1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import org.apache.commons.lang3.reflect.FieldUtils;
26 import org.jetbrains.annotations.NotNull;
27 import org.json.JSONArray;
28 import org.json.JSONObject;
29 import org.junit.Before;
30 import org.junit.Test;
31 import org.junit.runner.RunWith;
32 import org.mockito.Mock;
33 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
34 import org.onap.dmaap.datarouter.authz.Authorizer;
35 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
36 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
37 import org.powermock.api.mockito.PowerMockito;
38 import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor;
39 import org.powermock.modules.junit4.PowerMockRunner;
41 import javax.servlet.ServletInputStream;
42 import javax.servlet.ServletOutputStream;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import java.util.HashSet;
48 import static org.hamcrest.Matchers.notNullValue;
49 import static org.mockito.Mockito.*;
50 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
53 @RunWith(PowerMockRunner.class)
54 @SuppressStaticInitializationFor("org.onap.dmaap.datarouter.provisioning.beans.Feed")
55 public class FeedServletTest extends DrServletTestBase {
57 private static FeedServlet feedServlet;
60 private HttpServletRequest request;
62 private HttpServletResponse response;
65 public void setUp() throws Exception {
67 feedServlet = new FeedServlet();
68 setAuthoriserToReturnRequestIsAuthorized();
69 setPokerToNotCreateTimersWhenDeleteFeedIsCalled();
70 setUpValidAuthorisedRequest();
71 setUpValidSecurityOnHttpRequest();
72 setUpValidContentHeadersAndJSONOnHttpRequest();
76 public void Given_Request_Is_HTTP_DELETE_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
78 when(request.isSecure()).thenReturn(false);
79 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
80 feedServlet.doDelete(request, response);
81 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
86 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
88 setBehalfHeader(null);
89 feedServlet.doDelete(request, response);
90 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
95 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
97 when(request.getPathInfo()).thenReturn(null);
98 feedServlet.doDelete(request, response);
99 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
104 public void Given_Request_Is_HTTP_DELETE_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
106 setFeedToReturnInvalidFeedIdSupplied();
107 feedServlet.doDelete(request, response);
108 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
113 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
115 setAuthoriserToReturnRequestNotAuthorized();
116 feedServlet.doDelete(request, response);
117 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
122 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported()
124 FeedServlet feedServlet = new FeedServlet() {
125 protected boolean doUpdate(Updateable bean) {
129 feedServlet.doDelete(request, response);
131 .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
136 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated()
138 FeedServlet feedServlet = new FeedServlet() {
139 protected boolean doUpdate(Updateable bean) {
143 feedServlet.doDelete(request, response);
144 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
148 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
150 when(request.isSecure()).thenReturn(false);
151 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
152 feedServlet.doGet(request, response);
153 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
157 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
159 setBehalfHeader(null);
160 feedServlet.doGet(request, response);
161 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
166 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
168 when(request.getPathInfo()).thenReturn(null);
169 feedServlet.doGet(request, response);
170 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
175 public void Given_Request_Is_HTTP_GET_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
177 setFeedToReturnInvalidFeedIdSupplied();
178 feedServlet.doGet(request, response);
179 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
184 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
186 setAuthoriserToReturnRequestNotAuthorized();
187 feedServlet.doGet(request, response);
188 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
193 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
194 ServletOutputStream outStream = mock(ServletOutputStream.class);
195 when(response.getOutputStream()).thenReturn(outStream);
196 feedServlet.doGet(request, response);
197 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
202 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
204 when(request.isSecure()).thenReturn(false);
205 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
206 feedServlet.doPut(request, response);
207 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
211 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
213 setBehalfHeader(null);
214 feedServlet.doPut(request, response);
215 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
220 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated()
222 when(request.getPathInfo()).thenReturn(null);
223 feedServlet.doPut(request, response);
224 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
229 public void Given_Request_Is_HTTP_PUT_And_Feed_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated()
231 setFeedToReturnInvalidFeedIdSupplied();
232 feedServlet.doPut(request, response);
233 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
237 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
239 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed-fail; version=2.0");
240 when(request.getContentType()).thenReturn("stub_contentType");
241 feedServlet.doPut(request, response);
243 .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
247 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
249 ServletInputStream inStream = mock(ServletInputStream.class);
250 when(request.getInputStream()).thenReturn(inStream);
251 feedServlet.doPut(request, response);
252 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
256 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Invalid_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
257 FeedServlet feedServlet = new FeedServlet() {
258 protected JSONObject getJSONfromInput(HttpServletRequest req) {
259 return new JSONObject();
262 feedServlet.doPut(request, response);
263 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
267 public void Given_Request_Is_HTTP_PUT_And_Feed_Change_Is_Not_Publisher_Who_Requested_Feed_Bad_Request_Response_Is_Generated() throws Exception {
268 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
