/*-
* ============LICENSE_START=======================================================
* ECOMP-PDP
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.openecomp.policy.pdp.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.NamespaceContext;
import org.junit.Ignore;
import org.junit.Test;
import com.att.research.xacml.api.Request;
import com.att.research.xacml.api.XACML3;
import com.att.research.xacml.std.StdMutableRequest;
import com.att.research.xacml.std.datatypes.DataTypes;
import com.att.research.xacml.std.dom.DOMRequest;
import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
import com.att.research.xacmlatt.pdp.policy.FunctionArgumentAttributeValue;
import com.att.research.xacmlatt.pdp.std.StdEvaluationContext;
import com.att.research.xacmlatt.pdp.std.StdFunctions;
import com.att.research.xacmlatt.pdp.std.functions.*;
/**
* Test of PDP Functions (See XACML core spec section A.3)
*
* TO RUN - use jUnit
* In Eclipse select this file or the enclosing directory, right-click and select Run As/JUnit Test
*
* NOT IMPLEMENTED!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* This function is not yet implemented so these tests intentionally fail.
*
*
*/
public class FunctionDefinitionAccessPermittedTest {
//
// Strings for the Request contents
//
String reqStrMainStart = ""
+ ""
+ " "
+ " "
+ " Julius Hibbert"
+ " "
+ " "
+ " This is IT! "
+ " "
+ " "
+ " This is IT! "
+ " "
+ "";
String reqStrResourceStart = "";
String reqStrMdRecordSimpson =
"" +
"" +
"ABC Hospital" +
"Surgery" +
"" +
"" +
"Bart Simpson" +
"60" +
"male" +
"123456" +
"" +
"" +
"" +
"Gastric Cancer" +
"Hyper tension" +
"" +
"" +
"" +
"Well differentiated adeno carcinoma" +
"" +
"2000-10-05" +
"" +
"" +
"" +
" ";
String reqStrContentMdRecordSimpson = "" + reqStrMdRecordSimpson + "";
String reqStrMalformedContent =
" " +
"" +
"" +
"ABC Hospital" +
"" +
"";
String reqStrMdRecordSpringer =
"" +
"" +
"XYZ Hospital" +
"Surgery" +
"" +
"" +
"Jerry Springer" +
"65" +
"male" +
"765432" +
"" +
"" +
"" +
"Hyatal Hernia" +
"Diabetes" +
"Neuronal Collapse" +
"" +
"" +
"" +
"We have no idea" +
"" +
"2012-07-22" +
"" +
"" +
"" +
" ";
String reqStrContentMdRecordSpringer =
"" + reqStrMdRecordSpringer + "";
String reqStrResourceEnd = " "
+ " http://medico.com/record/patient/BartSimpson"
+ " "
+ " ";
String reqStrActionStart = "";
String reqStrActionEnd = ""
+ "read"
+ ""
+ " ";
String reqStrEnvironmentStartEnd = " ";
String reqStrMainEnd = " ";
// combined strings for convenience
String reqStrMainResourceStart = reqStrMainStart + reqStrResourceStart;
String reqStrResourceAllEnd = reqStrResourceEnd + reqStrActionStart + reqStrActionEnd + reqStrEnvironmentStartEnd + reqStrMainEnd;
/*
* variables useful in the following tests
*/
List arguments = new ArrayList();
// Name Spaces used in the XML as part of these examples - needed for compiling XPaths
NamespaceContext nameSpaceContext = new NamespaceContext() {
@Override
public Iterator> getPrefixes(String arg0) { return null;}
@Override
public String getPrefix(String arg0) {return null;}
@Override
public String getNamespaceURI(String arg0) {
if("md".equals(arg0)) {
return "http://www.medico.com/schemas/record";
} else if ("xacml-context".equals(arg0)) {
return "urn:oasis:names:tc:xacml:3.0:context:schema:os";
} else if ("xsi".equals(arg0)) {
return "http://www.w3.org/2001/XMLSchema-instance";
}
return null;
}
};
//
// URIs for attribute categroies
//
FunctionArgumentAttributeValue attrUriNull = null;
FunctionArgumentAttributeValue attrUriEmpty = null;
FunctionArgumentAttributeValue attrUriResources = null;
FunctionArgumentAttributeValue attrUriAction = null;
FunctionArgumentAttributeValue attrUriNotInRequest = null;
FunctionArgumentAttributeValue attrUriNotCategory = null;
//
// XML Contents
//
FunctionArgumentAttributeValue attrXnull = null;
FunctionArgumentAttributeValue attrXEmpty = null;
FunctionArgumentAttributeValue attrXSimpson = null;
FunctionArgumentAttributeValue attrXSpringer = null;
FunctionArgumentAttributeValue attrXContentSimpson = null;
FunctionArgumentAttributeValue attrXContentSpringer = null;
FunctionArgumentAttributeValue attrXBadXML = null;
//
// REQUEST objects available for use in tests
//
Request requestEmpty = new StdMutableRequest();
Request requestMdRecord = null;
Request requestDoubleResources = null;
Request requestDoubleContent = null;
Request requestResourceActionContent = null;
Request requestContentInAction = null;
/**
* Set up all variables in one place because it is complicated (lots of steps needed for each attribute)
