/src/test/resources/org.onap.dmaap.mr.keyfile b/src/test/resources/org.onap.dmaap.mr.keyfile index 88ae118..977f63a 100644 --- a/src/test/resources/org.onap.dmaap.mr.keyfile +++ b/src/test/resources/org.onap.dmaap.mr.keyfile @@ -1,27 +1,27 @@ -WGfF6i2ePMJQ-xNiTEG4qmMOjn6lD4UaQCwsUminLaaGj5ymqQBGQedJFOnhE49UJwwv-pRGJeXP -w-xAgAKArIr7MGRCtGrgau28nl1i4s6Sc1f8FiPkZfavnjlXw9kqtmpswg0sWoR9CvnUSlcMXgyi -ZF4BNenYBYwMOEi5cQN1P0qI6dYOEOFw-wD8tXYMBOjeeF6NjQP5kyk3QXIdktdF12ixmKh2ziMV -yLsJ1nL7Cp4scGLKYKH349tLTEESxdgQYsmljnw5H9OaLPUyFfNn5HqyAQHbd-GTJ-zNcQwvDbQI -bMqi0rlB_Z4NvvZ_6cS7O2NakNMOZoUFdrfDNCh1H2SltxmFwz1hzyU4NWFxF2rzSOdJplJVkb5O -vg4U2lxvAGaNyg2Qz_XbR_mIgLG2pba8doWzNnMImjm8uc4dexWpHmqogHHg2BWVsYfOuEV7HL-b -IaJKNrdU2L9vwpxmKzE0LyRnK41nZ1w22BHUck3FoLSZfOBIoV7ufzs7H3b2G8I3Iwh3M9ax44Fu -h3YEbwyTCEJwKr8VH8isyISfUYCzwjvF_MNCfAh4Sv8uXVDv9w2hYuwgw0Gf0kw9UPcKrl6hAYpg -WuoQYgGWuAl8BF1KB08Em1sQ-4Cn_irfjKrIJSRIUyLqZwOz_5HhQCSAhhx8Hk8hf3VPKNWEhkoi -zNt6AomxE_LS3qcNrxdR1PAzfvg2Lqd0mszE6bMA4I-Nfm41Ji47b4ym6bn5BRwJxcFFfRhfw2V0 -BNWU3ipfoKcfKakHNbZERDZ5WREWNqt6Tzw_qde1qWo9s102Uk8At3nfVNKcfxaB3q9TlUGj0sGP -TmqZvRGYABXrAnILPeCnn66ZcY-HF6q-TZ2KHCeRYm2oGJ5M9G4bVIdMK55QDG6yaRxmwjwyWH3z -gvC5dH5hhmY-uUA5gCtskdHxC9eGXpsb-y-zCZkOgRWY_IWCnzJmDqZzij3cnh_iDpBQIecDMUgi -oI3GlOkZv7jffN-5k2lREpmIH14CjpQCwBcTWoBsMeJNgIXBGoZj3N8gxelQ1n6YUNGm5yflviGa -pIbCgLRXwUsalOj6WQMSHSwTUuV5S_DmWTYc7vYPfyDQeO0XoiNDGFRZt11J55KvcKYZ3l8KZxPl -YqwD1qmV9A46746FLBvxeIfaiAtS4TTtUcUINDF55ywRCIM6SnFwL7fk82qmv8sYKlyBuAnfS75b -1nW8bFvJyrVdQdl9VIbmPZAvEiVPo7sj6t9xUxxhfv-vYT45prl8xR3TetIWuQH_sLhj7Cc9-Foh -BvWniCcQtQbZhdB383MibWYDtQUje9xa9O4gCkebqW0uTbz1YtezhgOH5R6O7tsYfLzPOGiFAYAS -VhrtRQCslAcUPCMYFlr5UUIMPNyocyligiR4TQxFxpXN3yb0dyQUjdY9Utf-fdjYC9IRqWQ4XlKa -Om9b9p2n5p3C4HQbuvKd1Gl4d1aZ3IYSfXsJiNdXB5xc-_-CzMHiHUu7QeAOQBNzRWbskOIqxLnj -1e5DpiPYq98-dKFWY8dcUtgUdje7CojXToVTRNxzoLf9hRFDTBvMMHY3zasCGG5LymQ2G0PBox3V -vOgRfTuGznBjoYzZr2jhGUF9H0jbRaG7wiyWt1dOOEOCiRMZL2Ct_VMcobVdlMyz_vNYNkzf8Ggu -u5j3dPjfB3a1q-GOuxeKU1GSQNW2kYPJNR37o-2HR_-NIXddwGPEHPnesRgZoWmwCEn32SrLXRqL -9QROJQAC4OOm9TqYX0iFYbCNM-qfdlwkgdBn7ZXeKATVVipiytugwJ9jLFrcXlUrNInuMFdxnt5a -hRAZjQcYsSx8OJLJqtoDrFYH-bjEahgTTpxjNfJEojPTiiBC72OHAym6XVmMTsw5hFSnqYoPdDxj -02NQGNs3wZdDRcbBG731RnoLJxdZz5063iwBMjwYzFjwZAtVCyvQkmv628nIwT6OImGlOfEgO88d -iWSOV3FfbORgvQIlzKcY6DawyJLsEAmqQ3Pvx5WffHiaMHTWI38adAIj4ApDIDFfOzSTJlZb \ No newline at end of file +TbnInQ-QMCbTM2Kl9R8DfsTKhwt0nv8PTHooRfzyuHDQD3bHVmU4vjGXeQaFbj1Rq_DcOz6shg8k +mYL0F5L0a-ZxO8id4sbkKqs_BAcRMf4PLJB0X0kBEvAq7Cqt_Hafgq4tz3c_OmutLJlGsWU4AtDe +b68ISK2TG_P1CJGO-Y4xmRC4WW3YxnrL7pWq3r1VJ59KLlCAkL796EGy253lP2Uxl3788uUHZo-Q +h74Yq3sxyyBn2shlH6vhRFOY8PVXO2-ljmBHrQj_NpL62ensYb1cxuGD5mivayGo2g98S3pX2ec2 +jhBB1uXsRSOJ-g1oScB9mDJYkib5l52lNKGw_ZSVaTNh2BP8T-HQjtgpM4lRps6nqLpwzV37u5wi +67a5KIAdQz4txAjBBr62zGBpwkvEOgrtG-fk3Gh6C6C8KwxfUk-mysZNP1SaWLG0U4T05ilnrZa6 +PNqr35wqh_IBfJj2iK1pLqvlFCq8-VDDg1HWNvzlTzyzmlIFNrvHRaskgoM0QNi9ulbQyZ-j6Nsw +l0B4khpNcOt2nc2cnI_jK7yy92i9I3IF4RcubZJSwvL1UEhtbw21XgIaWOcfnCmzIDdUZ33T-eNn +6C6nL4_YAYfSndxOtr25tuUAbq5LWvXKUij1HAaQluN4gBMJxIdY4qm_tcKDxLTsHPTsjujyA_vr +Ut2RWwwIqvUb98Sf2P7r8aIJe6GYrbKMs4mEnbKHzWibaW5z6652EGK20-Z3gvnZaGZ103fcV_4C +IIQUxMmZf8TbPgjMHAP-f-uLCoQ9pPSAFsm3tdQB8IRCsfIFXsg65FPpa2YW7lVpwajCa-hPcGer +pDbT7gKvUNijmcokNFRjjCiMUv8GyXk9xJ1XUB54pb0pZO9Nvswn94FHTpJV8o-ZSeEbnWGYfbFP +gJYtLMrjmoolSQeGOH3gZiLoi_qkscBXhVVQ8_USSouQQPVgs2CgHpYqCrEeul9tIVTEQ6Ae_-nY +IZKHmaEWewIRa7MhP3QzdwbuQ4v5V8D2vYYGrfrTSCOogPx8nwLKhfD1uztbMFb3pZ_qfjEvvL93 +2s8M2tnAGKXOG4z-TLQZmA0KkW32B0IB7XKQBQaElHlkbv2Sibt87APkTk38H4dlGGs1eVRnjmyX +7sIjtbPSCzU9YXr6sRzCQH6qbzdioExUJQYNmraLx8JwJZw-C5_6jUc1jYkGMB3WFGj5i8awxSGM +aPOeH8s6PzwK0M_4hsdl_40S8KVtaMH3541hxpUeTl_wWtlYGyRefHzSB3cEE_UD3ZvKaR56DFFJ +szIVTeNBgZewHPkRyUiUYM3OhUwgbGkLPMA5es60qXGstqGUUZWWGRNOjE8aqQDOMElPpMZOFeqi +m-zaUNU5i0uVpgwfEGVzl5i3jr6qRRnRRYyt7Ufiq_-L4gATQ_FtpO3YR87V9MSqKFoFT1Lr9XSg +_-RSlaZ_uUc6DeplZqD3sExqqz3RcxvyaF1pieFMAv4IUb2-8FwNVSiMymT4g_F98s3iavydu5oy +YtnYVAMgXeMM_O3uLnWX3uyNDWVTmSmYHSm9L0yL84E55Q-KHyjRJ5k5MKqAOmj_NzpdFyJ0zvly +wI145Rr0IErHcrVAaqk7PR1NMoRFnndd3eRWRnsP8JzajvZfJLtLIiR2KRBl8q3Hw55rx0zr7lLu +Wf_tRnAHfhdvwaTXZiGWPDTVOm4LlXUYm4WNu2RjEJeKq0aJ8z4aRSynxAE95xBn4wPEgu76l97X +ipIYDz8Fv2VD4k2Oe358FtQri6wxeHV_0PVJqwSGthn3X9aDpfrAl4scUU8SoOG6CGkWRM1U1ALv +2pv7aYrdv729j-2F8UTdXYDCxg8nlXXIi0RekPviB-AhQRX9vt4z4z6ePFXKIZqf5Lt0diG4rz_z +-tN7Vyb21CsgcE-yDk_yonyp66G1dOFMaJd-FXelfyx-9-0PskvRCrD_OMspAqb7xqDyML2CSZxs +BvDTH9V-5Ixr72FlA3jecd9SJwCE_icpdqttZnkF-Gu7DN2dHM31WIX7ivnwef2YmxtglwKL \ No newline at end of file diff --git a/src/test/resources/org.onap.dmaap.mr.p12 b/src/test/resources/org.onap.dmaap.mr.p12 index 41c82b0..589075e 100644 Binary files a/src/test/resources/org.onap.dmaap.mr.p12 and b/src/test/resources/org.onap.dmaap.mr.p12 differ diff --git a/src/test/resources/org.onap.dmaap.mr.trust.jks b/src/test/resources/org.onap.dmaap.mr.trust.jks index 1a3d366..c2e8111 100644 Binary files a/src/test/resources/org.onap.dmaap.mr.trust.jks and b/src/test/resources/org.onap.dmaap.mr.trust.jks differ -- cgit 1.2.3-korg