269 JSONObject JSObject = buildRequestJsonObject();
270 FeedServlet feedServlet = new FeedServlet() {
271 protected JSONObject getJSONfromInput(HttpServletRequest req) {
272 JSONObject jo = new JSONObject();
273 jo.put("name", "stub_name");
274 jo.put("version", "1.0");
275 jo.put("authorization", JSObject);
280 feedServlet.doPut(request, response);
281 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
285 public void Given_Request_Is_HTTP_PUT_And_Feed_Name_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
286 JSONObject JSObject = buildRequestJsonObject();
287 FeedServlet feedServlet = new FeedServlet() {
288 protected JSONObject getJSONfromInput(HttpServletRequest req) {
289 JSONObject jo = new JSONObject();
290 jo.put("name", "not_stub_name");
291 jo.put("version", "1.0");
292 jo.put("authorization", JSObject);
296 feedServlet.doPut(request, response);
297 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
301 public void Given_Request_Is_HTTP_PUT_And_Feed_Version_Change_is_Requested_Bad_Request_Response_Is_Generated() throws Exception {
302 JSONObject JSObject = buildRequestJsonObject();
303 FeedServlet feedServlet = new FeedServlet() {
304 protected JSONObject getJSONfromInput(HttpServletRequest req) {
305 JSONObject jo = new JSONObject();
306 jo.put("name", "stub_name");
307 jo.put("version", "2.0");
308 jo.put("authorization", JSObject);
312 feedServlet.doPut(request, response);
313 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
317 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
318 JSONObject JSObject = buildRequestJsonObject();
319 FeedServlet feedServlet = new FeedServlet() {
320 protected JSONObject getJSONfromInput(HttpServletRequest req) {
321 JSONObject jo = new JSONObject();
322 jo.put("name", "stub_name");
323 jo.put("version", "1.0");
324 jo.put("authorization", JSObject);
328 setAuthoriserToReturnRequestNotAuthorized();
329 feedServlet.doPut(request, response);
330 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
334 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Fails_A_STATUS_OK_Response_Is_Generated() throws Exception {
335 ServletOutputStream outStream = mock(ServletOutputStream.class);
336 when(response.getOutputStream()).thenReturn(outStream);
338 JSONObject JSObject = buildRequestJsonObject();
339 FeedServlet feedServlet = new FeedServlet() {
340 protected JSONObject getJSONfromInput(HttpServletRequest req) {
341 JSONObject jo = new JSONObject();
342 jo.put("name", "stub_name");
343 jo.put("version", "1.0");
344 jo.put("authorization", JSObject);
349 protected boolean doUpdate(Updateable bean) {
353 feedServlet.doPut(request, response);
354 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
358 public void Given_Request_Is_HTTP_PUT_And_Change_On_Feeds_Suceeds_A_STATUS_OK_Response_Is_Generated() throws Exception {
359 ServletOutputStream outStream = mock(ServletOutputStream.class);
360 when(response.getOutputStream()).thenReturn(outStream);
361 JSONObject JSObject = buildRequestJsonObject();
362 FeedServlet feedServlet = new FeedServlet() {
363 protected JSONObject getJSONfromInput(HttpServletRequest req) {
364 JSONObject jo = new JSONObject();
365 jo.put("name", "stub_name");
366 jo.put("version", "1.0");
367 jo.put("authorization", JSObject);
372 protected boolean doUpdate(Updateable bean) {
376 feedServlet.doPut(request, response);
377 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
381 public void Given_Request_Is_HTTP_POST_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
382 feedServlet.doPost(request, response);
383 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), argThat(notNullValue(String.class)));
387 private JSONObject buildRequestJsonObject() {
388 JSONObject JSObject = new JSONObject();
389 JSONArray endpointIDs = new JSONArray();
390 JSONObject JOEndpointIDs = new JSONObject();
391 JOEndpointIDs.put("id", "stub_endpoint_id");
392 JOEndpointIDs.put("password", "stub_endpoint_password");
393 endpointIDs.put(JOEndpointIDs);
395 JSONArray endpointAddresses = new JSONArray();
396 endpointAddresses.put("127.0.0.1");
398 JSObject.put("classification", "stub_classification");
399 JSObject.put("endpoint_ids", endpointIDs);
400 JSObject.put("endpoint_addrs", endpointAddresses);
404 private void setUpValidSecurityOnHttpRequest() throws Exception {
405 when(request.isSecure()).thenReturn(true);
406 Set<String> authAddressesAndNetworks = new HashSet<String>();
407 authAddressesAndNetworks.add(("127.0.0.1"));
409 .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
411 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
414 private void setBehalfHeader(String headerValue) {
415 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
418 private void setValidPathInfoInHttpHeader() {
419 when(request.getPathInfo()).thenReturn("/123");
422 private void setFeedToReturnInvalidFeedIdSupplied() {
423 PowerMockito.mockStatic(Feed.class);
424 PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(null);
427 private void setFeedToReturnValidFeedForSuppliedId() {
428 PowerMockito.mockStatic(Feed.class);
429 Feed feed = mock(Feed.class);
430 PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(feed);
431 when(feed.isDeleted()).thenReturn(false);
432 when(feed.asJSONObject(true)).thenReturn(mock(JSONObject.class));
433 when(feed.getPublisher()).thenReturn("Stub_Value");
434 when(feed.getName()).thenReturn("stub_name");
435 when(feed.getVersion()).thenReturn("1.0");
436 when(feed.asLimitedJSONObject()).thenReturn(mock(JSONObject.class));
439 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
440 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
441 Authorizer authorizer = mock(Authorizer.class);
442 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
443 when(authorizer.decide(request)).thenReturn(authResponse);
444 when(authResponse.isAuthorized()).thenReturn(false);
447 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
448 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
449 Authorizer authorizer = mock(Authorizer.class);
450 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
451 when(authorizer.decide(request)).thenReturn(authResponse);
452 when(authResponse.isAuthorized()).thenReturn(true);
455 private void setPokerToNotCreateTimersWhenDeleteFeedIsCalled() throws Exception {
456 Poker poker = mock(Poker.class);
457 FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
460 private void setUpValidAuthorisedRequest() throws Exception {
461 setUpValidSecurityOnHttpRequest();
462 setBehalfHeader("Stub_Value");
463 setValidPathInfoInHttpHeader();
464 setFeedToReturnValidFeedForSuppliedId();
467 private void setUpValidContentHeadersAndJSONOnHttpRequest() {
468 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.feed; version=1.0");
469 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");