1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import org.apache.commons.lang3.reflect.FieldUtils;
26 import org.jetbrains.annotations.NotNull;
27 import org.json.JSONObject;
28 import org.junit.AfterClass;
29 import org.junit.Before;
30 import org.junit.BeforeClass;
31 import org.junit.Test;
32 import org.junit.runner.RunWith;
33 import org.mockito.Mock;
34 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
35 import org.onap.dmaap.datarouter.authz.Authorizer;
36 import org.onap.dmaap.datarouter.provisioning.beans.Deleteable;
37 import org.onap.dmaap.datarouter.provisioning.beans.SubDelivery;
38 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
39 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
40 import org.onap.dmaap.datarouter.provisioning.utils.DB;
41 import org.powermock.modules.junit4.PowerMockRunner;
43 import javax.persistence.EntityManager;
44 import javax.persistence.EntityManagerFactory;
45 import javax.persistence.Persistence;
46 import javax.servlet.ServletInputStream;
47 import javax.servlet.ServletOutputStream;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50 import java.sql.SQLException;
51 import java.util.HashSet;
54 import static org.hamcrest.Matchers.notNullValue;
55 import static org.mockito.Mockito.*;
56 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
59 @RunWith(PowerMockRunner.class)
60 public class SubscriptionServletTest {
61 private static EntityManagerFactory emf;
62 private static EntityManager em;
63 private SubscriptionServlet subscriptionServlet;
65 private final String URL= "https://172.100.0.5";
66 private final String USER = "user1";
67 private final String PASSWORD="password1";
70 private HttpServletRequest request;
72 private HttpServletResponse response;
75 public static void init() {
76 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
77 em = emf.createEntityManager();
79 "org.onap.dmaap.datarouter.provserver.properties",
80 "src/test/resources/h2Database.properties");
84 public static void tearDownClass() {
91 public void setUp() throws Exception {
92 subscriptionServlet = new SubscriptionServlet();
94 setAuthoriserToReturnRequestIsAuthorized();
95 setPokerToNotCreateTimersWhenDeleteSubscriptionIsCalled();
96 setupValidAuthorisedRequest();
97 setUpValidSecurityOnHttpRequest();
101 public void Given_Request_Is_HTTP_DELETE_SC_Forbidden_Response_Is_Generated() throws Exception {
102 when(request.isSecure()).thenReturn(false);
103 subscriptionServlet.doDelete(request, response);
104 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
108 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
109 setBehalfHeader(null);
110 subscriptionServlet.doDelete(request, response);
111 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
115 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
116 when(request.getPathInfo()).thenReturn(null);
117 subscriptionServlet.doDelete(request, response);
118 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
122 public void Given_Request_Is_HTTP_DELETE_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
123 when(request.getPathInfo()).thenReturn("/3");
124 subscriptionServlet.doDelete(request, response);
125 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
129 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
130 setAuthoriserToReturnRequestNotAuthorized();
131 subscriptionServlet.doDelete(request, response);
132 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
136 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported() throws Exception {
137 SubscriptionServlet subscriptionServlet = new SubscriptionServlet(){
138 public boolean doDelete(Deleteable deletable){
142 subscriptionServlet.doDelete(request, response);
143 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
147 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated() throws Exception {
148 subscriptionServlet.doDelete(request, response);
149 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
150 insertSubscriptionIntoDb();
154 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
155 when(request.isSecure()).thenReturn(false);
156 subscriptionServlet.doGet(request, response);
157 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
161 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
162 setBehalfHeader(null);
163 subscriptionServlet.doGet(request, response);
164 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
168 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
169 when(request.getPathInfo()).thenReturn(null);
170 subscriptionServlet.doGet(request, response);
171 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
175 public void Given_Request_Is_HTTP_GET_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
176 when(request.getPathInfo()).thenReturn("/3");
177 subscriptionServlet.doGet(request, response);
178 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
182 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
183 setAuthoriserToReturnRequestNotAuthorized();
184 subscriptionServlet.doGet(request, response);
185 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
189 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
190 ServletOutputStream outStream = mock(ServletOutputStream.class);
191 when(response.getOutputStream()).thenReturn(outStream);
192 subscriptionServlet.doGet(request, response);
193 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
197 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
