2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.policy.pdp.test.std.functions;
23 import static org.junit.Assert.assertEquals;
24 import static org.junit.Assert.assertFalse;
25 import static org.junit.Assert.assertTrue;
26 import static org.junit.Assert.fail;
28 import java.util.ArrayList;
29 import java.util.List;
31 import javax.security.auth.x500.X500Principal;
33 import org.junit.Test;
35 import com.att.research.xacml.api.XACML3;
36 import com.att.research.xacml.std.datatypes.DataTypes;
37 import com.att.research.xacmlatt.pdp.policy.Bag;
38 import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
39 import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
40 import com.att.research.xacmlatt.pdp.policy.FunctionArgumentAttributeValue;
41 import com.att.research.xacmlatt.pdp.policy.FunctionArgumentBag;
42 import com.att.research.xacmlatt.pdp.std.StdFunctions;
43 import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionRFC822NameMatch;
44 import com.att.research.xacmlatt.pdp.std.functions.FunctionDefinitionX500NameMatch;
47 * Test of PDP Functions (See XACML core spec section A.3)
50 * In Eclipse select this file or the enclosing directory, right-click and select Run As/JUnit Test
54 public class FunctionDefinitionSpecialMatchTest {
57 * variables useful in the following tests
59 List<FunctionArgument> arguments = new ArrayList<FunctionArgument>();
62 public void testX500NameMatch() {
63 // assume that the contents of the name components are not significant and we can treat them as simple blocks of "<name>=<value>"
64 String A = "cn=Some person";
65 String B = "O=Medico Corp";
67 String D = "DNQUALIFIER=d string";
68 String E = "SURNAME=some name";
69 String F = "INITIALS=inits";
72 X500Principal abc = new X500Principal(A + "," + B + "," + C);
73 X500Principal dabc = new X500Principal(D + "," + A + "," + B + "," + C);
74 X500Principal abcd = new X500Principal(A + "," + B + "," + C + "," + D);
75 X500Principal adbc = new X500Principal(A + "," + D + "," + B + "," + C);
76 X500Principal dcab = new X500Principal(D + "," + C + "," + A + "," + B) ;
77 X500Principal def = new X500Principal(D + "," + E + "," + F) ;
80 FunctionArgumentAttributeValue attrABC = null;
81 FunctionArgumentAttributeValue attrDABC = null;
82 FunctionArgumentAttributeValue attrABCD = null;
83 FunctionArgumentAttributeValue attrADBC = null;
84 FunctionArgumentAttributeValue attrDCAB = null;
85 FunctionArgumentAttributeValue attrDEF = null;
87 FunctionArgumentAttributeValue attrBad = null;
88 FunctionArgumentBag attrBag = new FunctionArgumentBag(new Bag());
92 attrABC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(abc));
93 attrDABC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(dabc));
94 attrABCD = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(abcd));
95 attrADBC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(adbc));
96 attrDCAB = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(dcab));
97 attrDEF = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(def));
99 attrBad = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(123));
100 } catch (Exception e) {
101 fail("creating attribute e="+ e);
104 FunctionDefinitionX500NameMatch fd = (FunctionDefinitionX500NameMatch) StdFunctions.FD_X500NAME_MATCH;
106 // check identity and type of the thing created
107 assertEquals(XACML3.ID_FUNCTION_X500NAME_MATCH, fd.getId());
108 assertEquals(DataTypes.DT_X500NAME.getId(), fd.getDataTypeArgs().getId());
109 assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
111 // just to be safe... If tests take too long these can probably be eliminated
112 assertFalse(fd.returnsBag());
113 assertEquals(new Integer(2), fd.getNumArgs());
116 // test normal, first exact match for second
118 arguments.add(attrABC);
119 arguments.add(attrABC);
120 ExpressionResult res = fd.evaluate(null, arguments);
121 assertTrue(res.isOk());
122 Boolean resValue = (Boolean)res.getValue().getValue();
123 assertTrue(resValue);
125 // test first is end of second
127 arguments.add(attrABC);
128 arguments.add(attrDABC);
129 res = fd.evaluate(null, arguments);
130 assertTrue(res.isOk());
131 resValue = (Boolean)res.getValue().getValue();
132 assertTrue(resValue);
134 // first exact match for sub-section but not end of second
