1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import org.apache.commons.lang3.reflect.FieldUtils;
26 import org.jetbrains.annotations.NotNull;
27 import org.json.JSONObject;
28 import org.junit.Before;
29 import org.junit.Test;
30 import org.junit.runner.RunWith;
31 import org.mockito.Mock;
32 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
33 import org.onap.dmaap.datarouter.authz.Authorizer;
34 import org.onap.dmaap.datarouter.provisioning.beans.Deleteable;
35 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
36 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
37 import org.powermock.api.mockito.PowerMockito;
38 import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor;
39 import org.powermock.modules.junit4.PowerMockRunner;
41 import javax.servlet.ServletInputStream;
42 import javax.servlet.ServletOutputStream;
43 import javax.servlet.http.HttpServletRequest;
44 import javax.servlet.http.HttpServletResponse;
45 import java.util.HashSet;
48 import static org.hamcrest.Matchers.notNullValue;
49 import static org.mockito.Mockito.*;
50 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
53 @RunWith(PowerMockRunner.class)
54 @SuppressStaticInitializationFor("org.onap.dmaap.datarouter.provisioning.beans.Subscription")
55 public class SubscriptionServletTest extends DrServletTestBase {
56 private SubscriptionServlet subscriptionServlet;
59 private HttpServletRequest request;
61 private HttpServletResponse response;
64 public void setUp() throws Exception {
66 subscriptionServlet = new SubscriptionServlet();
67 setAuthoriserToReturnRequestIsAuthorized();
68 setPokerToNotCreateTimersWhenDeleteSubscriptionIsCalled();
69 setupValidAuthorisedRequest();
70 setUpValidSecurityOnHttpRequest();
74 public void Given_Request_Is_HTTP_DELETE_SC_Forbidden_Response_Is_Generated() throws Exception {
75 when(request.isSecure()).thenReturn(false);
76 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
77 subscriptionServlet.doDelete(request, response);
78 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
82 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
83 setBehalfHeader(null);
84 subscriptionServlet.doDelete(request, response);
85 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
89 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
90 when(request.getPathInfo()).thenReturn(null);
91 subscriptionServlet.doDelete(request, response);
92 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
96 public void Given_Request_Is_HTTP_DELETE_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
97 setSubscriptionToReturnInvalidSubscriptionIdSupplied();
98 subscriptionServlet.doDelete(request, response);
99 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
103 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
104 setAuthoriserToReturnRequestNotAuthorized();
105 subscriptionServlet.doDelete(request, response);
106 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
110 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported() throws Exception {
111 SubscriptionServlet subscriptionServlet = new SubscriptionServlet(){
112 public boolean doDelete(Deleteable deletable){
116 subscriptionServlet.doDelete(request, response);
117 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
121 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated() throws Exception {
122 SubscriptionServlet subscriptionServlet = new SubscriptionServlet(){
123 public boolean doDelete(Deleteable deletable){
127 subscriptionServlet.doDelete(request, response);
128 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
132 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
133 when(request.isSecure()).thenReturn(false);
134 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
135 subscriptionServlet.doGet(request, response);
136 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
140 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
141 setBehalfHeader(null);
142 subscriptionServlet.doGet(request, response);
143 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
147 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
148 when(request.getPathInfo()).thenReturn(null);
149 subscriptionServlet.doGet(request, response);
150 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
154 public void Given_Request_Is_HTTP_GET_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
155 setSubscriptionToReturnInvalidSubscriptionIdSupplied();
156 subscriptionServlet.doGet(request, response);
157 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
161 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
162 setAuthoriserToReturnRequestNotAuthorized();
163 subscriptionServlet.doGet(request, response);
164 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
168 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
169 JSONObject JSObject = buildRequestJsonObject();
170 JSONObject jo = new JSONObject();
171 jo.put("name", "stub_name");
172 jo.put("version", "2.0");
173 jo.put("metadataOnly", true);
174 jo.put("suspend", true);
175 jo.put("delivery", JSObject);
176 jo.put("sync", true);
177 Subscription sub = new Subscription(jo);
178 PowerMockito.mockStatic(Subscription.class);
179 PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(sub);
180 ServletOutputStream outStream = mock(ServletOutputStream.class);
181 when(response.getOutputStream()).thenReturn(outStream);
