From 91d04c64771832a0b8815ffbe1f0f9920320d94d Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Tue, 14 Feb 2017 19:41:00 -0500 Subject: Initial OpenECOMP policy/engine commit Change-Id: I7dbff37733b661643dd4d1caefa3d7dccc361b6e Signed-off-by: Pamela Dragosh --- .../test/FunctionDefinitionSpecialMatchTest.java | 487 +++++++++++++++++++++ 1 file changed, 487 insertions(+) create mode 100644 ECOMP-PDP/src/test/java/org/openecomp/policy/pdp/test/FunctionDefinitionSpecialMatchTest.java (limited to 'ECOMP-PDP/src/test/java/org/openecomp/policy/pdp/test/FunctionDefinitionSpecialMatchTest.java') diff --git a/ECOMP-PDP/src/test/java/org/openecomp/policy/pdp/test/FunctionDefinitionSpecialMatchTest.java b/ECOMP-PDP/src/test/java/org/openecomp/policy/pdp/test/FunctionDefinitionSpecialMatchTest.java new file mode 100644 index 000000000..19d673624 --- /dev/null +++ b/ECOMP-PDP/src/test/java/org/openecomp/policy/pdp/test/FunctionDefinitionSpecialMatchTest.java @@ -0,0 +1,487 @@ +/*- + * ============LICENSE_START======================================================= + * ECOMP-PDP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.policy.pdp.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + +import java.util.ArrayList; +import java.util.List; + +import javax.security.auth.x500.X500Principal; + +import org.junit.Test; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacmlatt.pdp.policy.Bag; +import com.att.research.xacmlatt.pdp.policy.ExpressionResult; +import com.att.research.xacmlatt.pdp.policy.FunctionArgument; +import com.att.research.xacmlatt.pdp.policy.FunctionArgumentAttributeValue; +import com.att.research.xacmlatt.pdp.policy.FunctionArgumentBag; +import com.att.research.xacmlatt.pdp.std.StdFunctions; +import com.att.research.xacmlatt.pdp.std.functions.*; + +/** + * Test of PDP Functions (See XACML core spec section A.3) + * + * TO RUN - use jUnit + * In Eclipse select this file or the enclosing directory, right-click and select Run As/JUnit Test + * + * + */ +public class FunctionDefinitionSpecialMatchTest { + + /* + * variables useful in the following tests + */ + List arguments = new ArrayList(); + + @Test + public void testX500NameMatch() { + // assume that the contents of the name components are not significant and we can treat them as simple blocks of "=" + String A = "cn=Some person"; + String B = "O=Medico Corp"; + String C = "C=US"; + String D = "DNQUALIFIER=d string"; + String E = "SURNAME=some name"; + String F = "INITIALS=inits"; + + + X500Principal abc = new X500Principal(A + "," + B + "," + C); + X500Principal dabc = new X500Principal(D + "," + A + "," + B + "," + C); + X500Principal abcd = new X500Principal(A + "," + B + "," + C + "," + D); + X500Principal adbc = new X500Principal(A + "," + D + "," + B + "," + C); + X500Principal dcab = new X500Principal(D + "," + C + "," + A + "," + B) ; + X500Principal def = new X500Principal(D + "," + E + "," + F) ; + + + FunctionArgumentAttributeValue attrABC = null; + FunctionArgumentAttributeValue attrDABC = null; + FunctionArgumentAttributeValue attrABCD = null; + FunctionArgumentAttributeValue attrADBC = null; + FunctionArgumentAttributeValue attrDCAB = null; + FunctionArgumentAttributeValue attrDEF = null; + + FunctionArgumentAttributeValue attrBad = null; + FunctionArgumentBag attrBag = new FunctionArgumentBag(new Bag()); + + + try { + attrABC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(abc)); + attrDABC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(dabc)); + attrABCD = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(abcd)); + attrADBC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(adbc)); + attrDCAB = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(dcab)); + attrDEF = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(def)); + + attrBad = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(123)); + } catch (Exception e) { + fail("creating attribute e="+ e); + } + + FunctionDefinitionX500NameMatch fd = (FunctionDefinitionX500NameMatch) StdFunctions.FD_X500NAME_MATCH; + + // check identity and type of the thing created + assertEquals(XACML3.ID_FUNCTION_X500NAME_MATCH, fd.getId()); + assertEquals(DataTypes.DT_X500NAME.getId(), fd.getDataTypeArgs().getId()); + assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId()); + + // just to be safe... If tests take too long these can probably be eliminated + assertFalse(fd.returnsBag()); + assertEquals(new Integer(2), fd.getNumArgs()); + + + // test normal, first exact match for second + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrABC); + ExpressionResult res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + Boolean resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // test first is end of second + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrDABC); + res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // first exact match for sub-section but not end of second + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrABCD); + res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // components of first match components in second but not contiguous + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrADBC); + res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // components of first match components in second but not in order + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrDCAB); + res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // first does not match second at all + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrDEF); + res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // first arg larger than 2nd arg + arguments.clear(); + arguments.add(attrABCD); + arguments.add(attrABC); + res = fd.evaluate(null, arguments); + assertTrue(res.isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // bad arg types + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrBad); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:x500Name-match Expected data type 'x500Name' saw 'integer' at arg index 1", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // too many args + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrABC); + arguments.add(attrABC); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:x500Name-match Expected 2 arguments, got 3", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // too few args + arguments.clear(); + arguments.add(attrABC); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:x500Name-match Expected 2 arguments, got 1", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + arguments.clear(); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:x500Name-match Expected 2 arguments, got 0", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // one arg is bag + arguments.clear(); + arguments.add(attrABC); + arguments.add(attrBag); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:x500Name-match Expected a simple value, saw a bag at arg index 1", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // null arg + arguments.clear(); + arguments.add(null); + arguments.add(attrBag); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:x500Name-match Got null argument at arg index 0", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + } + + + @Test + public void testRfc822NameMatch() { + + + + + FunctionArgumentAttributeValue attrStringabcxyz = null; + FunctionArgumentAttributeValue attrStringABCxyz = null; + FunctionArgumentAttributeValue attrStringabcXYZ = null; + FunctionArgumentAttributeValue attrStringcx = null; + FunctionArgumentAttributeValue attrStringwholedomainpart = null; + FunctionArgumentAttributeValue attrStringWholeDomainPart = null; + FunctionArgumentAttributeValue attrStringWholeDomain = null; + FunctionArgumentAttributeValue attrStringdomainpart = null; + FunctionArgumentAttributeValue attrStringDomainPart = null; + FunctionArgumentAttributeValue attrStringdotWholeDomain = null; + FunctionArgumentAttributeValue attrStringdomain = null; + + FunctionArgumentAttributeValue attrStringNoMatch = null; + FunctionArgumentAttributeValue attrStringMultipleAt = null; + FunctionArgumentAttributeValue attrStringMissingLocal = null; + FunctionArgumentAttributeValue attrStringMissingDomain = null; + + + FunctionArgumentAttributeValue attrRfcabcxyz = null; + FunctionArgumentAttributeValue attrRfcwholedomainpart = null; + FunctionArgumentAttributeValue attrRfcWholeDomainPart = null; + + FunctionArgumentBag attrBag = new FunctionArgumentBag(new Bag()); + + try { + attrStringabcxyz = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("abc@xyz")); + attrStringABCxyz = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("ABC@xyz")); + attrStringabcXYZ = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("abc@XYZ")); + attrStringcx = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("c@x")); + attrStringwholedomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("whole.domain.part")); + attrStringWholeDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("Whole.Domain.Part")); + attrStringWholeDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("Whole.Domain")); + attrStringdomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".domain.part")); + attrStringDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".Domain.Part")); + attrStringdotWholeDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".Whole.Domain")); + attrStringdomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".domain.")); + + attrStringNoMatch = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("no match to any legal name")); + attrStringMultipleAt = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("name@with@multipleAts")); + attrStringMissingLocal = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("@multipleAts")); + attrStringMissingDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("localpart@")); + + attrRfcabcxyz = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@xyz")); + attrRfcwholedomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@whole.domain.part")); + attrRfcWholeDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@Whole.Domain.Part")); + } catch (Exception e) { + fail("creating attribute e="+ e); + } + + FunctionDefinitionRFC822NameMatch fd = (FunctionDefinitionRFC822NameMatch) StdFunctions.FD_RFC822NAME_MATCH; + + // check