From 4b2ef1a5a9bf92aeb7edc1512f7a6cd8e1be99d8 Mon Sep 17 00:00:00 2001 From: Michael Mokry Date: Wed, 27 Feb 2019 07:42:20 -0600 Subject: Added HTTPS and CADI/AAF Support for PDP-X - Yay I found the mysterious https issue that caused the junit to fail. Please don't laugh, it was a typo :) - Made changes per review comments 1) Added builder class for RestServer constructor 2) removed some try/catch blocks in junit 3) Other minor changes - More changes per review comments - Added changes per Ram's review comments (not lombrok yet) - Made changes for ONAP API CVS guidelines Change-Id: Ie1a6225459b3ce235cd73828ccddec04c690f5fd Issue-ID: POLICY-1436 Signed-off-by: Michael Mokry --- .../pdpx/main/parameters/CommonTestData.java | 13 +- .../parameters/TestXacmlPdpParameterGroup.java | 2 + .../pdpx/main/rest/TestXacmlPdpRestServer.java | 207 +++++++++++++++++---- 3 files changed, 182 insertions(+), 40 deletions(-) (limited to 'main/src/test/java/org') diff --git a/main/src/test/java/org/onap/policy/pdpx/main/parameters/CommonTestData.java b/main/src/test/java/org/onap/policy/pdpx/main/parameters/CommonTestData.java index f50871ec..1bf2294c 100644 --- a/main/src/test/java/org/onap/policy/pdpx/main/parameters/CommonTestData.java +++ b/main/src/test/java/org/onap/policy/pdpx/main/parameters/CommonTestData.java @@ -30,6 +30,8 @@ public class CommonTestData { private static final String REST_SERVER_USER = "healthcheck"; private static final int REST_SERVER_PORT = 6969; private static final String REST_SERVER_HOST = "0.0.0.0"; + private static final boolean REST_SERVER_HTTPS = false; + private static final boolean REST_SERVER_AAF = false; public static final String PDPX_GROUP_NAME = "XacmlPdpGroup"; /** @@ -39,13 +41,16 @@ public class CommonTestData { * @return the restServerParameters object */ public RestServerParameters getRestServerParameters(final boolean isEmpty) { - final RestServerParameters restServerParameters; + final RestServerBuilder builder; if (!isEmpty) { - restServerParameters = new RestServerParameters(REST_SERVER_HOST, REST_SERVER_PORT, REST_SERVER_USER, - REST_SERVER_PASSWORD); + builder = new RestServerBuilder().setHost(REST_SERVER_HOST).setPort(REST_SERVER_PORT) + .setUserName(REST_SERVER_USER).setPassword(REST_SERVER_PASSWORD).setHttps(REST_SERVER_HTTPS) + .setAaf(REST_SERVER_AAF); } else { - restServerParameters = new RestServerParameters(null, 0, null, null); + builder = new RestServerBuilder().setHost(null).setPort(0).setUserName(null).setPassword(null) + .setHttps(REST_SERVER_HTTPS).setAaf(REST_SERVER_AAF); } + final RestServerParameters restServerParameters = new RestServerParameters(builder); return restServerParameters; } diff --git a/main/src/test/java/org/onap/policy/pdpx/main/parameters/TestXacmlPdpParameterGroup.java b/main/src/test/java/org/onap/policy/pdpx/main/parameters/TestXacmlPdpParameterGroup.java index 4b9db99d..48606c98 100644 --- a/main/src/test/java/org/onap/policy/pdpx/main/parameters/TestXacmlPdpParameterGroup.java +++ b/main/src/test/java/org/onap/policy/pdpx/main/parameters/TestXacmlPdpParameterGroup.java @@ -47,6 +47,8 @@ public class TestXacmlPdpParameterGroup { assertEquals(restServerParameters.getUserName(), pdpxParameters.getRestServerParameters().getUserName()); assertEquals(restServerParameters.getPassword(), pdpxParameters.getRestServerParameters().getPassword()); assertEquals(CommonTestData.PDPX_GROUP_NAME, pdpxParameters.getName()); + assertFalse(pdpxParameters.getRestServerParameters().isHttps()); + assertFalse(pdpxParameters.getRestServerParameters().isAaf()); } @Test diff --git a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java index 2170c8a3..0f608e29 100644 --- a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java +++ b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java @@ -18,7 +18,6 @@ * ============LICENSE_END========================================================= */ - package org.onap.policy.pdpx.main.rest; import static org.junit.Assert.assertEquals; @@ -26,6 +25,14 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.io.IOException; +import java.lang.reflect.Constructor; +import java.lang.reflect.Modifier; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; +import java.util.Properties; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; import javax.ws.rs.client.Invocation; @@ -33,19 +40,20 @@ import javax.ws.rs.client.WebTarget; import javax.ws.rs.core.MediaType; import org.glassfish.jersey.client.ClientConfig; import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature; +import org.junit.After; import org.junit.Test; import org.onap.policy.common.endpoints.report.HealthCheckReport; import org.onap.policy.common.utils.network.NetworkUtil; import org.onap.policy.pdpx.main.PolicyXacmlPdpException; import org.onap.policy.pdpx.main.parameters.CommonTestData; import org.onap.policy.pdpx.main.parameters.RestServerParameters; +import org.onap.policy.pdpx.main.rest.model.StatisticsReport; import org.onap.policy.pdpx.main.startstop.Main; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - /** - * Class to perform unit test of HealthCheckMonitor. + * Class to perform unit test of {@link XacmlPdpRestServer}. * */ public class TestXacmlPdpRestServer { @@ -55,45 +63,124 @@ public class TestXacmlPdpRestServer { private static final String ALIVE = "alive"; private static final String SELF = "self"; private static final String NAME = "Policy Xacml PDP"; + private static final String HEALTHCHECK_ENDPOINT = "healthcheck"; + private static final String STATISTICS_ENDPOINT = "statistics"; + private static String KEYSTORE = System.getProperty("user.dir") + "/src/test/resources/ssl/policy-keystore"; + private Main main; + private XacmlPdpRestServer restServer; - @Test - public void testHealthCheckSuccess() throws PolicyXacmlPdpException, InterruptedException { - final String reportString = "Report [name=Policy Xacml PDP, url=self, healthy=true, code=200, message=alive]"; + /** + * Method for cleanup after each test. + */ + @After + public void teardown() { try { - final Main main = startXacmlPdpService(); - final HealthCheckReport report = performHealthCheck(); - validateReport(NAME, SELF, true, 200, ALIVE, reportString, report); - stopXacmlPdpService(main); - } catch (final Exception e) { - LOGGER.error("testHealthCheckSuccess failed", e); - fail("Test should not throw an exception"); + if (NetworkUtil.isTcpPortOpen("localhost", 6969, 1, 1000L)) { + if (main != null) { + stopXacmlPdpService(main); + } + + if (restServer != null) { + restServer.stop(); + } + } + } catch (IOException | PolicyXacmlPdpException e) { + LOGGER.error("teardown failed", e); + } catch (InterruptedException ie) { + Thread.interrupted(); + LOGGER.error("teardown failed", ie); } + } + @Test + public void testHealthCheckSuccess() throws IOException, InterruptedException { + main = startXacmlPdpService(true); + final Invocation.Builder invocationBuilder = sendHttpRequest(HEALTHCHECK_ENDPOINT); + final HealthCheckReport report = invocationBuilder.get(HealthCheckReport.class); + validateHealthCheckReport(NAME, SELF, true, 200, ALIVE, report); } @Test - public void testHealthCheckFailure() throws InterruptedException { - final String reportString = - "Report [name=Policy Xacml PDP, url=self, healthy=false, code=500, message=not alive]"; + public void testHealthCheckFailure() throws InterruptedException, IOException { final RestServerParameters restServerParams = new CommonTestData().getRestServerParameters(false); restServerParams.setName(CommonTestData.PDPX_GROUP_NAME); - final XacmlPdpRestServer restServer = new XacmlPdpRestServer(restServerParams); + restServer = new XacmlPdpRestServer(restServerParams); + restServer.start(); + final