182 subscriptionServlet.doGet(request, response);
183 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
187 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
188 when(request.isSecure()).thenReturn(false);
189 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
190 subscriptionServlet.doPut(request, response);
191 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
195 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
196 setBehalfHeader(null);
197 subscriptionServlet.doPut(request, response);
198 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
202 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
203 when(request.getPathInfo()).thenReturn(null);
204 subscriptionServlet.doPut(request, response);
205 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
209 public void Given_Request_Is_HTTP_PUT_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
210 setSubscriptionToReturnInvalidSubscriptionIdSupplied();
211 subscriptionServlet.doPut(request, response);
212 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
216 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
217 setAuthoriserToReturnRequestNotAuthorized();
218 subscriptionServlet.doPut(request, response);
219 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
223 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
224 when(request.getContentType()).thenReturn("stub_ContentType");
225 subscriptionServlet.doPut(request, response);
226 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
230 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
231 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
232 ServletInputStream inStream = mock(ServletInputStream.class);
233 when(request.getInputStream()).thenReturn(inStream);
234 subscriptionServlet.doPut(request, response);
235 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
239 public void Given_Request_Is_HTTP_PUT_And_Subscription_Object_Is_Invalid_Bad_Request_Response_Is_Generated() throws Exception {
240 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
241 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
242 protected JSONObject getJSONfromInput(HttpServletRequest req) {
243 JSONObject jo = new JSONObject();
247 subscriptionServlet.doPut(request, response);
248 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
252 public void Given_Request_Is_HTTP_PUT_And_Subscriber_Modified_By_Different_Creator() throws Exception {
253 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
254 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
255 JSONObject JSObject = buildRequestJsonObject();
256 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
257 protected JSONObject getJSONfromInput(HttpServletRequest req) {
258 JSONObject jo = new JSONObject();
259 jo.put("name", "stub_name");
260 jo.put("version", "2.0");
261 jo.put("metadataOnly", true);
262 jo.put("suspend", true);
263 jo.put("delivery", JSObject);
264 jo.put("sync", true);
268 subscriptionServlet.doPut(request, response);
269 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
273 public void Given_Request_Is_HTTP_PUT_And_Update_Fails() throws Exception {
274 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
275 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
276 JSONObject JSObject = buildRequestJsonObject();
277 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
278 protected JSONObject getJSONfromInput(HttpServletRequest req) {
279 JSONObject jo = new JSONObject();
280 jo.put("name", "stub_name");
281 jo.put("version", "2.0");
282 jo.put("metadataOnly", true);
283 jo.put("suspend", true);
284 jo.put("delivery", JSObject);
285 jo.put("sync", true);
290 protected boolean doUpdate(Updateable bean) {
294 subscriptionServlet.doPut(request, response);
295 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
299 public void Given_Request_Is_HTTP_PUT_And_Update_Succeeds() throws Exception {
300 ServletOutputStream outStream = mock(ServletOutputStream.class);
301 when(response.getOutputStream()).thenReturn(outStream);
302 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
303 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
304 JSONObject JSObject = buildRequestJsonObject();
305 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
306 protected JSONObject getJSONfromInput(HttpServletRequest req) {
307 JSONObject jo = new JSONObject();
308 jo.put("name", "stub_name");
309 jo.put("version", "2.0");
310 jo.put("metadataOnly", true);
311 jo.put("suspend", true);
312 jo.put("delivery", JSObject);
313 jo.put("sync", true);
318 protected boolean doUpdate(Updateable bean) {
322 subscriptionServlet.doPut(request, response);
323 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
327 public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
328 when(request.isSecure()).thenReturn(false);
329 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
330 subscriptionServlet.doPost(request, response);
331 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
335 public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
336 setBehalfHeader(null);
337 subscriptionServlet.doPost(request, response);
338 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
342 public void Given_Request_Is_HTTP_POST_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
343 when(request.getPathInfo()).thenReturn(null);
