From e558a6469df40ba7c7aca8cdf81cacd703cd4b0b Mon Sep 17 00:00:00 2001 From: Tomasz Golabek Date: Wed, 21 Aug 2019 10:40:45 +0200 Subject: unit tests - sdc-healthcheck-manager Additional junit tests Change-Id: I6562e5085f7bfd692db129bf1706f3f569ebd793 Issue-ID: SDC-2326 Signed-off-by: Tomasz Golabek --- .../src/test/AuthenticationCookieUtilsTest.java | 74 --------- .../src/test/CipherUtilTest.java | 76 --------- .../src/test/PasswordsTest.java | 97 ----------- .../src/test/RepresentationUtilsTest.java | 54 ------- .../src/test/SecurityUtilTest.java | 50 ------ .../src/test/SessionValidationFilterTest.java | 177 -------------------- .../test/java/AuthenticationCookieUtilsTest.java | 64 ++++++++ .../src/test/java/CipherUtilTest.java | 73 +++++++++ .../src/test/java/PasswordsTest.java | 95 +++++++++++ .../src/test/java/RepresentationUtilsTest.java | 54 +++++++ .../src/test/java/SecurityUtilTest.java | 49 ++++++ .../src/test/java/SessionValidationFilterTest.java | 178 +++++++++++++++++++++ 12 files changed, 513 insertions(+), 528 deletions(-) delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java delete mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SecurityUtilTest.java create mode 100644 openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java (limited to 'openecomp-be/backend/openecomp-sdc-security-util/src/test') diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java deleted file mode 100644 index 34d349a2b4..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/AuthenticationCookieUtilsTest.java +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdc.security; - -import org.junit.Test; -import org.onap.sdc.security.filters.SampleFilter; - -import javax.servlet.http.Cookie; - -import java.io.IOException; - -import static org.junit.Assert.*; - -public class AuthenticationCookieUtilsTest { - - private SampleFilter sessionValidationFilter = new SampleFilter(); - private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration(); - - @Test - public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException { - // original cookie, pojo and servlet cookie - AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); - Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); - // cookie with increased time, pojo and servlet cookie - Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg); - AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg); - // validation - long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime(); - long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime(); - assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased); - } - - @Test - public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException { - // original cookie, pojo and servlet cookie - AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); - Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); - // cookie with increased time, pojo and servlet cookie - AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg); - assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie)); - } - - - -// @Test -// public void getEncryptedCookie() { -// } -// -// @Test -// public void getAuthenticationCookie() { -// } -// -// @Test -// public void isSessionExpired() { -// } -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java deleted file mode 100644 index 6d539b6391..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/CipherUtilTest.java +++ /dev/null @@ -1,76 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdc.security; - -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang.RandomStringUtils; -import org.junit.Test; - -import java.util.Random; - -import static org.apache.commons.codec.binary.Base64.encodeBase64String; -import static org.junit.Assert.*; - -public class CipherUtilTest { - - private static final String KEY = "AGLDdG4D04BKm2IxIWEr8o=="; - private static final String DATA = "data"; - - @Test - public void encryptDecryptPKC() throws CipherUtilException { - String generatedKey = RandomStringUtils.randomAlphabetic(16); - String base64Key = Base64.encodeBase64String(generatedKey.getBytes()); - String encrypted = CipherUtil.encryptPKC(DATA, base64Key); - assertNotEquals(DATA, encrypted); - String decrypted = CipherUtil.decryptPKC(encrypted, base64Key); - assertEquals(decrypted, DATA); - } - - @Test - public void encryptInvalidKey() { - try { - CipherUtil.encryptPKC(DATA, "invalidKey"); - fail(); - } catch (CipherUtilException ex) { - assertTrue(ex.getMessage().contains("Invalid AES key length")); - } - } - - @Test - public void decryptInvalidKey() { - try { - CipherUtil.decryptPKC(DATA, "invalidKey"); - fail(); - } catch (CipherUtilException ex) { - assertTrue(ex.getMessage().contains("length")); - } - } - - @Test - public void decryptInvalidData() { - try { - CipherUtil.decryptPKC(DATA, KEY); - fail(); - } catch (CipherUtilException ex) { - assertTrue(ex.getMessage().contains("Wrong IV length")); - } - } -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java deleted file mode 100644 index 4ead127ad2..