1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import org.apache.commons.lang3.reflect.FieldUtils;
26 import org.jetbrains.annotations.NotNull;
27 import org.json.JSONObject;
28 import org.junit.AfterClass;
29 import org.junit.Before;
30 import org.junit.BeforeClass;
31 import org.junit.Test;
32 import org.junit.runner.RunWith;
33 import org.mockito.Mock;
34 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
35 import org.onap.dmaap.datarouter.authz.Authorizer;
36 import org.onap.dmaap.datarouter.provisioning.beans.Deleteable;
37 import org.onap.dmaap.datarouter.provisioning.beans.SubDelivery;
38 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
39 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
40 import org.onap.dmaap.datarouter.provisioning.utils.DB;
41 import org.powermock.modules.junit4.PowerMockRunner;
43 import javax.persistence.EntityManager;
44 import javax.persistence.EntityManagerFactory;
45 import javax.persistence.Persistence;
46 import javax.servlet.ServletInputStream;
47 import javax.servlet.ServletOutputStream;
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50 import java.sql.SQLException;
51 import java.util.HashSet;
54 import static org.hamcrest.Matchers.notNullValue;
55 import static org.mockito.Mockito.*;
56 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
59 @RunWith(PowerMockRunner.class)
60 public class SubscriptionServletTest {
61 private static EntityManagerFactory emf;
62 private static EntityManager em;
63 private SubscriptionServlet subscriptionServlet;
67 private HttpServletRequest request;
69 private HttpServletResponse response;
72 public static void init() {
73 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
74 em = emf.createEntityManager();
76 "org.onap.dmaap.datarouter.provserver.properties",
77 "src/test/resources/h2Database.properties");
81 public static void tearDownClass() {
88 public void setUp() throws Exception {
89 subscriptionServlet = new SubscriptionServlet();
91 setAuthoriserToReturnRequestIsAuthorized();
92 setPokerToNotCreateTimersWhenDeleteSubscriptionIsCalled();
93 setupValidAuthorisedRequest();
94 setUpValidSecurityOnHttpRequest();
98 public void Given_Request_Is_HTTP_DELETE_SC_Forbidden_Response_Is_Generated() throws Exception {
99 when(request.isSecure()).thenReturn(false);
100 subscriptionServlet.doDelete(request, response);
101 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
105 public void Given_Request_Is_HTTP_DELETE_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
106 setBehalfHeader(null);
107 subscriptionServlet.doDelete(request, response);
108 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
112 public void Given_Request_Is_HTTP_DELETE_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
113 when(request.getPathInfo()).thenReturn(null);
114 subscriptionServlet.doDelete(request, response);
115 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
119 public void Given_Request_Is_HTTP_DELETE_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
120 when(request.getPathInfo()).thenReturn("/3");
121 subscriptionServlet.doDelete(request, response);
122 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
126 public void Given_Request_Is_HTTP_DELETE_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
127 setAuthoriserToReturnRequestNotAuthorized();
128 subscriptionServlet.doDelete(request, response);
129 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
133 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Fails_An_Internal_Server_Error_Is_Reported() throws Exception {
134 SubscriptionServlet subscriptionServlet = new SubscriptionServlet(){
135 public boolean doDelete(Deleteable deletable){
139 subscriptionServlet.doDelete(request, response);
140 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
144 public void Given_Request_Is_HTTP_DELETE_And_Delete_On_Database_Succeeds_A_NO_CONTENT_Response_Is_Generated() throws Exception {
145 subscriptionServlet.doDelete(request, response);
146 verify(response).setStatus(eq(HttpServletResponse.SC_NO_CONTENT));
147 insertSubscriptionIntoDb();
151 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
152 when(request.isSecure()).thenReturn(false);
153 subscriptionServlet.doGet(request, response);
154 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
158 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
159 setBehalfHeader(null);
160 subscriptionServlet.doGet(request, response);
161 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
165 public void Given_Request_Is_HTTP_GET_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
166 when(request.getPathInfo()).thenReturn(null);
167 subscriptionServlet.doGet(request, response);
168 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
172 public void Given_Request_Is_HTTP_GET_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
173 when(request.getPathInfo()).thenReturn("/3");
174 subscriptionServlet.doGet(request, response);
175 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
179 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
180 setAuthoriserToReturnRequestNotAuthorized();
181 subscriptionServlet.doGet(request, response);
182 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
186 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds() throws Exception {
187 ServletOutputStream outStream = mock(ServletOutputStream.class);
188 when(response.getOutputStream()).thenReturn(outStream);
189 subscriptionServlet.doGet(request, response);
190 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
194 public void Given_Request_Is_HTTP_PUT_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