344 subscriptionServlet.doPost(request, response);
345 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
349 public void Given_Request_Is_HTTP_POST_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
350 setSubscriptionToReturnInvalidSubscriptionIdSupplied();
351 subscriptionServlet.doPost(request, response);
352 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
356 public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
357 when(request.getContentType()).thenReturn("stub_ContentType");
358 subscriptionServlet.doPost(request, response);
359 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
363 public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
364 when(request.getHeader(anyString())).thenReturn("application/vnd.att-dr.subscription-control");
365 setAuthoriserToReturnRequestNotAuthorized();
366 subscriptionServlet.doPost(request, response);
367 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
371 public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
372 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
373 ServletInputStream inStream = mock(ServletInputStream.class);
374 when(request.getInputStream()).thenReturn(inStream);
375 subscriptionServlet.doPost(request, response);
376 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
380 public void Given_Request_Is_HTTP_POST_And_Post_Fails() throws Exception {
381 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
382 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
383 JSONObject JSObject = buildRequestJsonObject();
384 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
385 protected JSONObject getJSONfromInput(HttpServletRequest req) {
386 JSONObject jo = new JSONObject();
387 jo.put("name", "stub_name");
388 jo.put("version", "2.0");
389 jo.put("metadataOnly", true);
390 jo.put("suspend", true);
391 jo.put("delivery", JSObject);
395 subscriptionServlet.doPost(request, response);
396 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
400 public void Given_Request_Is_HTTP_POST_And_Post_Succeeds() throws Exception {
401 ServletOutputStream outStream = mock(ServletOutputStream.class);
402 when(response.getOutputStream()).thenReturn(outStream);
403 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
404 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
405 JSONObject JSObject = buildRequestJsonObject();
406 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
407 protected JSONObject getJSONfromInput(HttpServletRequest req) {
408 JSONObject jo = new JSONObject();
409 jo.put("name", "stub_name");
410 jo.put("version", "2.0");
411 jo.put("metadataOnly", true);
412 jo.put("suspend", true);
413 jo.put("delivery", JSObject);
414 jo.put("failed", false);
418 subscriptionServlet.doPost(request, response);
419 verify(response).setStatus(eq(HttpServletResponse.SC_ACCEPTED));
423 private JSONObject buildRequestJsonObject() {
424 JSONObject JSObject = new JSONObject();
425 JSObject.put("url", "https://stub_address");
426 JSObject.put("use100", "true");
427 JSObject.put("password", "stub_password");
428 JSObject.put("user", "stub_user");
432 private void setUpValidSecurityOnHttpRequest() throws Exception {
433 when(request.isSecure()).thenReturn(true);
434 Set<String> authAddressesAndNetworks = new HashSet<String>();
435 authAddressesAndNetworks.add(("127.0.0.1"));
436 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
437 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
440 private void setBehalfHeader(String headerValue) {
441 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
444 private void setValidPathInfoInHttpHeader() {
445 when(request.getPathInfo()).thenReturn("/123");
448 private void setSubscriptionToReturnInvalidSubscriptionIdSupplied() {
449 PowerMockito.mockStatic(Subscription.class);
450 PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(null);
453 private void setSubscriptionToReturnValidSubscriptionForSuppliedId() {
454 PowerMockito.mockStatic(Subscription.class);
455 Subscription subscription = mock(Subscription.class);
456 PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(subscription);
457 when(subscription.getSubscriber()).thenReturn("Stub_Value");
458 when(subscription.asJSONObject()).thenReturn(mock(JSONObject.class));
461 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
462 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
463 Authorizer authorizer = mock(Authorizer.class);
464 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
465 when(authorizer.decide(request)).thenReturn(authResponse);
466 when(authResponse.isAuthorized()).thenReturn(false);
469 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
470 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
471 Authorizer authorizer = mock(Authorizer.class);
472 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
473 when(authorizer.decide(request)).thenReturn(authResponse);
474 when(authResponse.isAuthorized()).thenReturn(true);
477 private void setPokerToNotCreateTimersWhenDeleteSubscriptionIsCalled() throws Exception {
478 Poker poker = mock(Poker.class);
479 FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
482 private void setupValidAuthorisedRequest() throws Exception {
483 setUpValidSecurityOnHttpRequest();
484 setBehalfHeader("Stub_Value");
485 setValidPathInfoInHttpHeader();
486 setSubscriptionToReturnValidSubscriptionForSuppliedId();