*/
public FunctionDefinitionAccessPermittedTest() {
try {
// create Function Attributes for URIs
attrUriNull = null;
attrUriEmpty = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue(""));
attrUriResources = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue("urn:oasis:names:tc:xacml:3.0:attribute-category:resource"));
attrUriAction = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue("urn:oasis:names:tc:xacml:3.0:attribute-category:action"));
attrUriNotInRequest = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue("NoSuchURI"));
attrUriNotCategory = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue("urn:oasis:names:tc:xacml:1.0:resource:resource-id"));
// create Function Attributes for XML Strings
attrXnull = new FunctionArgumentAttributeValue(null);
attrXEmpty = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(""));
attrXSimpson = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(reqStrMdRecordSimpson));
attrXSpringer = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(reqStrMdRecordSpringer));
attrXContentSimpson = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(reqStrContentMdRecordSimpson));
attrXContentSpringer = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(reqStrContentMdRecordSpringer));
attrXBadXML = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(reqStrMalformedContent));
// Request objects
// to create a Request object the easiest way is to put the xml into a file and use the DOMRequest to load it.
// single Content in the Resources section (normal valid request)
String reqString = reqStrMainResourceStart + reqStrContentMdRecordSimpson + reqStrResourceAllEnd;
File tFile = File.createTempFile("functionJunit", "request");
BufferedWriter bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
requestMdRecord = DOMRequest.load(tFile);
tFile.delete();
// Resources included twice
reqString = reqStrMainResourceStart + reqStrContentMdRecordSimpson + reqStrResourceEnd + reqStrResourceStart + reqStrContentMdRecordSimpson +reqStrResourceAllEnd;
tFile = File.createTempFile("functionJunit", "request");
bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
requestDoubleResources = DOMRequest.load(tFile);
tFile.delete();
// Content included twice - error
reqString = reqStrMainResourceStart + reqStrContentMdRecordSimpson + reqStrContentMdRecordSimpson +reqStrResourceAllEnd;
tFile = File.createTempFile("functionJunit", "request");
bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
try {
requestDoubleContent = DOMRequest.load(tFile);
tFile.delete();
} catch (com.att.research.xacml.std.dom.DOMStructureException e) {
// this is what it should do, so just continue
} catch (Exception e) {
fail("Unexpected exception for bad XML, e="+e);
}
// content included in both Resource and Action - ok
reqString = reqStrMainResourceStart + reqStrContentMdRecordSimpson + reqStrResourceEnd + reqStrActionStart + reqStrContentMdRecordSimpson + reqStrActionEnd + reqStrMainEnd;
tFile = File.createTempFile("functionJunit", "request");
bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
requestResourceActionContent = DOMRequest.load(tFile);
tFile.delete();
// Content included only in Action - missing content produces non-error result according to spec
reqString = reqStrMainResourceStart + reqStrResourceEnd + reqStrActionStart + reqStrContentMdRecordSimpson + reqStrActionEnd + reqStrMainEnd;
tFile = File.createTempFile("functionJunit", "request");
bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
requestContentInAction = DOMRequest.load(tFile);
tFile.delete();
// Test that Bad XML is caught
@SuppressWarnings("unused")
Request requestContentMisplaced = null;
@SuppressWarnings("unused")
Request requestMalformedContent = null;
// Bad XML - Content not under a Category
reqString = reqStrMainStart + reqStrContentMdRecordSimpson + reqStrResourceStart + reqStrResourceEnd + reqStrActionStart + reqStrActionEnd + reqStrMainEnd;
tFile = File.createTempFile("functionJunit", "request");
bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
try {
requestContentMisplaced = DOMRequest.load(tFile);
tFile.delete();
} catch (com.att.research.xacml.std.dom.DOMStructureException e) {
// this is what it should do, so just continue
} catch (Exception e) {
fail("Unexpected exception for bad XML, e="+e);
}
// Bad XML - Content is not valid XML
reqString = reqStrMainResourceStart + reqStrMalformedContent + reqStrResourceAllEnd;
tFile = File.createTempFile("functionJunit", "request");