195 when(request.isSecure()).thenReturn(false);
196 subscriptionServlet.doPut(request, response);
197 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
201 public void Given_Request_Is_HTTP_PUT_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
202 setBehalfHeader(null);
203 subscriptionServlet.doPut(request, response);
204 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
208 public void Given_Request_Is_HTTP_PUT_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
209 when(request.getPathInfo()).thenReturn(null);
210 subscriptionServlet.doPut(request, response);
211 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
215 public void Given_Request_Is_HTTP_PUT_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
216 when(request.getPathInfo()).thenReturn("/3");
217 subscriptionServlet.doPut(request, response);
218 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), argThat(notNullValue(String.class)));
222 public void Given_Request_Is_HTTP_PUT_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
223 setAuthoriserToReturnRequestNotAuthorized();
224 subscriptionServlet.doPut(request, response);
225 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
229 public void Given_Request_Is_HTTP_PUT_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
230 when(request.getContentType()).thenReturn("stub_ContentType");
231 subscriptionServlet.doPut(request, response);
232 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
236 public void Given_Request_Is_HTTP_PUT_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
237 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
238 ServletInputStream inStream = mock(ServletInputStream.class);
239 when(request.getInputStream()).thenReturn(inStream);
240 subscriptionServlet.doPut(request, response);
241 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
245 public void Given_Request_Is_HTTP_PUT_And_Subscription_Object_Is_Invalid_Bad_Request_Response_Is_Generated() throws Exception {
246 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
247 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
248 protected JSONObject getJSONfromInput(HttpServletRequest req) {
249 JSONObject jo = new JSONObject();
253 subscriptionServlet.doPut(request, response);
254 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
258 public void Given_Request_Is_HTTP_PUT_And_Subscriber_Modified_By_Different_Creator_Then_Bad_Request_Is_Generated() throws Exception {
259 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn(null);
260 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
261 JSONObject JSObject = buildRequestJsonObject();
262 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
263 protected JSONObject getJSONfromInput(HttpServletRequest req) {
264 JSONObject jo = new JSONObject();
265 jo.put("name", "stub_name");
266 jo.put("version", "2.0");
267 jo.put("metadataOnly", true);
268 jo.put("suspend", true);
269 jo.put("delivery", JSObject);
270 jo.put("subscriber", "differentSubscriber");
271 jo.put("sync", true);
275 subscriptionServlet.doPut(request, response);
276 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
280 public void Given_Request_Is_HTTP_PUT_And_Update_Fails() throws Exception {
281 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
282 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
283 JSONObject JSObject = buildRequestJsonObject();
284 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
285 protected JSONObject getJSONfromInput(HttpServletRequest req) {
286 JSONObject jo = new JSONObject();
287 jo.put("name", "stub_name");
288 jo.put("version", "2.0");
289 jo.put("metadataOnly", true);
290 jo.put("suspend", true);
291 jo.put("delivery", JSObject);
292 jo.put("sync", true);
297 protected boolean doUpdate(Updateable bean) {
301 subscriptionServlet.doPut(request, response);
302 verify(response).sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), argThat(notNullValue(String.class)));
306 public void Given_Request_Is_HTTP_PUT_And_Update_Succeeds() throws Exception {
307 ServletOutputStream outStream = mock(ServletOutputStream.class);
308 when(response.getOutputStream()).thenReturn(outStream);
309 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
310 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription; version=1.0");
311 JSONObject JSObject = buildRequestJsonObject();
312 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
313 protected JSONObject getJSONfromInput(HttpServletRequest req) {
314 JSONObject jo = new JSONObject();
315 jo.put("name", "stub_name");
316 jo.put("version", "2.0");
317 jo.put("metadataOnly", true);
318 jo.put("suspend", true);
319 jo.put("delivery", JSObject);
320 jo.put("sync", true);
321 jo.put("changeowner", true);
325 subscriptionServlet.doPut(request, response);
326 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
330 public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated() throws Exception {
331 when(request.isSecure()).thenReturn(false);
332 subscriptionServlet.doPost(request, response);
333 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
337 public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated() throws Exception {
338 setBehalfHeader(null);
339 subscriptionServlet.doPost(request, response);
340 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
344 public void Given_Request_Is_HTTP_POST_And_Path_Header_Is_Not_Set_In_Request_With_Valid_Path_Then_Bad_Request_Response_Is_Generated() throws Exception {
345 when(request.getPathInfo()).thenReturn(null);
346 subscriptionServlet.doPost(request, response);