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/PasswordsTest.java +++ /dev/null @@ -1,97 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdc.security; - -import org.junit.Test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -public class PasswordsTest { - - @Test - public void hashPassword() throws Exception { - String hash = Passwords.hashPassword("hello1234"); - assertTrue(Passwords.isExpectedPassword("hello1234", hash)); - - //test different salt-> result in different hash - String hash2 = Passwords.hashPassword("hello1234"); - assertFalse(hash.equals(hash2)); - - String hash3 = Passwords.hashPassword(""); - assertTrue(Passwords.isExpectedPassword("", hash3)); - - String hash4 = Passwords.hashPassword(null); - assertTrue(hash4 == null); - } - - @Test - public void isExpectedPassword() throws Exception { - //region isExpectedPassword(String password, String salt, String hash) - assertTrue(Passwords.isExpectedPassword(null, null, null)); - //valid hash - assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //invalid salt - assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - assertFalse(Passwords.isExpectedPassword("hello1234", null, "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //exacly 1 param uninitialized - assertFalse(Passwords.isExpectedPassword("hello1234", "", null)); - assertFalse(Passwords.isExpectedPassword(null, "", "hello1234")); - //no salt & no hash - assertFalse(Passwords.isExpectedPassword("hello1234", null, "hello1234")); - //endregion - - //region isExpectedPassword(String password, String expectedHash) - assertTrue(Passwords.isExpectedPassword(null, null)); - //valid hash - assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //invalid salt - assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); - //exacly 1 param uninitialized - assertFalse(Passwords.isExpectedPassword("hello1234", null)); - assertFalse(Passwords.isExpectedPassword(null, "hello1234")); - //no salt & no hash - assertFalse(Passwords.isExpectedPassword("hello1234", "hello1234")); - //endregion - } - - @Test - public void hashtest() { - String password = "123456"; - String hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = "1sdfgsgd23456"; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = "1sdfgsgd2345((*&%$%6"; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = ""; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - password = " "; - hash = Passwords.hashPassword(password); - assertTrue(Passwords.isExpectedPassword(password, hash)); - } - - -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java deleted file mode 100644 index 5d7798da56..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/RepresentationUtilsTest.java +++ /dev/null @@ -1,54 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdc.security; - -import org.junit.Test; - -import java.io.IOException; -import java.util.HashSet; -import java.util.Set; - -import static org.junit.Assert.assertTrue; - -public class RepresentationUtilsTest { - - private static AuthenticationCookie originalCookie = new AuthenticationCookie("kuku"); - - @Test - public void representationE2EwithRoleNull() throws IOException { - originalCookie.setRoles(null); - String jsonStr = RepresentationUtils.toRepresentation(originalCookie); - AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); - assertTrue(originalCookie.equals(cookieFromJson)); - } - - @Test - public void representationE2EwithRoleNotNull() throws IOException { - Set roles = new HashSet(); - roles.add("Designer"); - roles.add("Admin"); - roles.add("Tester"); - originalCookie.setRoles(roles); - String jsonStr = RepresentationUtils.toRepresentation(originalCookie); - AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); - assertTrue(originalCookie.equals(cookieFromJson)); - } -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java deleted file mode 100644 index 9edce15a44..