From 91d04c64771832a0b8815ffbe1f0f9920320d94d Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Tue, 14 Feb 2017 19:41:00 -0500 Subject: Initial OpenECOMP policy/engine commit Change-Id: I7dbff37733b661643dd4d1caefa3d7dccc361b6e Signed-off-by: Pamela Dragosh --- .../src/test/java/testpypdp/AuthorizationTest.java | 382 +++++++++++++++++++++ 1 file changed, 382 insertions(+) create mode 100644 PyPDPServer/src/test/java/testpypdp/AuthorizationTest.java (limited to 'PyPDPServer/src/test/java/testpypdp/AuthorizationTest.java') diff --git a/PyPDPServer/src/test/java/testpypdp/AuthorizationTest.java b/PyPDPServer/src/test/java/testpypdp/AuthorizationTest.java new file mode 100644 index 000000000..228e926a8 --- /dev/null +++ b/PyPDPServer/src/test/java/testpypdp/AuthorizationTest.java @@ -0,0 +1,382 @@ +/*- + * ============LICENSE_START======================================================= + * ECOMP Policy Engine + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package testpypdp; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +import org.openecomp.policy.pypdp.authorization.AuthenticationFilter; + +/* + * Authentication Filter Testing + */ +public class AuthorizationTest { + private static final String MASTERCLIENT= "cHl0aG9uOnRlc3Q="; + /*private static final String CONFIGCLIENT= "Y29uZmlnOmNvbmZpZw=="; + private static final String ACTIONCLIENT= "YWN0aW9uOmFjdGlvbg=="; + private static final String DECIDECLIENT= "ZGVjaWRlOmRlY2lkZQ=="; + private static final String CREATECLIENT= "Y3JlYXRlOmNyZWF0ZQ=="; + private static final String DELETECLIENT= "ZGVsZXRlOmRlbGV0ZQ==";*/ + + private AuthenticationFilter authenticationFilter = new AuthenticationFilter(); + + @Before + public void setUp() throws Exception{ + authenticationFilter.init(null); + } + + @Test + public void testDoFilterError() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getRequestURI()).thenReturn("error"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_BAD_REQUEST); + } + + @Test + public void testDoFilterNotification() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getRequestURI()).thenReturn("org.openecomp.policy.pypdp.notifications swagger api-docs configuration"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + /*@Test + public void testDoFilterWrongAuthenticaton() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("error"); + when(httpServletRequest.getRequestURI()).thenReturn("getConfig"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongClientAuthenticaton() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("getConfig"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn("Error"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + @Test + public void testDoFilterWrongClientAuthenticatonCount() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("count"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn("Error"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + /*@Test + public void testDoFilterWrongGetConfigAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("getConfig"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(ACTIONCLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongSendEventAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("sendEvent"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(CONFIGCLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongUpdatePolicyAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("updatePolicy"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(ACTIONCLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongCreatePolicyAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("createPolicy"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(ACTIONCLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongPushPolicyAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("pushPolicy"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(DELETECLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongDeletePolicyAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("deletePolicy"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(DECIDECLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + /*@Test + public void testDoFilterWrongDecidePolicyAuthorization() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("getDecision"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(CREATECLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + }*/ + + @Test + public void testDoFilterAuthorizedError() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("error"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(MASTERCLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + // verify if unauthorized + verify(httpServletResponse).setStatus(HttpServletResponse.SC_BAD_REQUEST); + } + + @Test + public void testDoFilterAuthorizedPDPs() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("pdps paps"); + when(httpServletRequest.getHeader("ClientAuth")).thenReturn(MASTERCLIENT); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + @Test + public void testDoFilterDecideAuthorized() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("getDecision"); + when(httpServletRequest.getHeader(AuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + @Test + public void testDoFilterDeleteAuthorized() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("deletePolicy"); + when(httpServletRequest.getHeader(AuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + @Test + public void testDoFilterEventAuthorized() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("sendEvent"); + when(httpServletRequest.getHeader(AuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + @Test + public void testDoFilterCreateAuthorized() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("createPolicy pushPolicy updatePolicy"); + when(httpServletRequest.getHeader(AuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + @Test + public void testDoFilterConfigAuthorized() throws IOException, ServletException { + // create the objects to be mocked + HttpServletRequest httpServletRequest = mock(HttpServletRequest.class); + HttpServletResponse httpServletResponse = mock(HttpServletResponse.class); + FilterChain filterChain = mock(FilterChain.class); + // + when(httpServletRequest.getHeader(AuthenticationFilter.AUTHENTICATION_HEADER)).thenReturn("Basic dGVzdHJlc3Q6c2VjVXJl"); + when(httpServletRequest.getRequestURI()).thenReturn("getConfig"); + when(httpServletRequest.getHeader(AuthenticationFilter.ENVIRONMENT_HEADER)).thenReturn("DEVL"); + + authenticationFilter.doFilter(httpServletRequest, httpServletResponse, + filterChain); + + verify(filterChain).doFilter(httpServletRequest,httpServletResponse); + } + + @After + public void tearDown(){ + authenticationFilter.destroy(); + } +} -- cgit 1.2.3-korg