198 when(request.isSecure()).thenReturn(false);
199 subscriptionServlet.doPut(request, response);
200 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
204 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
205 setBehalfHeader(null);
206 subscriptionServlet.doPut(request, response);
207 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
211 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
212 when(request.getPathInfo()).thenReturn(null);
213 subscriptionServlet.doPut(request, response);
214 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
218 public void Given_Request_Is_HTTP_PUT_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
219 when(request.getPathInfo()).thenReturn("/3");
220 subscriptionServlet.doPut(request, response);
221 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
225 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
226 setAuthoriserToReturnRequestNotAuthorized();
227 subscriptionServlet.doPut(request, response);
228 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
232 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
233 when(request.getContentType()).thenReturn("stub_ContentType");
234 subscriptionServlet.doPut(request, response);
235 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
239 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
240 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
241 ServletInputStream inStream = mock(ServletInputStream.class);
242 when(request.getInputStream()).thenReturn(inStream);
243 subscriptionServlet.doPut(request, response);
244 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
248 public void Given_Request_Is_HTTP_PUT_And_Subscription_Object_Is_Invalid_Bad_Request_Response_Is_Generated() throws Exception {
249 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
250 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
251 protected JSONObject getJSONfromInput(HttpServletRequest req) {
252 JSONObject jo = new JSONObject();
256 subscriptionServlet.doPut(request, response);
257 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
261 public void Given_Request_Is_HTTP_PUT_And_Subscriber_Modified_By_Different_Creator_Then_Bad_Request_Is_Generated() throws Exception {
262 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
263 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
264 JSONObject JSObject = buildRequestJsonObject();
265 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
266 protected JSONObject getJSONfromInput(HttpServletRequest req) {
267 JSONObject jo = new JSONObject();
268 jo.put("name", "stub_name");
269 jo.put("version", "2.0");
270 jo.put("metadataOnly", true);
271 jo.put("suspend", true);
272 jo.put("delivery", JSObject);
273 jo.put("subscriber", "differentSubscriber");
274 jo.put("sync", true);
278 subscriptionServlet.doPut(request, response);
279 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
283 public void Given_Request_Is_HTTP_PUT_And_Update_Fails() throws Exception {
284 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
285 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
286 JSONObject JSObject = buildRequestJsonObject();
287 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
288 protected JSONObject getJSONfromInput(HttpServletRequest req) {
289 JSONObject jo = new JSONObject();
290 jo.put("name", "stub_name");
291 jo.put("version", "2.0");
292 jo.put("metadataOnly", true);
293 jo.put("suspend", true);
294 jo.put("delivery", JSObject);
295 jo.put("sync", true);
300 protected boolean doUpdate(Updateable bean) {
304 subscriptionServlet.doPut(request, response);
305 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
309 public void Given_Request_Is_HTTP_PUT_And_Update_Succeeds() throws Exception {
310 ServletOutputStream outStream = mock(ServletOutputStream.class);
311 when(response.getOutputStream()).thenReturn(outStream);
312 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
313 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
314 JSONObject JSObject = buildRequestJsonObject();
315 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
316 protected JSONObject getJSONfromInput(HttpServletRequest req) {
317 JSONObject jo = new JSONObject();
318 jo.put("name", "stub_name");
319 jo.put("version", "2.0");
320 jo.put("metadataOnly", true);
321 jo.put("suspend", true);
322 jo.put("delivery", JSObject);
323 jo.put("sync", true);
324 jo.put("changeowner", true);
328 subscriptionServlet.doPut(request, response);
329 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
330 changeSubscriptionBackToNormal();
334 public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
335 when(request.isSecure()).thenReturn(false);
336 subscriptionServlet.doPost(request, response);
337 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
341 public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
342 setBehalfHeader(null);
343 subscriptionServlet.doPost(request, response);
344 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
348 public void Given_Request_Is_HTTP_POST_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
349 when(request.getPathInfo()).thenReturn(null);
350 subscriptionServlet.doPost(request, response);
351 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
355 public void Given_Request_Is_HTTP_POST_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
356 when(request.getPathInfo()).thenReturn("/3");
357 subscriptionServlet.doPost(request, response);
358 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