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SecurityUtilTest.java +++ /dev/null @@ -1,50 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdc.security; - -import org.junit.Test; - -import java.util.Base64; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotEquals; - -public class SecurityUtilTest { - - @Test - public void encryptDecryptAES128() { - String data = "decrypt SUCCESS!!"; - String encrypted = SecurityUtil.INSTANCE.encrypt(data).left().value(); - assertNotEquals( data, encrypted ); - byte[] decryptMsg = Base64.getDecoder().decode(encrypted); - assertEquals( SecurityUtil.INSTANCE.decrypt( decryptMsg , false ).left().value() ,data ); - assertEquals( SecurityUtil.INSTANCE.decrypt( encrypted.getBytes() , true ).left().value() ,data ); - } - - @Test - public void obfuscateKey() { - String key = "abcdefghij123456"; - String expectedkey = "********ij123456"; - String obfuscated = SecurityUtil.INSTANCE.obfuscateKey( key ); - System.out.println( obfuscated ); - assertEquals( obfuscated , expectedkey ); - } -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java deleted file mode 100644 index 9a1bb1c5c1..0000000000 --- a/openecomp-be/backend/openecomp-sdc-security-util/src/test/SessionValidationFilterTest.java +++ /dev/null @@ -1,177 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.sdc.security; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.InjectMocks; -import org.mockito.Mock; -import org.mockito.Mockito; -import org.mockito.Spy; -import org.mockito.junit.MockitoJUnitRunner; -import org.onap.sdc.security.filters.ResponceWrapper; -import org.onap.sdc.security.filters.SampleFilter; - -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.when; - -@RunWith(MockitoJUnitRunner.class) -//@RunWith(PowerMockRunner.class) -//@PrepareForTest(fullyQualifiedNames = "org.onap.sdc.security.*") -public class SessionValidationFilterTest { - - @Mock - private HttpServletRequest request; - @Spy - private HttpServletResponse response; - @Mock - private FilterChain filterChain; - @Mock - private FilterConfig filterConfig; - @Mock - private ResponceWrapper responceWrapper; - - // implementation of SessionValidationFilter - @InjectMocks - @Spy - private SampleFilter sessionValidationFilter = new SampleFilter(); - - @Before - public void setUpClass() throws ServletException { - sessionValidationFilter.init(filterConfig); - } - - @Test - public void excludedUrlHealthcheck() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/healthCheck"); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - - @Test - public void excludedUrlUpload() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/upload/123"); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - - // case when url pattern in web.xml is forward slash (/) - @Test - public void pathInfoIsNull() throws IOException, ServletException { - when(request.getServletPath()).thenReturn("/upload/2"); - when(request.getPathInfo()).thenReturn(null); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - - @Test - public void noCookiesInRequest() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/resource"); - when(request.getCookies()).thenReturn(new Cookie[0]); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void nullCookiesInRequest() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/resource"); - when(request.getCookies()).thenReturn(null); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException { - when(request.getPathInfo()).thenReturn("/resource"); - String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1); - Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku"))); - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - // set max session time to timout value - long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut(); - long startTime = authenticationCookie.getMaxSessionTime(); - long timeout = startTime - maxSessionTimeOut - 1000l; - authenticationCookie.setMaxSessionTime(timeout); - Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - // set session time to timout to idle - long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut(); - long sessionStartTime = authenticationCookie.getCurrentSessionTime(); - long timeout = sessionStartTime - idleSessionTimeOut - 2000; - authenticationCookie.setCurrentSessionTime(timeout); - Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); - } - - @Test - public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - -// test validate contains - @Test - public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException { - when(request.getPathInfo()).thenReturn("/resource"); - - AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); - Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); - - when(request.getCookies()).thenReturn(new Cookie[]{cookie}); - sessionValidationFilter.doFilter(request, response, filterChain); - Mockito.verify(filterChain, times(1)).doFilter(request, response); - } - -} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java new file mode 100644 index 0000000000..402803479f --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/AuthenticationCookieUtilsTest.java @@ -0,0 +1,64 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +import org.junit.Test; + +import javax.servlet.http.Cookie; + +import java.io.IOException; +import org.openecomp.sdc.securityutil.AuthenticationCookie; +import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; +import org.openecomp.sdc.securityutil.CipherUtilException; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.openecomp.sdc.securityutil.filters.SampleFilter; + +import static org.junit.Assert.