From a4eeb110b076672b3bb88f5e2f3420ae70c78f38 Mon Sep 17 00:00:00 2001 From: Yuli Shlosberg Date: Mon, 7 Jan 2019 16:23:36 +0200 Subject: Add restriction filter to onboarding Change-Id: Ief36760c8d89ac3443c8b12bfdef09c2f83abfc3 Issue-ID: SDC-2039 Signed-off-by: Yuli Shlosberg --- .../src/test/AuthenticationCookieUtilsTest.java | 54 +++++++ .../src/test/CipherUtilTest.java | 56 ++++++++ .../src/test/PasswordsTest.java | 77 ++++++++++ .../src/test/RepresentationUtilsTest.java | 34 +++++ .../src/test/SecurityUtilTest.java | 30 ++++ .../src/test/SessionValidationFilterTest.java | 157 +++++++++++++++++++++ 6 files changed, 408 insertions(+) create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/test') diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java new file mode 100644 index 0000000000..c03bf9c65d --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java @@ -0,0 +1,54 @@ +package org.onap.sdc.security; + +import org.junit.Test; +import org.onap.sdc.security.filters.SampleFilter; + +import javax.servlet.http.Cookie; + +import java.io.IOException; + +import static org.junit.Assert.*; + +public class AuthenticationCookieUtilsTest { + + private SampleFilter sessionValidationFilter = new SampleFilter(); + private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration(); + + @Test + public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException { + // original cookie, pojo and servlet cookie + AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); + Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); + // cookie with increased time, pojo and servlet cookie + Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg); + AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg); + // validation + long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime(); + long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime(); + assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased); + } + + @Test + public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException { + // original cookie, pojo and servlet cookie + AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); + Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); + // cookie with increased time, pojo and servlet cookie + AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg); + assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie)); + } + + + +// @Test +// public void getEncryptedCookie() { +// } +// +// @Test +// public void getAuthenticationCookie() { +// } +// +// @Test +// public void isSessionExpired() { +// } +} \ No newline at end of file diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java new file mode 100644 index 0000000000..753902fcf8 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java @@ -0,0 +1,56 @@ +package org.onap.sdc.security; + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.RandomStringUtils; +import org.junit.Test; + +import java.util.Random; + +import static org.apache.commons.codec.binary.Base64.encodeBase64String; +import static org.junit.Assert.*; + +public class CipherUtilTest { + + private static final String KEY = "AGLDdG4D04BKm2IxIWEr8o=="; + private static final String DATA = "data"; + + @Test + public void encryptDecryptPKC() throws CipherUtilException { + String generatedKey = RandomStringUtils.randomAlphabetic(16); + String base64Key = Base64.encodeBase64String(generatedKey.getBytes()); + String encrypted = CipherUtil.encryptPKC(DATA, base64Key); + assertNotEquals(DATA, encrypted); + String decrypted = CipherUtil.decryptPKC(encrypted, base64Key); + assertEquals(decrypted, DATA); + } + + @Test + public void encryptInvalidKey() { + try { + CipherUtil.encryptPKC(DATA, "invalidKey"); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("Invalid AES key length")); + } + } + + @Test + public void decryptInvalidKey() { + try { + CipherUtil.decryptPKC(DATA, "invalidKey"); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("length")); + } + } + + @Test + public void decryptInvalidData() { + try { + CipherUtil.decryptPKC(DATA, KEY); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("Wrong IV length")); + } + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java new file mode 100644 index 0000000000..6da62a92e5 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java @@ -0,0 +1,77 @@ +package org.onap.sdc.security; + +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class PasswordsTest { + + @Test + public void hashPassword() throws Exception { + String hash = Passwords.hashPassword("hello1234"); + assertTrue(Passwords.isExpectedPassword("hello1234", hash)); + + //test different salt-> result in different hash + String hash2 = Passwords.hashPassword("hello1234"); + assertFalse(hash.equals(hash2)); + + String hash3 = Passwords.hashPassword(""); + assertTrue(Passwords.isExpectedPassword("", hash3)); + + String hash4 = Passwords.hashPassword(null); + assertTrue(hash4 == null); + } + + @Test + public void isExpectedPassword() throws Exception { + //region isExpectedPassword(String password, String salt, String hash) + assertTrue(Passwords.isExpectedPassword(null, null, null)); + //valid hash + assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //invalid salt + assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + assertFalse(Passwords.isExpectedPassword("hello1234", null, "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //exacly 1 param uninitialized + assertFalse(Passwords.isExpectedPassword("hello1234", "", null)); + assertFalse(Passwords.isExpectedPassword(null, "", "hello1234")); + //no salt & no hash + assertFalse(Passwords.isExpectedPassword("hello1234", null, "hello1234")); + //endregion + + //region isExpectedPassword(String password, String expectedHash) + assertTrue(Passwords.isExpectedPassword(null, null)); + //valid hash + assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //invalid salt + assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //exacly 1 param uninitialized + assertFalse(Passwords.isExpectedPassword("hello1234", null)); + assertFalse(Passwords.isExpectedPassword(null, "hello1234")); + //no salt & no hash + assertFalse(Passwords.isExpectedPassword("hello1234", "hello1234")); + //endregion + } + + @Test + public void hashtest() { + String password = "123456"; + String hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = "1sdfgsgd23456"; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = "1sdfgsgd2345((*&%$%6"; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = ""; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = " "; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + } + + +} \ No newline at end of file diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java new file mode 100644 index 0000000000..7b12ac7eb2 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java @@ -0,0 +1,34 @@ +package org.onap.sdc.security; + +import org.junit.Test; + +import java.io.IOException; +import java.util.HashSet; +import java.util.Set; + +import static org.junit.Assert.assertTrue; + +public class RepresentationUtilsTest { + + private static AuthenticationCookie originalCookie = new AuthenticationCookie("kuku"); + + @Test + public void representationE2EwithRoleNull() throws IOException { + originalCookie.setRoles(null); + String jsonStr = RepresentationUtils.toRepresentation(originalCookie); + AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); + assertTrue(originalCookie.equals(cookieFromJson)); + } + + @Test + public void representationE2EwithRoleNotNull() throws IOException { + Set roles = new HashSet(); + roles.add("Designer"); + roles.add("Admin"); + roles.add("Tester"); + originalCookie.setRoles(roles); + String jsonStr = RepresentationUtils.toRepresentation(originalCookie); + AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); + assertTrue(originalCookie.equals(cookieFromJson)); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java new file mode 100644 index 0000000000..6a47434efc --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java @@ -0,0 +1,30 @@ +package org.onap.sdc.security; + +import org.junit.Test; + +import java.util.Base64; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; + +public class SecurityUtilTest { + + @Test + public void encryptDecryptAES128() { + String data = "decrypt SUCCESS!!"; + String encrypted = SecurityUtil.INSTANCE.encrypt(data).left().value(); + assertNotEquals( data, encrypted ); + byte[] decryptMsg = Base64.getDecoder().decode(encrypted); + assertEquals( SecurityUtil.INSTANCE.decrypt( decryptMsg , false ).left().value() ,data ); + assertEquals( SecurityUtil.INSTANCE.decrypt( encrypted.getBytes() , true ).left().value() ,data ); + } + + @Test + public void obfuscateKey() { + String key = "abcdefghij123456"; + String expectedkey = "********ij123456"; + String obfuscated = SecurityUtil.INSTANCE.obfuscateKey( key ); + System.out.println( obfuscated ); + assertEquals( obfuscated , expectedkey ); + } +} \ No newline at end of file diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java new file mode 100644 index 0000000000..6838e3bfb7 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java @@ -0,0 +1,157 @@ +package org.onap.sdc.security; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.Spy; +import org.mockito.junit.MockitoJUnitRunner; +import org.onap.sdc.security.filters.ResponceWrapper; +import org.onap.sdc.security.filters.SampleFilter; + +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +//@RunWith(PowerMockRunner.class) +//@PrepareForTest(fullyQualifiedNames = "org.onap.sdc.security.*") +public class SessionValidationFilterTest { + + @Mock + private HttpServletRequest request; + @Spy + private HttpServletResponse response; + @Mock + private FilterChain filterChain; + @Mock + private FilterConfig filterConfig; + @Mock + private ResponceWrapper responceWrapper; + + // implementation of SessionValidationFilter + @InjectMocks + @Spy + private SampleFilter sessionValidationFilter = new SampleFilter(); + + @Before + public void setUpClass() throws ServletException { + sessionValidationFilter.init(filterConfig); + } + + @Test + public void excludedUrlHealthcheck() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/healthCheck"); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + @Test + public void excludedUrlUpload() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/upload/123"); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + // case when url pattern in web.xml is forward slash (/) + @Test + public void pathInfoIsNull() throws IOException, ServletException { + when(request.getServletPath()).thenReturn("/upload/2"); + when(request.getPathInfo()).thenReturn(null); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + @Test + public void noCookiesInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + when(request.getCookies()).thenReturn(new Cookie[0]); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void nullCookiesInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + when(request.getCookies()).thenReturn(null); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1); + Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku"))); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + // set max session time to timout value + long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut(); + long startTime = authenticationCookie.getMaxSessionTime(); + long timeout = startTime - maxSessionTimeOut - 1000l; + authenticationCookie.setMaxSessionTime(timeout); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + // set session time to timout to idle + long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut(); + long sessionStartTime = authenticationCookie.getCurrentSessionTime(); + long timeout = sessionStartTime - idleSessionTimeOut - 2000; + authenticationCookie.setCurrentSessionTime(timeout); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + +// test validate contains + @Test + public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + +} \ No newline at end of file -- cgit 1.2.3-korg