summaryrefslogtreecommitdiffstats
path: root/openecomp-be/backend/openecomp-sdc-security-util/src/test
diff options
context:
space:
mode:
authorYuli Shlosberg <ys9693@att.com>2019-01-07 16:23:36 +0200
committerAvi Gaffa <avi.gaffa@amdocs.com>2019-01-10 10:28:39 +0000
commita4eeb110b076672b3bb88f5e2f3420ae70c78f38 (patch)
tree73a205b1afa3ffca8057931cc080ff1b372af23a /openecomp-be/backend/openecomp-sdc-security-util/src/test
parenta1f23ec5e7cd191b76271b5f33c237bad38c61c6 (diff)
Add restriction filter to onboarding
Change-Id: Ief36760c8d89ac3443c8b12bfdef09c2f83abfc3 Issue-ID: SDC-2039 Signed-off-by: Yuli Shlosberg <ys9693@att.com>
Diffstat (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/test')
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java54
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java56
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java77
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java34
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java30
-rw-r--r--openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java157
6 files changed, 408 insertions, 0 deletions
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java
new file mode 100644
index 0000000000..c03bf9c65d
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java
@@ -0,0 +1,54 @@
+package org.onap.sdc.security;
+
+import org.junit.Test;
+import org.onap.sdc.security.filters.SampleFilter;
+
+import javax.servlet.http.Cookie;
+
+import java.io.IOException;
+
+import static org.junit.Assert.*;
+
+public class AuthenticationCookieUtilsTest {
+
+ private SampleFilter sessionValidationFilter = new SampleFilter();
+ private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration();
+
+ @Test
+ public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException {
+ // original cookie, pojo and servlet cookie
+ AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku");
+ Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg ));
+ // cookie with increased time, pojo and servlet cookie
+ Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg);
+ AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg);
+ // validation
+ long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime();
+ long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime();
+ assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased);
+ }
+
+ @Test
+ public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException {
+ // original cookie, pojo and servlet cookie
+ AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku");
+ Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg ));
+ // cookie with increased time, pojo and servlet cookie
+ AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg);
+ assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie));
+ }
+
+
+
+// @Test
+// public void getEncryptedCookie() {
+// }
+//
+// @Test
+// public void getAuthenticationCookie() {
+// }
+//
+// @Test
+// public void isSessionExpired() {
+// }
+} \ No newline at end of file
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java
new file mode 100644
index 0000000000..753902fcf8
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java
@@ -0,0 +1,56 @@
+package org.onap.sdc.security;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.RandomStringUtils;
+import org.junit.Test;
+
+import java.util.Random;
+
+import static org.apache.commons.codec.binary.Base64.encodeBase64String;
+import static org.junit.Assert.*;
+
+public class CipherUtilTest {
+
+ private static final String KEY = "AGLDdG4D04BKm2IxIWEr8o==";
+ private static final String DATA = "data";
+
+ @Test
+ public void encryptDecryptPKC() throws CipherUtilException {
+ String generatedKey = RandomStringUtils.randomAlphabetic(16);
+ String base64Key = Base64.encodeBase64String(generatedKey.getBytes());
+ String encrypted = CipherUtil.encryptPKC(DATA, base64Key);
+ assertNotEquals(DATA, encrypted);
+ String decrypted = CipherUtil.decryptPKC(encrypted, base64Key);
+ assertEquals(decrypted, DATA);
+ }
+
+ @Test
+ public void encryptInvalidKey() {
+ try {
+ CipherUtil.encryptPKC(DATA, "invalidKey");
+ fail();
+ } catch (CipherUtilException ex) {
+ assertTrue(ex.getMessage().contains("Invalid AES key length"));
+ }
+ }
+
+ @Test
+ public void decryptInvalidKey() {
+ try {
+ CipherUtil.decryptPKC(DATA, "invalidKey");
+ fail();
+ } catch (CipherUtilException ex) {
+ assertTrue(ex.getMessage().contains("length"));
+ }
+ }
+
+ @Test
+ public void decryptInvalidData() {
+ try {
+ CipherUtil.decryptPKC(DATA, KEY);
+ fail();
+ } catch (CipherUtilException ex) {
+ assertTrue(ex.getMessage().contains("Wrong IV length"));
+ }
+ }
+}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java
new file mode 100644
index 0000000000..6da62a92e5
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java
@@ -0,0 +1,77 @@
+package org.onap.sdc.security;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class PasswordsTest {