*; + +public class AuthenticationCookieUtilsTest { + + private SampleFilter sessionValidationFilter = new SampleFilter(); + private ISessionValidationFilterConfiguration filterCfg = sessionValidationFilter.getFilterConfiguration(); + + @Test + public void vaildateThatCookieCurrentSessionTimeIncreased() throws IOException, CipherUtilException { + // original cookie, pojo and servlet cookie + AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); + Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils + .getEncryptedCookie(authenticationCookieOriginal,filterCfg )); + // cookie with increased time, pojo and servlet cookie + Cookie cookieWithIncreasedTime = AuthenticationCookieUtils.updateSessionTime(cookieWithOriginalTime, filterCfg); + AuthenticationCookie authenticationCookieIncreasedTime = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithIncreasedTime, filterCfg); + // validation + long currentSessionTimeOriginal = authenticationCookieOriginal.getCurrentSessionTime(); + long currentSessionTimeIncreased = authenticationCookieIncreasedTime.getCurrentSessionTime(); + assertTrue(currentSessionTimeOriginal < currentSessionTimeIncreased); + } + + @Test + public void validateSerializationEncriptionDeserializationDecryption() throws IOException, CipherUtilException { + // original cookie, pojo and servlet cookie + AuthenticationCookie authenticationCookieOriginal = new AuthenticationCookie("kuku"); + Cookie cookieWithOriginalTime = new Cookie(filterCfg.getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookieOriginal,filterCfg )); + // cookie with increased time, pojo and servlet cookie + AuthenticationCookie decriptedAndDeserializedAuthenticationCookie = AuthenticationCookieUtils.getAuthenticationCookie(cookieWithOriginalTime,filterCfg); + assertTrue(authenticationCookieOriginal.equals(decriptedAndDeserializedAuthenticationCookie)); + } + +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java new file mode 100644 index 0000000000..888c888d42 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/CipherUtilTest.java @@ -0,0 +1,73 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.RandomStringUtils; +import org.junit.Test; +import org.openecomp.sdc.securityutil.CipherUtil; +import org.openecomp.sdc.securityutil.CipherUtilException; + +import static org.junit.Assert.*; + +public class CipherUtilTest { + + private static final String KEY = "AGLDdG4D04BKm2IxIWEr8o=="; + private static final String DATA = "data"; + + @Test + public void encryptDecryptPKC() throws CipherUtilException { + String generatedKey = RandomStringUtils.randomAlphabetic(16); + String base64Key = Base64.encodeBase64String(generatedKey.getBytes()); + String encrypted = CipherUtil.encryptPKC(DATA, base64Key); + assertNotEquals(DATA, encrypted); + String decrypted = CipherUtil.decryptPKC(encrypted, base64Key); + assertEquals(decrypted, DATA); + } + + @Test + public void encryptInvalidKey() { + try { + CipherUtil.encryptPKC(DATA, "invalidKey"); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("Invalid AES key length")); + } + } + + @Test + public void decryptInvalidKey() { + try { + CipherUtil.decryptPKC(DATA, "invalidKey"); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("length")); + } + } + + @Test + public void decryptInvalidData() { + try { + CipherUtil.decryptPKC(DATA, KEY); + fail(); + } catch (CipherUtilException ex) { + assertTrue(ex.getMessage().contains("Wrong IV length")); + } + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java new file mode 100644 index 0000000000..d3ba3bbe4e --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/PasswordsTest.java @@ -0,0 +1,95 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +import org.junit.Test; +import org.openecomp.sdc.securityutil.Passwords; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +public class PasswordsTest { + + @Test + public void hashPassword() throws Exception { + String hash = Passwords.hashPassword("hello1234"); + assertTrue(Passwords.isExpectedPassword("hello1234", hash)); + + //test different salt-> result in different hash + String hash2 = Passwords.hashPassword("hello1234"); + assertFalse(hash.equals(hash2)); + + String hash3 = Passwords.hashPassword(""); + assertTrue(Passwords.isExpectedPassword("", hash3)); + + String hash4 = Passwords.hashPassword(null); + assertTrue(hash4 == null); + } + + @Test + public void isExpectedPassword() throws Exception { + //region isExpectedPassword(String password, String salt, String hash) + assertTrue(Passwords.isExpectedPassword(null, null, null)); + //valid