Invocation.Builder invocationBuilder = sendHttpRequest(HEALTHCHECK_ENDPOINT); + final HealthCheckReport report = invocationBuilder.get(HealthCheckReport.class); + validateHealthCheckReport(NAME, SELF, false, 500, NOT_ALIVE, report); + assertTrue(restServer.isAlive()); + assertTrue(restServer.toString().startsWith("XacmlPdpRestServer [servers=")); + } + + @Test + public void testHttpsHealthCheckSuccess() throws Exception { + main = startXacmlPdpService(false); + final Invocation.Builder invocationBuilder = sendHttpsRequest(HEALTHCHECK_ENDPOINT); + final HealthCheckReport report = invocationBuilder.get(HealthCheckReport.class); + validateHealthCheckReport(NAME, SELF, true, 200, ALIVE, report); + } + + @Test + public void testStatistics_200() throws IOException, InterruptedException { + main = startXacmlPdpService(true); + Invocation.Builder invocationBuilder = sendHttpRequest(STATISTICS_ENDPOINT); + StatisticsReport report = invocationBuilder.get(StatisticsReport.class); + validateStatisticsReport(report, 0, 200); + updateXacmlPdpStatistics(); + invocationBuilder = sendHttpRequest(STATISTICS_ENDPOINT); + report = invocationBuilder.get(StatisticsReport.class); + validateStatisticsReport(report, 1, 200); + XacmlPdpStatisticsManager.resetAllStatistics(); + } + + @Test + public void testStatistics_500() throws IOException, InterruptedException { + final RestServerParameters restServerParams = new CommonTestData().getRestServerParameters(false); + restServerParams.setName(CommonTestData.PDPX_GROUP_NAME); + restServer = new XacmlPdpRestServer(restServerParams); + restServer.start(); + final Invocation.Builder invocationBuilder = sendHttpRequest(STATISTICS_ENDPOINT); + final StatisticsReport report = invocationBuilder.get(StatisticsReport.class); + validateStatisticsReport(report, 0, 500); + XacmlPdpStatisticsManager.resetAllStatistics(); + } + + @Test + public void testHttpsStatistic() throws Exception { + main = startXacmlPdpService(false); + final Invocation.Builder invocationBuilder = sendHttpsRequest(STATISTICS_ENDPOINT); + final StatisticsReport report = invocationBuilder.get(StatisticsReport.class); + validateStatisticsReport(report, 0, 200); + } + @Test + public void testStatisticsConstructorIsPrivate() { try { - restServer.start(); - final HealthCheckReport report = performHealthCheck(); - validateReport(NAME, SELF, false, 500, NOT_ALIVE, reportString, report); - assertTrue(restServer.isAlive()); - assertTrue(restServer.toString().startsWith("XacmlPdpRestServer [servers=")); - restServer.shutdown(); - } catch (final Exception e) { - LOGGER.error("testHealthCheckSuccess failed", e); - fail("Test should not throw an exception"); + final Constructor constructor = + XacmlPdpStatisticsManager.class.getDeclaredConstructor(); + assertTrue(Modifier.isPrivate(constructor.getModifiers())); + constructor.setAccessible(true); + constructor.newInstance(); + fail("Expected an InstantiationException to be thrown"); + } catch (final Exception exp) { + assertTrue(exp.getCause().toString().contains("Instantiation of the class is not allowed")); } } - private Main startXacmlPdpService() { - final String[] xacmlPdpConfigParameters = {"-c", "parameters/XacmlPdpConfigParameters.json"}; + private Main startXacmlPdpService(final boolean http) { + final String[] xacmlPdpConfigParameters = new String[2]; + if (http) { + xacmlPdpConfigParameters[0] = "-c"; + xacmlPdpConfigParameters[1] = "parameters/XacmlPdpConfigParameters.json"; + } else { + final Properties systemProps = System.getProperties(); + systemProps.put("javax.net.ssl.keyStore", KEYSTORE); + systemProps.put("javax.net.ssl.keyStorePassword", "Pol1cy_0nap"); + System.setProperties(systemProps); + xacmlPdpConfigParameters[0] = "-c"; + xacmlPdpConfigParameters[1] = "parameters/XacmlPdpConfigParameters_Https.json"; + } return new