347 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
351 public void Given_Request_Is_HTTP_POST_And_Subscription_Id_Is_Invalid_Then_Not_Found_Response_Is_Generated() throws Exception {
352 when(request.getPathInfo()).thenReturn("/3");
353 subscriptionServlet.doPost(request, response);
354 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
358 public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated() throws Exception {
359 when(request.getContentType()).thenReturn("stub_ContentType");
360 subscriptionServlet.doPost(request, response);
361 verify(response).sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), argThat(notNullValue(String.class)));
365 public void Given_Request_Is_HTTP_POST_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated() throws Exception {
366 when(request.getHeader(anyString())).thenReturn("application/vnd.att-dr.subscription-control");
367 setAuthoriserToReturnRequestNotAuthorized();
368 subscriptionServlet.doPost(request, response);
369 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), argThat(notNullValue(String.class)));
373 public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated() throws Exception {
374 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
375 ServletInputStream inStream = mock(ServletInputStream.class);
376 when(request.getInputStream()).thenReturn(inStream);
377 subscriptionServlet.doPost(request, response);
378 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
382 public void Given_Request_Is_HTTP_POST_And_Post_Fails() throws Exception {
383 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
384 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
385 JSONObject JSObject = buildRequestJsonObject();
386 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
387 protected JSONObject getJSONfromInput(HttpServletRequest req) {
388 JSONObject jo = new JSONObject();
389 jo.put("name", "stub_name");
390 jo.put("version", "2.0");
391 jo.put("metadataOnly", true);
392 jo.put("suspend", true);
393 jo.put("delivery", JSObject);
397 subscriptionServlet.doPost(request, response);
398 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), argThat(notNullValue(String.class)));
402 public void Given_Request_Is_HTTP_POST_And_Post_Succeeds() throws Exception {
403 ServletOutputStream outStream = mock(ServletOutputStream.class);
404 when(response.getOutputStream()).thenReturn(outStream);
405 when(request.getHeader("X-ATT-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
406 when(request.getHeader("Content-Type")).thenReturn("application/vnd.att-dr.subscription-control; version=1.0");
407 JSONObject JSObject = buildRequestJsonObject();
408 SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
409 protected JSONObject getJSONfromInput(HttpServletRequest req) {
410 JSONObject jo = new JSONObject();
411 jo.put("name", "stub_name");
412 jo.put("version", "2.0");
413 jo.put("metadataOnly", true);
414 jo.put("suspend", true);
415 jo.put("delivery", JSObject);
416 jo.put("failed", false);
420 subscriptionServlet.doPost(request, response);
421 verify(response).setStatus(eq(HttpServletResponse.SC_ACCEPTED));
425 private JSONObject buildRequestJsonObject() {
426 JSONObject JSObject = new JSONObject();
427 JSObject.put("url", "https://stub_address");
428 JSObject.put("use100", "true");
429 JSObject.put("password", "stub_password");
430 JSObject.put("user", "stub_user");
434 private void setUpValidSecurityOnHttpRequest() throws Exception {
435 when(request.isSecure()).thenReturn(true);
436 Set<String> authAddressesAndNetworks = new HashSet<String>();
437 authAddressesAndNetworks.add(("127.0.0.1"));
438 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
439 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
442 private void setBehalfHeader(String headerValue) {
443 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
446 private void setValidPathInfoInHttpHeader() {
447 when(request.getPathInfo()).thenReturn("/1");
450 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
451 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
452 Authorizer authorizer = mock(Authorizer.class);
453 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
454 when(authorizer.decide(request)).thenReturn(authResponse);
455 when(authResponse.isAuthorized()).thenReturn(false);
458 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
459 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
460 Authorizer authorizer = mock(Authorizer.class);
461 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
462 when(authorizer.decide(request)).thenReturn(authResponse);
463 when(authResponse.isAuthorized()).thenReturn(true);
466 private void setPokerToNotCreateTimersWhenDeleteSubscriptionIsCalled() throws Exception {
467 Poker poker = mock(Poker.class);
468 FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
471 private void setupValidAuthorisedRequest() throws Exception {
472 setUpValidSecurityOnHttpRequest();
473 setBehalfHeader("Stub_Value");
474 setValidPathInfoInHttpHeader();
477 private void insertSubscriptionIntoDb() throws SQLException {
478 Subscription subscription = new Subscription("https://172.100.0.5", "user1", "password1");
479 subscription.setSubid(1);
480 subscription.setSubscriber("user1");
481 subscription.setFeedid(1);
482 SubDelivery subDelivery = new SubDelivery("https://172.100.0.5:8080", "user1", "password1", true);
483 subscription.setDelivery(subDelivery);
484 subscription.setGroupid(1);
485 subscription.setMetadataOnly(false);
486 subscription.setSuspended(false);
487 subscription.doInsert(db.getConnection());