identity and type of the thing created + assertEquals(XACML3.ID_FUNCTION_RFC822NAME_MATCH, fd.getId()); + assertEquals(DataTypes.DT_RFC822NAME.getId(), fd.getDataTypeArgs().getId()); + assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId()); + + // just to be safe... If tests take too long these can probably be eliminated + assertFalse(fd.returnsBag()); + + + // string identical to name - exact match on whole search term + arguments.clear(); + arguments.add(attrStringabcxyz); + arguments.add(attrRfcabcxyz); + ExpressionResult res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + Boolean resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // no match local case different + arguments.clear(); + arguments.add(attrStringABCxyz); + arguments.add(attrRfcabcxyz); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // match domain case different + arguments.clear(); + arguments.add(attrStringabcXYZ); + arguments.add(attrRfcabcxyz); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + + // partial local + partial domain + arguments.clear(); + arguments.add(attrStringcx); + arguments.add(attrRfcabcxyz); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // whole domain + arguments.clear(); + arguments.add(attrStringwholedomainpart); + arguments.add(attrRfcwholedomainpart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // whole domain different case + arguments.clear(); + arguments.add(attrStringWholeDomainPart); + arguments.add(attrRfcwholedomainpart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + arguments.clear(); + arguments.add(attrStringwholedomainpart); + arguments.add(attrRfcWholeDomainPart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // whole domain fail + arguments.clear(); + arguments.add(attrStringWholeDomain); + arguments.add(attrRfcWholeDomainPart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // partial domain match + arguments.clear(); + arguments.add(attrStringDomainPart); + arguments.add(attrRfcWholeDomainPart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // partial domain different case + arguments.clear(); + arguments.add(attrStringdomainpart); + arguments.add(attrRfcWholeDomainPart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertTrue(resValue); + + // partial domain fail + arguments.clear(); + arguments.add(attrStringdotWholeDomain); + arguments.add(attrRfcWholeDomainPart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + arguments.clear(); + arguments.add(attrStringdomain); + arguments.add(attrRfcWholeDomainPart); + res = fd.evaluate(null, arguments); + assertTrue(res.getStatus().isOk()); + resValue = (Boolean)res.getValue().getValue(); + assertFalse(resValue); + + // search term contains more than 1 @ + arguments.clear(); + arguments.add(attrStringMultipleAt); + arguments.add(attrRfcabcxyz); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match String contained more than 1 '@' in 'name@with@multipleAts'", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // search term missing local part + arguments.clear(); + arguments.add(attrStringMissingLocal); + arguments.add(attrRfcabcxyz); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match String missing local part in '@multipleAts'", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // search term missing domain part + arguments.clear(); + arguments.add(attrStringMissingDomain); + arguments.add(attrRfcabcxyz); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match String missing domain part in 'localpart@'", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // bad arg types + arguments.clear(); + arguments.add(attrRfcabcxyz); + arguments.add(attrStringNoMatch); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match Expected data type 'string' saw 'rfc822Name' at arg index 0", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // too many args + arguments.clear(); + arguments.add(attrStringNoMatch); + arguments.add(attrStringNoMatch); + arguments.add(attrStringNoMatch); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match Expected 2 arguments, got 3", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // too few args + arguments.clear(); + arguments.add(attrStringNoMatch); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match Expected 2 arguments, got 1", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + arguments.clear(); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match Expected 2 arguments, got 0", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // one arg is bag + arguments.clear(); + arguments.add(attrStringNoMatch); + arguments.add(attrBag); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match Expected a simple value, saw a bag at arg index 1", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + // null arg + arguments.clear(); + arguments.add(null); + arguments.add(attrStringNoMatch); + res = fd.evaluate(null, arguments); + assertFalse(res.getStatus().isOk()); + assertEquals( "function:rfc822Name-match Got null argument at arg index 0", res.getStatus().getStatusMessage()); + assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue()); + + + + } + +} -- cgit 1.2.3-korg