362 public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
363 when(request.getContentType()).thenReturn("stub_ContentType");
364 subscriptionServlet.doPost(request, response);
365 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
369 public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
370 when(request.getHeader(anyString())).thenReturn("application/vnd.att-dr.subscription-control");
371 setAuthoriserToReturnRequestNotAuthorized();
372 subscriptionServlet.doPost(request, response);
373 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
377 public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
378 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
379 ServletInputStream inStream = mock(ServletInputStream.class);
380 when(request.getInputStream()).thenReturn(inStream);
381 subscriptionServlet.doPost(request, response);
382 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
386 public void Given_Request_Is_HTTP_POST_And_Post_Fails() throws Exception {
387 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
388 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
389 JSONObject JSObject = buildRequestJsonObject();
390 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
391 protected JSONObject getJSONfromInput(HttpServletRequest req) {
392 JSONObject jo = new JSONObject();
393 jo.put("name", "stub_name");
394 jo.put("version", "2.0");
395 jo.put("metadataOnly", true);
396 jo.put("suspend", true);
397 jo.put("delivery", JSObject);
401 subscriptionServlet.doPost(request, response);
402 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
406 public void Given_Request_Is_HTTP_POST_And_Post_Succeeds() throws Exception {
407 ServletOutputStream outStream = mock(ServletOutputStream.class);
408 when(response.getOutputStream()).thenReturn(outStream);
409 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
410 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
411 JSONObject JSObject = buildRequestJsonObject();
412 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
413 protected JSONObject getJSONfromInput(HttpServletRequest req) {
414 JSONObject jo = new JSONObject();
415 jo.put("name", "stub_name");
416 jo.put("version", "2.0");
417 jo.put("metadataOnly", true);
418 jo.put("suspend", true);
419 jo.put("delivery", JSObject);
420 jo.put("failed", false);
424 subscriptionServlet.doPost(request, response);
425 verify(response).setStatus(eq(HttpServletResponse.SC_ACCEPTED));
429 private JSONObject buildRequestJsonObject() {
430 JSONObject JSObject = new JSONObject();
431 JSObject.put("url", "https://stub_address");
432 JSObject.put("use100", "true");
433 JSObject.put("password", "stub_password");
434 JSObject.put("user", "stub_user");
438 private void setUpValidSecurityOnHttpRequest() throws Exception {
439 when(request.isSecure()).thenReturn(true);
440 Set<String> authAddressesAndNetworks = new HashSet<String>();
441 authAddressesAndNetworks.add(("127.0.0.1"));
442 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
443 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
446 private void setBehalfHeader(String headerValue) {
447 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
450 private void setValidPathInfoInHttpHeader() {
451 when(request.getPathInfo()).thenReturn("/1");
454 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
455 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
456 Authorizer authorizer = mock(Authorizer.class);
457 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
458 when(authorizer.decide(request)).thenReturn(authResponse);
459 when(authResponse.isAuthorized()).thenReturn(false);
462 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
463 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
464 Authorizer authorizer = mock(Authorizer.class);
465 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
466 when(authorizer.decide(request)).thenReturn(authResponse);
467 when(authResponse.isAuthorized()).thenReturn(true);
470 private void setPokerToNotCreateTimersWhenDeleteSubscriptionIsCalled() throws Exception {
471 Poker poker = mock(Poker.class);
472 FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
475 private void setupValidAuthorisedRequest() throws Exception {
476 setUpValidSecurityOnHttpRequest();
477 setBehalfHeader("Stub_Value");
478 setValidPathInfoInHttpHeader();
481 private void insertSubscriptionIntoDb() throws SQLException {
482 Subscription subscription = new Subscription(URL, USER, PASSWORD);
483 subscription.setSubid(1);
484 subscription.setSubscriber("user1");
485 subscription.setFeedid(1);
486 SubDelivery subDelivery = new SubDelivery(URL, USER, PASSWORD, true);
487 subscription.setDelivery(subDelivery);
488 subscription.setGroupid(1);
489 subscription.setMetadataOnly(false);
490 subscription.setSuspended(false);
491 subscription.doInsert(db.getConnection());
494 private void changeSubscriptionBackToNormal() throws SQLException {
495 Subscription subscription = new Subscription("https://172.100.0.5", "user1", "password1");
496 subscription.setSubid(1);
497 subscription.setSubscriber("user1");
498 subscription.setFeedid(1);
499 SubDelivery subDelivery = new SubDelivery(URL, USER, PASSWORD, true);
500 subscription.setDelivery(subDelivery);
501 subscription.setGroupid(1);
502 subscription.setMetadataOnly(false);
503 subscription.setSuspended(false);
504 subscription.changeOwnerShip();
505 subscription.doUpdate(db.getConnection());