+
+ @Test
+ public void hashPassword() throws Exception {
+ String hash = Passwords.hashPassword("hello1234");
+ assertTrue(Passwords.isExpectedPassword("hello1234", hash));
+
+ //test different salt-> result in different hash
+ String hash2 = Passwords.hashPassword("hello1234");
+ assertFalse(hash.equals(hash2));
+
+ String hash3 = Passwords.hashPassword("");
+ assertTrue(Passwords.isExpectedPassword("", hash3));
+
+ String hash4 = Passwords.hashPassword(null);
+ assertTrue(hash4 == null);
+ }
+
+ @Test
+ public void isExpectedPassword() throws Exception {
+ //region isExpectedPassword(String password, String salt, String hash)
+ assertTrue(Passwords.isExpectedPassword(null, null, null));
+ //valid hash
+ assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0"));
+ //invalid salt
+ assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0"));
+ assertFalse(Passwords.isExpectedPassword("hello1234", null, "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0"));
+ //exacly 1 param uninitialized
+ assertFalse(Passwords.isExpectedPassword("hello1234", "", null));
+ assertFalse(Passwords.isExpectedPassword(null, "", "hello1234"));
+ //no salt & no hash
+ assertFalse(Passwords.isExpectedPassword("hello1234", null, "hello1234"));
+ //endregion
+
+ //region isExpectedPassword(String password, String expectedHash)
+ assertTrue(Passwords.isExpectedPassword(null, null));
+ //valid hash
+ assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0"));
+ //invalid salt
+ assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0"));
+ //exacly 1 param uninitialized
+ assertFalse(Passwords.isExpectedPassword("hello1234", null));
+ assertFalse(Passwords.isExpectedPassword(null, "hello1234"));
+ //no salt & no hash
+ assertFalse(Passwords.isExpectedPassword("hello1234", "hello1234"));
+ //endregion
+ }
+
+ @Test
+ public void hashtest() {
+ String password = "123456";
+ String hash = Passwords.hashPassword(password);
+ assertTrue(Passwords.isExpectedPassword(password, hash));
+ password = "1sdfgsgd23456";
+ hash = Passwords.hashPassword(password);
+ assertTrue(Passwords.isExpectedPassword(password, hash));
+ password = "1sdfgsgd2345((*&%$%6";
+ hash = Passwords.hashPassword(password);
+ assertTrue(Passwords.isExpectedPassword(password, hash));
+ password = "";
+ hash = Passwords.hashPassword(password);
+ assertTrue(Passwords.isExpectedPassword(password, hash));
+ password = " ";
+ hash = Passwords.hashPassword(password);
+ assertTrue(Passwords.isExpectedPassword(password, hash));
+ }
+
+
+} \ No newline at end of file
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java
new file mode 100644
index 0000000000..7b12ac7eb2
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java
@@ -0,0 +1,34 @@
+package org.onap.sdc.security;
+
+import org.junit.Test;
+
+import java.io.IOException;
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.junit.Assert.assertTrue;
+
+public class RepresentationUtilsTest {
+
+ private static AuthenticationCookie originalCookie = new AuthenticationCookie("kuku");
+
+ @Test
+ public void representationE2EwithRoleNull() throws IOException {
+ originalCookie.setRoles(null);
+ String jsonStr = RepresentationUtils.toRepresentation(originalCookie);
+ AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class);
+ assertTrue(originalCookie.equals(cookieFromJson));
+ }
+
+ @Test
+ public void representationE2EwithRoleNotNull() throws IOException {
+ Set<String> roles = new HashSet<String>();
+ roles.add("Designer");
+ roles.add("Admin");
+ roles.add("Tester");
+ originalCookie.setRoles(roles);
+ String jsonStr = RepresentationUtils.toRepresentation(originalCookie);
+ AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class);
+ assertTrue(originalCookie.equals(cookieFromJson));
+ }
+}
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java
new file mode 100644
index 0000000000..6a47434efc
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java
@@ -0,0 +1,30 @@
+package org.onap.sdc.security;
+
+import org.junit.Test;
+
+import java.util.Base64;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+
+public class SecurityUtilTest {
+
+ @Test
+ public void encryptDecryptAES128() {
+ String data = "decrypt SUCCESS!!";
+ String encrypted = SecurityUtil.INSTANCE.encrypt(data).left().value();
+ assertNotEquals( data, encrypted );
+ byte[] decryptMsg = Base64.getDecoder().decode(encrypted);
+ assertEquals( SecurityUtil.INSTANCE.decrypt( decryptMsg , false ).left().value() ,data );
+ assertEquals( SecurityUtil.INSTANCE.decrypt( encrypted.getBytes() , true ).left().value() ,data );
+ }
+
+ @Test
+ public void obfuscateKey() {
+ String key = "abcdefghij123456";
+ String expectedkey = "********ij123456";
+ String obfuscated = SecurityUtil.INSTANCE.obfuscateKey( key );
+ System.out.println( obfuscated );
+ assertEquals( obfuscated , expectedkey );
+ }