hash + assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //invalid salt + assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c", "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + assertFalse(Passwords.isExpectedPassword("hello1234", null, "6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //exacly 1 param uninitialized + assertFalse(Passwords.isExpectedPassword("hello1234", "", null)); + assertFalse(Passwords.isExpectedPassword(null, "", "hello1234")); + //no salt & no hash + assertFalse(Passwords.isExpectedPassword("hello1234", null, "hello1234")); + //endregion + + //region isExpectedPassword(String password, String expectedHash) + assertTrue(Passwords.isExpectedPassword(null, null)); + //valid hash + assertTrue(Passwords.isExpectedPassword("hello1234", "e0277df331f4ff8f74752ac4a8fbe03b:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //invalid salt + assertFalse(Passwords.isExpectedPassword("hello1234", "c0000df331f4ff8f74752ac4a00be03c:6dfbad308cdf53c9ff2ee2dca811ee92f1b359586b33027580e2ff92578edbd0")); + //exacly 1 param uninitialized + assertFalse(Passwords.isExpectedPassword("hello1234", null)); + assertFalse(Passwords.isExpectedPassword(null, "hello1234")); + //no salt & no hash + assertFalse(Passwords.isExpectedPassword("hello1234", "hello1234")); + //endregion + } + + @Test + public void hashtest() { + String password = "123456"; + String hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = "1sdfgsgd23456"; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = "1sdfgsgd2345((*&%$%6"; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = ""; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + password = " "; + hash = Passwords.hashPassword(password); + assertTrue(Passwords.isExpectedPassword(password, hash)); + } + + +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java new file mode 100644 index 0000000000..5960c82130 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/RepresentationUtilsTest.java @@ -0,0 +1,54 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +import org.junit.Test; + +import java.io.IOException; +import java.util.HashSet; +import java.util.Set; +import org.openecomp.sdc.securityutil.AuthenticationCookie; +import org.openecomp.sdc.securityutil.RepresentationUtils; + +import static org.junit.Assert.assertTrue; + +public class RepresentationUtilsTest { + + private static AuthenticationCookie originalCookie = new AuthenticationCookie("kuku"); + + @Test + public void representationE2EwithRoleNull() throws IOException { + originalCookie.setRoles(null); + String jsonStr = RepresentationUtils.toRepresentation(originalCookie); + AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); + assertTrue(originalCookie.equals(cookieFromJson)); + } + + @Test + public void representationE2EwithRoleNotNull() throws IOException { + Set roles = new HashSet(); + roles.add("Designer"); + roles.add("Admin"); + roles.add("Tester"); + originalCookie.setRoles(roles); + String jsonStr = RepresentationUtils.toRepresentation(originalCookie); + AuthenticationCookie cookieFromJson = RepresentationUtils.fromRepresentation(jsonStr, AuthenticationCookie.class); + assertTrue(originalCookie.equals(cookieFromJson)); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SecurityUtilTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SecurityUtilTest.java new file mode 100644 index 0000000000..938f3c5e92 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SecurityUtilTest.java @@ -0,0 +1,49 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +import org.junit.Test; + +import java.util.Base64; +import org.openecomp.sdc.securityutil.SecurityUtil; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; + +public class SecurityUtilTest { + + @Test + public void encryptDecryptAES128() { + String data = "decrypt SUCCESS!!"; + String encrypted = SecurityUtil.INSTANCE.encrypt(data).left().value(); + assertNotEquals( data, encrypted ); + byte[] decryptMsg = Base64.getDecoder().decode(encrypted); + assertEquals( SecurityUtil.INSTANCE.decrypt( decryptMsg , false ).left().value() ,data ); + assertEquals( SecurityUtil.INSTANCE.decrypt( encrypted.getBytes() , true ).left().value() ,data ); + } + + @Test + public void obfuscateKey() { + String key = "abcdefghij123456"; + String expectedkey = "********ij123456"; + String obfuscated = SecurityUtil.INSTANCE.obfuscateKey( key ); + System.out.println( obfuscated ); + assertEquals( obfuscated , expectedkey ); + } +} diff --git a/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java new file mode 100644 index 0000000000..07151bc4d5 --- /dev/null +++ b/openecomp-be/backend/openecomp-sdc-security-util/src/test/java/SessionValidationFilterTest.java @@ -0,0 +1,178 @@ +/*- + * ============LICENSE_START======================================================= + * SDC + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.Spy; +import org.mockito.junit.MockitoJUnitRunner; + +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import org.openecomp.sdc.securityutil.AuthenticationCookie; +import org.openecomp.sdc.securityutil.AuthenticationCookieUtils; +import org.openecomp.sdc.securityutil.CipherUtilException; +import org.openecomp.sdc.securityutil.RepresentationUtils; +import org.openecomp.sdc.securityutil.filters.ResponceWrapper; +import org.openecomp.sdc.securityutil.filters.SampleFilter; + +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.when; + +@RunWith(MockitoJUnitRunner.class) +public class SessionValidationFilterTest { + + @Mock + private HttpServletRequest request; + @Spy + private HttpServletResponse response; + @Mock + private FilterChain filterChain; + @Mock + private FilterConfig filterConfig; + @Mock + private ResponceWrapper responceWrapper; + + // implementation of SessionValidationFilter + @InjectMocks + @Spy + private SampleFilter sessionValidationFilter = new SampleFilter(); + + @Before + public void setUpClass() throws ServletException { + sessionValidationFilter.init(filterConfig); + } + + @Test + public void excludedUrlHealthcheck() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/healthCheck"); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + @Test + public void excludedUrlUpload() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/upload/123"); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + // case when url pattern in web.xml is forward slash (/) + @Test + public void pathInfoIsNull() throws IOException, ServletException { + when(request.getServletPath()).thenReturn("/upload/2"); + when(request.getPathInfo()).thenReturn(null); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + + @Test + public void noCookiesInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + when(request.getCookies()).thenReturn(new Cookie[0]); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void nullCookiesInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + when(request.getCookies()).thenReturn(null); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void noCookiesWithCorrectNameInRequest() throws IOException, ServletException { + when(request.getPathInfo()).thenReturn("/resource"); + String newNameNotContainsRealName = sessionValidationFilter.getFilterConfiguration().getCookieName().substring(1); + Cookie cookie = new Cookie("fake" + newNameNotContainsRealName + "fake2", RepresentationUtils.toRepresentation(new AuthenticationCookie("kuku"))); + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void cookieMaxSessionTimeTimedOut() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + // set max session time to timout value + long maxSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getMaxSessionTimeOut(); + long startTime = authenticationCookie.getMaxSessionTime(); + long timeout = startTime - maxSessionTimeOut - 1000l; + authenticationCookie.setMaxSessionTime(timeout); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils + .getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void cookieSessionIdle() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + // set session time to timout to idle + long idleSessionTimeOut = sessionValidationFilter.getFilterConfiguration().getSessionIdleTimeOut(); + long sessionStartTime = authenticationCookie.getCurrentSessionTime(); + long timeout = sessionStartTime - idleSessionTimeOut - 2000; + authenticationCookie.setCurrentSessionTime(timeout); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(response, times(1)).sendRedirect(sessionValidationFilter.getFilterConfiguration().getRedirectURL()); + } + + @Test + public void requestThatPassFilter() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + Cookie cookie = new Cookie(sessionValidationFilter.getFilterConfiguration().getCookieName(), AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + +// test validate contains + @Test + public void requestThatPassFilterWithCookieNameAsPartOfOtherString() throws IOException, ServletException, CipherUtilException { + when(request.getPathInfo()).thenReturn("/resource"); + + AuthenticationCookie authenticationCookie = new AuthenticationCookie("kuku"); + Cookie cookie = new Cookie("some" +sessionValidationFilter.getFilterConfiguration().getCookieName() + "Thing", AuthenticationCookieUtils.getEncryptedCookie(authenticationCookie, sessionValidationFilter.getFilterConfiguration())); + + when(request.getCookies()).thenReturn(new Cookie[]{cookie}); + sessionValidationFilter.doFilter(request, response, filterChain); + Mockito.verify(filterChain, times(1)).doFilter(request, response); + } + +} -- cgit 1.2.3-korg