bw = new BufferedWriter(new FileWriter(tFile));
bw.append(reqString);
bw.flush();
bw.close();
try {
requestMalformedContent = DOMRequest.load(tFile);
tFile.delete();
} catch (com.att.research.xacml.std.dom.DOMStructureException e) {
// this is what it should do, so just continue
} catch (Exception e) {
fail("Unexpected exception for bad XML, e="+e);
}
} catch (Exception e) {
fail("Constructor initializing variables, e="+ e + " cause="+e.getCause());
}
}
@Ignore //@Test
public void testAccess_permitted() {
ExpressionResult res = null;
Boolean resValue = null;
FunctionDefinitionAccessPermitted fd = (FunctionDefinitionAccessPermitted) StdFunctions.FD_ACCESS_PERMITTED;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_ACCESS_PERMITTED, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// successful invoke returns true
arguments.clear();
arguments.add(attrUriResources);
arguments.add(attrXEmpty);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertTrue(res.isOk());
resValue = (Boolean)res.getValue().getValue();
assertTrue(resValue);
// successful invoke returns false
// URI not in Request (ok - evaluate anyway)
// test for infinite loop
// second arg ok both with and without tag
arguments.clear();
arguments.add(attrUriResources);
arguments.add(attrXContentSpringer);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertTrue(res.isOk());
resValue = (Boolean)res.getValue().getValue();
assertTrue(resValue);
arguments.clear();
arguments.add(attrUriResources);
arguments.add(attrXSpringer);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertTrue(res.isOk());
resValue = (Boolean)res.getValue().getValue();
assertTrue(resValue);
// second arg not valid XML
arguments.clear();
arguments.add(attrUriResources);
arguments.add(attrXBadXML);
res = fd.evaluate(null, arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Parsing of XML string failed. Cause='The element type \"md:hospital_info\" must be terminated by the matching end-tag \"\".'", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:syntax-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// null Evaluation Context
arguments.clear();
arguments.add(attrUriNotCategory);
arguments.add(attrXContentSimpson);
res = fd.evaluate(null, arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted First argument must be a urn for an attribute-category, not 'urn:oasis:names:tc:xacml:1.0:resource:resource-id", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:syntax-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// null Request
arguments.clear();
arguments.add(attrUriAction);
arguments.add(attrXContentSimpson);
res = fd.evaluate(new StdEvaluationContext(null, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Got null Request in EvaluationContext", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// first arg not uri
arguments.clear();
arguments.add(attrUriNotCategory);
arguments.add(attrXContentSimpson);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted First argument must be a urn for an attribute-category, not 'urn:oasis:names:tc:xacml:1.0:resource:resource-id", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:syntax-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// first arg not attribute-category urn
arguments.clear();
arguments.add(attrXContentSimpson);
arguments.add(attrXContentSimpson);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Expected data type 'anyURI' saw 'string'", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// second arg not string
arguments.clear();
arguments.add(attrUriAction);
arguments.add(attrUriAction);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Expected data type 'string' saw 'anyURI'", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// too few args
arguments.clear();
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Expected 2 arguments, got 0", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
arguments.clear();
arguments.add(attrXContentSimpson);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Expected 2 arguments, got 1", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
// too many args
arguments.clear();
arguments.add(attrUriEmpty);
arguments.add(attrXContentSimpson);
arguments.add(attrXContentSimpson);
res = fd.evaluate(new StdEvaluationContext(requestMdRecord, null, null), arguments);
assertFalse(res.getStatus().isOk());
assertEquals( "function:access-permitted Expected 2 arguments, got 3", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
}
}