+} \ No newline at end of file
diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java
new file mode 100644
index 0000000000..6838e3bfb7
--- /dev/null
+++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java
@@ -0,0 +1,157 @@
+package org.onap.sdc.security;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.onap.sdc.security.filters.ResponceWrapper;
+import org.onap.sdc.security.filters.SampleFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+//@RunWith(PowerMockRunner.class)
+//@PrepareForTest(fullyQualifiedNames = "org.onap.sdc.security.*")
+public class SessionValidationFilterTest {
+
+ @Mock
+ private HttpServletRequest request;
+ @Spy
+ private HttpServletResponse response;
+ @Mock
+ private FilterChain filterChain;
+ @Mock
+ private FilterConfig filterConfig;
+ @Mock
+ private ResponceWrapper responceWrapper;
+
+ // implementation of SessionValidationFilter
+ @InjectMocks
+ @Spy
+ private SampleFilter sessionValidationFilter = new SampleFilter();
+
+ @Before
+ public void setUpClass() throws ServletException {
+ sessionValidationFilter.init(filterConfig);
+ }
+
+ @Test
+ public void excludedUrlHealthcheck() throws IOException, ServletException {
+ when(request.getPathInfo()).thenReturn("/healthCheck");
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(filterChain, times(1)).doFilter(request, response);
+ }
+
+ @Test
+ public void excludedUrlUpload() throws IOException, ServletException {
+ when(request.getPathInfo()).thenReturn("/upload/123");
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(filterChain, times(1)).doFilter(request, response);
+ }
+
+ // case when url pattern in web.xml is forward slash (/)
+ @Test
+ public void pathInfoIsNull() throws IOException, ServletException {
+ when(request.getServletPath()).thenReturn("/upload/2");
+ when(request.getPathInfo()).thenReturn(null);
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(filterChain, times(1)).doFilter(request, response);
+ }
+
+ @Test
+ public void noCookiesInRequest() throws IOException, ServletException {
+ when(request.getPathInfo()).thenReturn("/resource");
+ when(request.getCookies()).thenReturn(new Cookie[0]);
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
+ }
+
+ @Test
+ public void nullCookiesInRequest() throws IOException, ServletException {
+ when(request.getPathInfo()).thenReturn("/resource");
+ when(request.getCookies()).thenReturn(null);
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
+ }
+
+ @Test
+ public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException {
+ when(request.getPathInfo()).thenReturn("/resource");
+ String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1);
+ Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku")));
+ when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
+ }
+
+ @Test
+ public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException {
+ when(request.getPathInfo()).thenReturn("/resource");
+ AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
+ // set max session time to timout value
+ long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut();
+ long startTime = authenticationCookie.getMaxSessionTime();
+ long timeout = startTime - maxSessionTimeOut - 1000l;
+ authenticationCookie.setMaxSessionTime(timeout);
+ Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
+
+ when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
+ }
+
+ @Test
+ public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException {
+ when(request.getPathInfo()).thenReturn("/resource");
+ AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
+ // set session time to timout to idle
+ long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut();
+ long sessionStartTime = authenticationCookie.getCurrentSessionTime();
+ long timeout = sessionStartTime - idleSessionTimeOut - 2000;
+ authenticationCookie.setCurrentSessionTime(timeout);
+ Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
+
+ when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL());
+ }
+
+ @Test
+ public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException {
+ when(request.getPathInfo()).thenReturn("/resource");
+
+ AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
+ Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
+
+ when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(filterChain, times(1)).doFilter(request, response);
+ }
+
+// test validate contains
+ @Test
+ public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException {
+ when(request.getPathInfo()).thenReturn("/resource");
+
+ AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku");
+ Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration()));
+
+ when(request.getCookies()).thenReturn(new Cookie[]{cookie});
+ sessionValidationFilter.doFilter(request, response, filterChain);
+ Mockito.verify(filterChain, times(1)).doFilter(request, response);
+ }
+
+} \ No newline at end of file