136 arguments.add(attrABC);
137 arguments.add(attrABCD);
138 res = fd.evaluate(null, arguments);
139 assertTrue(res.isOk());
140 resValue = (Boolean)res.getValue().getValue();
141 assertFalse(resValue);
143 // components of first match components in second but not contiguous
145 arguments.add(attrABC);
146 arguments.add(attrADBC);
147 res = fd.evaluate(null, arguments);
148 assertTrue(res.isOk());
149 resValue = (Boolean)res.getValue().getValue();
150 assertFalse(resValue);
152 // components of first match components in second but not in order
154 arguments.add(attrABC);
155 arguments.add(attrDCAB);
156 res = fd.evaluate(null, arguments);
157 assertTrue(res.isOk());
158 resValue = (Boolean)res.getValue().getValue();
159 assertFalse(resValue);
161 // first does not match second at all
163 arguments.add(attrABC);
164 arguments.add(attrDEF);
165 res = fd.evaluate(null, arguments);
166 assertTrue(res.isOk());
167 resValue = (Boolean)res.getValue().getValue();
168 assertFalse(resValue);
170 // first arg larger than 2nd arg
172 arguments.add(attrABCD);
173 arguments.add(attrABC);
174 res = fd.evaluate(null, arguments);
175 assertTrue(res.isOk());
176 resValue = (Boolean)res.getValue().getValue();
177 assertFalse(resValue);
181 arguments.add(attrABC);
182 arguments.add(attrBad);
183 res = fd.evaluate(null, arguments);
184 assertFalse(res.getStatus().isOk());
185 assertEquals( "function:x500Name-match Expected data type 'x500Name' saw 'integer' at arg index 1", res.getStatus().getStatusMessage());
186 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
190 arguments.add(attrABC);
191 arguments.add(attrABC);
192 arguments.add(attrABC);
193 res = fd.evaluate(null, arguments);
194 assertFalse(res.getStatus().isOk());
195 assertEquals( "function:x500Name-match Expected 2 arguments, got 3", res.getStatus().getStatusMessage());
196 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
200 arguments.add(attrABC);
201 res = fd.evaluate(null, arguments);
202 assertFalse(res.getStatus().isOk());
203 assertEquals( "function:x500Name-match Expected 2 arguments, got 1", res.getStatus().getStatusMessage());
204 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
207 res = fd.evaluate(null, arguments);
208 assertFalse(res.getStatus().isOk());
209 assertEquals( "function:x500Name-match Expected 2 arguments, got 0", res.getStatus().getStatusMessage());
210 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
214 arguments.add(attrABC);
215 arguments.add(attrBag);
216 res = fd.evaluate(null, arguments);
217 assertFalse(res.getStatus().isOk());
218 assertEquals( "function:x500Name-match Expected a simple value, saw a bag at arg index 1", res.getStatus().getStatusMessage());
219 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
224 arguments.add(attrBag);
225 res = fd.evaluate(null, arguments);
226 assertFalse(res.getStatus().isOk());
227 assertEquals( "function:x500Name-match Got null argument at arg index 0", res.getStatus().getStatusMessage());
228 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
234 public void testRfc822NameMatch() {
239 FunctionArgumentAttributeValue attrStringabcxyz = null;
240 FunctionArgumentAttributeValue attrStringABCxyz = null;
241 FunctionArgumentAttributeValue attrStringabcXYZ = null;
242 FunctionArgumentAttributeValue attrStringcx = null;
243 FunctionArgumentAttributeValue attrStringwholedomainpart = null;
244 FunctionArgumentAttributeValue attrStringWholeDomainPart = null;
245 FunctionArgumentAttributeValue attrStringWholeDomain = null;
246 FunctionArgumentAttributeValue attrStringdomainpart = null;
247 FunctionArgumentAttributeValue attrStringDomainPart = null;
248 FunctionArgumentAttributeValue attrStringdotWholeDomain = null;
249 FunctionArgumentAttributeValue attrStringdomain = null;
251 FunctionArgumentAttributeValue attrStringNoMatch = null;
252 FunctionArgumentAttributeValue attrStringMultipleAt = null;
253 FunctionArgumentAttributeValue attrStringMissingLocal = null;
254 FunctionArgumentAttributeValue attrStringMissingDomain = null;
257 FunctionArgumentAttributeValue attrRfcabcxyz = null;
258 FunctionArgumentAttributeValue attrRfcwholedomainpart = null;
259 FunctionArgumentAttributeValue attrRfcWholeDomainPart = null;