Main(xacmlPdpConfigParameters); } @@ -101,32 +188,80 @@ public class TestXacmlPdpRestServer { main.shutdown(); } - private HealthCheckReport performHealthCheck() throws InterruptedException, IOException { - + private Invocation.Builder sendHttpRequest(final String endpoint) throws IOException, InterruptedException { final ClientConfig clientConfig = new ClientConfig(); final HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("healthcheck", "zb!XztG34"); clientConfig.register(feature); final Client client = ClientBuilder.newClient(clientConfig); - final WebTarget webTarget = client.target("http://localhost:6969/policy/pdpx/v1/healthcheck"); + final WebTarget webTarget = client.target("http://localhost:6969/policy/pdpx/v1/" + endpoint); final Invocation.Builder invocationBuilder = webTarget.request(MediaType.APPLICATION_JSON); if (!NetworkUtil.isTcpPortOpen("localhost", 6969, 6, 10000L)) { - throw new IllegalStateException("Cannot connect to port 6969"); + throw new IllegalStateException("cannot connect to port 6969"); } + return invocationBuilder; + } + + private Invocation.Builder sendHttpsRequest(final String endpoint) throws Exception { + + final TrustManager[] noopTrustManager = new TrustManager[] {new X509TrustManager() { + + @Override + public X509Certificate[] getAcceptedIssuers() { + return new X509Certificate[0]; + } + + @Override + public void checkClientTrusted(final java.security.cert.X509Certificate[] certs, final String authType) {} + + @Override + public void checkServerTrusted(final java.security.cert.X509Certificate[] certs, final String authType) {} + }}; + + final SSLContext sc = SSLContext.getInstance("TLSv1.2"); + sc.init(null, noopTrustManager, new SecureRandom()); + final ClientBuilder clientBuilder = + ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier((host, session) -> true); + final Client client = clientBuilder.build(); + final HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("healthcheck", "zb!XztG34"); + client.register(feature); - return invocationBuilder.get(HealthCheckReport.class); + final WebTarget webTarget = client.target("https://localhost:6969/policy/pdpx/v1/" + endpoint); + + final Invocation.Builder invocationBuilder = webTarget.request(MediaType.APPLICATION_JSON); + + if (!NetworkUtil.isTcpPortOpen("localhost", 6969, 6, 10000L)) { + throw new IllegalStateException("cannot connect to port 6969"); + } + return invocationBuilder; + } + + private void updateXacmlPdpStatistics() { + XacmlPdpStatisticsManager.updateTotalPoliciesCount(); + XacmlPdpStatisticsManager.updatePermitDecisionsCount(); + XacmlPdpStatisticsManager.updateDenyDecisionsCount(); + XacmlPdpStatisticsManager.updateIndeterminantDecisionsCount(); + XacmlPdpStatisticsManager.updateNotApplicableDecisionsCount(); + } + + private void validateStatisticsReport(final StatisticsReport report, final int count, final int code) { + assertEquals(code, report.getCode()); + assertEquals(count, report.getTotalPoliciesCount()); + assertEquals(count, report.getPermitDecisionsCount()); + assertEquals(count, report.getDenyDecisionsCount()); + assertEquals(count, report.getIndeterminantDecisionsCount()); + assertEquals(count, report.getNotApplicableDecisionsCount()); } - private void validateReport(final String name, final String url, final boolean healthy, final int code, - final String message, final String reportString, final HealthCheckReport report) { + private void validateHealthCheckReport(final String name, final String url, final boolean healthy, final int code, + final String message, final HealthCheckReport report) { assertEquals(name, report.getName()); assertEquals(url, report.getUrl()); assertEquals(healthy, report.isHealthy()); assertEquals(code, report.getCode()); assertEquals(message, report.getMessage()); - assertEquals(reportString, report.toString()); } } -- cgit 1.2.3-korg