2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.util;
23 import static org.junit.Assert.assertFalse;
24 import static org.junit.Assert.assertTrue;
25 import static org.mockito.Mockito.verify;
26 import static org.mockito.Mockito.when;
28 import java.io.IOException;
29 import javax.security.cert.X509Certificate;
30 import javax.servlet.FilterChain;
31 import javax.servlet.ServletException;
32 import org.apache.commons.codec.binary.Base64;
33 import org.junit.Before;
34 import org.junit.Test;
35 import org.junit.runner.RunWith;
36 import org.mockito.Mock;
37 import org.mockito.Spy;
38 import org.mockito.runners.MockitoJUnitRunner;
39 import org.springframework.mock.web.MockHttpServletRequest;
40 import org.springframework.mock.web.MockHttpServletResponse;
43 @RunWith(MockitoJUnitRunner.class)
44 public class DMaaPAuthFilterTest {
47 private DMaaPAuthFilter filter;
49 private MockHttpServletRequest request;
51 private MockHttpServletResponse response;
54 private FilterChain chain;
57 public void setUp() throws Exception {
58 request = new MockHttpServletRequest();
59 response = new MockHttpServletResponse();
63 public void doFilter_shouldNotUseCadiFilter_whenCadiNotEnabled() throws IOException, ServletException {
65 when(filter.isCadiEnabled()).thenReturn(false);
68 filter.doFilter(request, response, chain);
71 verify(chain).doFilter(request, response);
75 public void shouldFilterWithCADI_willBeFalse_whenCadiEnabled_noAuthData_affNotForced_notInvenioApp() {
77 configureSettingsFlags(false);
80 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
83 assertFalse(filteringWithCADI);
87 public void shouldFilterWithCADI_willBeTrue_whenCadiEnabled_andAAFforcedFlagSet() {
89 configureSettingsFlags(true);
92 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
95 assertTrue(filteringWithCADI);
99 public void shouldFilterWithCADI_willBeTrue_whenCadiEnabled_andBasicAuthorization() {
101 configureSettingsFlags(false);
102 request.addHeader(DMaaPAuthFilter.AUTH_HEADER, Base64.encodeBase64("user/pass".getBytes()));
105 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
108 assertTrue(filteringWithCADI);
112 public void shouldFilterWithCADI_willBeTrue_whenCadiEnabled_andClientCertificate() {
114 configureSettingsFlags(false);
115 request.setAttribute(DMaaPAuthFilter.X509_ATTR, new X509Certificate[]{});
118 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
121 assertTrue(filteringWithCADI);
125 public void shouldFilterWithCADI_willBeTrue_whenCadiEnabled_andInvenioAppWithCookie() {
127 configureSettingsFlags(false);
128 request.addHeader(DMaaPAuthFilter.APP_HEADER, "invenio");
129 request.addHeader(DMaaPAuthFilter.COOKIE_HEADER, "value");
132 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
135 assertTrue(filteringWithCADI);
139 public void shouldFilterWithCADI_willBeFalse_whenCadiEnabled_andInvenioAppWithoutCookie() {
141 configureSettingsFlags(false);
142 request.addHeader(DMaaPAuthFilter.APP_HEADER, "invenio");
145 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
148 assertFalse(filteringWithCADI);
152 public void shouldFilterWithCADI_willBeFalse_whenCadiEnabled_andNotInvenioApp() {
154 configureSettingsFlags(false);
155 request.addHeader(DMaaPAuthFilter.APP_HEADER, "application");
158 boolean filteringWithCADI = filter.shouldFilterWithCADI(request);
161 assertFalse(filteringWithCADI);
164 private void configureSettingsFlags(boolean isAAFforced) {
165 when(filter.isCadiEnabled()).thenReturn(true);
166 when(filter.isAAFforced()).thenReturn(isAAFforced);