261 FunctionArgumentBag attrBag = new FunctionArgumentBag(new Bag());
264 attrStringabcxyz = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("abc@xyz"));
265 attrStringABCxyz = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("ABC@xyz"));
266 attrStringabcXYZ = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("abc@XYZ"));
267 attrStringcx = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("c@x"));
268 attrStringwholedomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("whole.domain.part"));
269 attrStringWholeDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("Whole.Domain.Part"));
270 attrStringWholeDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("Whole.Domain"));
271 attrStringdomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".domain.part"));
272 attrStringDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".Domain.Part"));
273 attrStringdotWholeDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".Whole.Domain"));
274 attrStringdomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".domain."));
276 attrStringNoMatch = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("no match to any legal name"));
277 attrStringMultipleAt = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("name@with@multipleAts"));
278 attrStringMissingLocal = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("@multipleAts"));
279 attrStringMissingDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("localpart@"));
281 attrRfcabcxyz = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@xyz"));
282 attrRfcwholedomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@whole.domain.part"));
283 attrRfcWholeDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@Whole.Domain.Part"));
284 } catch (Exception e) {
285 fail("creating attribute e="+ e);
288 FunctionDefinitionRFC822NameMatch fd = (FunctionDefinitionRFC822NameMatch) StdFunctions.FD_RFC822NAME_MATCH;
290 // check identity and type of the thing created
291 assertEquals(XACML3.ID_FUNCTION_RFC822NAME_MATCH, fd.getId());
292 assertEquals(DataTypes.DT_RFC822NAME.getId(), fd.getDataTypeArgs().getId());
293 assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
295 // just to be safe... If tests take too long these can probably be eliminated
296 assertFalse(fd.returnsBag());
299 // string identical to name - exact match on whole search term
301 arguments.add(attrStringabcxyz);
302 arguments.add(attrRfcabcxyz);
303 ExpressionResult res = fd.evaluate(null, arguments);
304 assertTrue(res.getStatus().isOk());
305 Boolean resValue = (Boolean)res.getValue().getValue();
306 assertTrue(resValue);
308 // no match local case different
310 arguments.add(attrStringABCxyz);
311 arguments.add(attrRfcabcxyz);
312 res = fd.evaluate(null, arguments);
313 assertTrue(res.getStatus().isOk());
314 resValue = (Boolean)res.getValue().getValue();
315 assertFalse(resValue);
317 // match domain case different
319 arguments.add(attrStringabcXYZ);
320 arguments.add(attrRfcabcxyz);
321 res = fd.evaluate(null, arguments);
322 assertTrue(res.getStatus().isOk());
323 resValue = (Boolean)res.getValue().getValue();
324 assertTrue(resValue);
327 // partial local + partial domain
329 arguments.add(attrStringcx);
330 arguments.add(attrRfcabcxyz);
331 res = fd.evaluate(null, arguments);
332 assertTrue(res.getStatus().isOk());
333 resValue = (Boolean)res.getValue().getValue();
334 assertFalse(resValue);
338 arguments.add(attrStringwholedomainpart);
339 arguments.add(attrRfcwholedomainpart);
340 res = fd.evaluate(null, arguments);
341 assertTrue(res.getStatus().isOk());
342 resValue = (Boolean)res.getValue().getValue();
343 assertTrue(resValue);
345 // whole domain different case
347 arguments.add(attrStringWholeDomainPart);
348 arguments.add(attrRfcwholedomainpart);
349 res = fd.evaluate(null, arguments);
350 assertTrue(res.getStatus().isOk());
351 resValue = (Boolean)res.getValue().getValue();
352 assertTrue(resValue);
355 arguments.add(attrStringwholedomainpart);
356 arguments.add(attrRfcWholeDomainPart);
357 res = fd.evaluate(null, arguments);
358 assertTrue(res.getStatus().isOk());
359 resValue = (Boolean)res.getValue().getValue();
360 assertTrue(resValue);
364 arguments.add(attrStringWholeDomain);
365 arguments.add(attrRfcWholeDomainPart);
366 res = fd.evaluate(null, arguments);
367 assertTrue(res.getStatus().isOk());
368 resValue = (Boolean)res.getValue().getValue();
369 assertFalse(resValue);
371 // partial domain match
373 arguments.add(attrStringDomainPart);
374 arguments.add(attrRfcWholeDomainPart);
375 res = fd.evaluate(null, arguments);
376 assertTrue(res.getStatus().isOk());
377 resValue = (Boolean)res.getValue().getValue();
378 assertTrue(resValue);
380 // partial domain different case
382 arguments.add(attrStringdomainpart);
383 arguments.add(attrRfcWholeDomainPart);
384 res = fd.evaluate(null, arguments);
385 assertTrue(res.getStatus().isOk());
386 resValue = (Boolean)res.getValue().getValue();
387 assertTrue(resValue);
389 // partial domain fail
391 arguments.add(attrStringdotWholeDomain);
392 arguments.add(attrRfcWholeDomainPart);
393 res = fd.evaluate(null, arguments);
394 assertTrue(res.getStatus().isOk());
395 resValue = (Boolean)res.getValue().getValue();
396 assertFalse(resValue);
399 arguments.add(attrStringdomain);
400 arguments.add(attrRfcWholeDomainPart);
401 res = fd.evaluate(null, arguments);
402 assertTrue(res.getStatus().isOk());
403 resValue = (Boolean)res.getValue().getValue();
404 assertFalse(resValue);
406 // search term contains more than 1 @
408 arguments.add(attrStringMultipleAt);
409 arguments.add(attrRfcabcxyz);
410 res = fd.evaluate(null, arguments);
411 assertFalse(res.getStatus().isOk());
412 assertEquals( "function:rfc822Name-match String contained more than 1 '@' in 'name@with@multipleAts'", res.getStatus().getStatusMessage());
413 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
415 // search term missing local part
417 arguments.add(attrStringMissingLocal);
418 arguments.add(attrRfcabcxyz);
419 res = fd.evaluate(null, arguments);
420 assertFalse(res.getStatus().isOk());
421 assertEquals( "function:rfc822Name-match String missing local part in '@multipleAts'", res.getStatus().getStatusMessage());
422 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
424 // search term missing domain part
426 arguments.add(attrStringMissingDomain);
427 arguments.add(attrRfcabcxyz);
428 res = fd.evaluate(null, arguments);
429 assertFalse(res.getStatus().isOk());
430 assertEquals( "function:rfc822Name-match String missing domain part in 'localpart@'", res.getStatus().getStatusMessage());
431 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
435 arguments.add(attrRfcabcxyz);
436 arguments.add(attrStringNoMatch);
437 res = fd.evaluate(null, arguments);
438 assertFalse(res.getStatus().isOk());
439 assertEquals( "function:rfc822Name-match Expected data type 'string' saw 'rfc822Name' at arg index 0", res.getStatus().getStatusMessage());
440 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
444 arguments.add(attrStringNoMatch);
445 arguments.add(attrStringNoMatch);
446 arguments.add(attrStringNoMatch);
447 res = fd.evaluate(null, arguments);
448 assertFalse(res.getStatus().isOk());
449 assertEquals( "function:rfc822Name-match Expected 2 arguments, got 3", res.getStatus().getStatusMessage());
450 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
454 arguments.add(attrStringNoMatch);
455 res = fd.evaluate(null, arguments);
456 assertFalse(res.getStatus().isOk());
457 assertEquals( "function:rfc822Name-match Expected 2 arguments, got 1", res.getStatus().getStatusMessage());
458 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
461 res = fd.evaluate(null, arguments);
462 assertFalse(res.getStatus().isOk());
463 assertEquals( "function:rfc822Name-match Expected 2 arguments, got 0", res.getStatus().getStatusMessage());
464 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
468 arguments.add(attrStringNoMatch);
469 arguments.add(attrBag);
470 res = fd.evaluate(null, arguments);
471 assertFalse(res.getStatus().isOk());
472 assertEquals( "function:rfc822Name-match Expected a simple value, saw a bag at arg index 1", res.getStatus().getStatusMessage());
473 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
478 arguments.add(attrStringNoMatch);
479 res = fd.evaluate(null, arguments);
480 assertFalse(res.getStatus().isOk());
481 assertEquals( "function:rfc822Name-match Got null argument at arg index 0", res.getStatus().getStatusMessage());
482 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());