--- /dev/null
+/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * *
+ ******************************************************************************/
+
+package org.onap.aaf.auth.service.mapper;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Matchers.isA;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.verifyZeroInteractions;
+import static org.onap.aaf.auth.layer.Result.ERR_BadData;
+import static org.onap.aaf.auth.layer.Result.ERR_General;
+
+import aaf.v2_0.Certs;
+import aaf.v2_0.Certs.Cert;
+import aaf.v2_0.History;
+import aaf.v2_0.History.Item;
+import aaf.v2_0.Users;
+import aaf.v2_0.Users.User;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.runners.MockitoJUnitRunner;
+import org.onap.aaf.auth.dao.cass.CertDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.HistoryDAO;
+import org.onap.aaf.auth.dao.cass.Namespace;
+import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.NsSplit;
+import org.onap.aaf.auth.dao.cass.NsType;
+import org.onap.aaf.auth.dao.cass.PermDAO;
+import org.onap.aaf.auth.dao.cass.PermDAO.Data;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.dao.hl.Question;
+import org.onap.aaf.auth.dao.hl.Question.Access;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Expiration;
+import org.onap.aaf.auth.rserv.Pair;
+import org.onap.aaf.auth.service.mapper.Mapper.API;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.TimeTaken;
+
+import aaf.v2_0.CredRequest;
+import aaf.v2_0.NsRequest;
+import aaf.v2_0.Nss;
+import aaf.v2_0.Nss.Ns;
+import aaf.v2_0.Perm;
+import aaf.v2_0.PermRequest;
+import aaf.v2_0.Perms;
+import aaf.v2_0.Pkey;
+import aaf.v2_0.Request;
+import aaf.v2_0.Role;
+import aaf.v2_0.RoleRequest;
+import aaf.v2_0.Roles;
+import aaf.v2_0.UserRole;
+import aaf.v2_0.UserRoleRequest;
+import aaf.v2_0.UserRoles;
+
+@RunWith(MockitoJUnitRunner.class)
+public class JU_Mapper_2_0 {
+ private static final String USER = "John";
+
+ private Mapper_2_0 mapper;
+ @Mock
+ private Question question;
+ @Mock
+ private AuthzTrans transaction;
+ @Mock
+ private TimeTaken tt;
+ @Mock
+ private Organization org;
+
+
+ @Before
+ public void setUp() throws APIException, IOException, CadiException {
+ given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt);
+ given(transaction.user()).willReturn(USER);
+ given(transaction.org()).willReturn(org);
+ this.mapper = new Mapper_2_0(question);
+ }
+
+ @Test(expected = ClassCastException.class)
+ public void ns_willThrowException_whenInvalidRequestType() {
+ //given
+ Request rq = new Request();
+
+ //when
+ mapper.ns(transaction, rq);
+
+ //then
+ fail("Expected ClassCastException");
+ }
+
+ @Test
+ public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() {
+ //given
+ String namespaceName = "org.companyA.app1";
+ String namespaceType = "APP";
+ NsType expectedNsType = NsType.APP;
+ NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, namespaceName);
+ verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
+ }
+
+ @Test
+ public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() {
+ //given
+ String namespaceName = "org.companyA.app1.service0";
+ String invalidNsType = "BLUE";
+ NsType expectedNsType = NsType.APP;
+ NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, namespaceName);
+ verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
+ }
+
+ @Test
+ public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() {
+ //given
+ String rootNsName = "org";
+ NsType expectedNsType = NsType.ROOT;
+ NsRequest nsRequest = createNsRequestForType(rootNsName, null);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, rootNsName);
+ verify(transaction).checkpoint(rootNsName,Env.ALWAYS);
+ }
+
+ @Test
+ public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() {
+ //given
+ String companyNsName = "org.companyA";
+ NsType expectedNsType = NsType.COMPANY;
+ NsRequest nsRequest = createNsRequestForType(companyNsName, null);
+
+ //when
+ Result<Namespace> result = mapper.ns(transaction,nsRequest);
+
+ //then
+ assertTrue(result.isOK());
+ assertNamespaceValues(result.value, expectedNsType, companyNsName);
+ verify(transaction).checkpoint(companyNsName,Env.ALWAYS);
+ }
+
+ private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) {
+ List<String> people = Lists.newArrayList("tk007@people.osaaf.org");
+ assertEquals(Integer.valueOf(nsType.type), value.type);
+ assertEquals(namespaceName, value.name);
+ assertEquals("some namespace description", value.description);
+ assertEquals(people, value.admin);
+ assertEquals(people, value.owner);
+ }
+
+ private NsRequest createNsRequestForType(String nsName, String nsType) {
+ NsRequest req = mapper.newInstance(API.NS_REQ);
+ req.setType(nsType);
+ req.setName(nsName);
+ req.setDescription("some namespace description");
+ req.getAdmin().add("tk007@people.osaaf.org");
+ req.getResponsible().add("tk007@people.osaaf.org");
+ return req;
+ }
+
+ @Test
+ public void nss_shouldConvertNamespaceToNss_withoutAttributes() {
+ //given
+ Nss nss = mapper.newInstance(API.NSS);
+ Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
+
+ //when
+ Result<Nss> result = mapper.nss(transaction, ns, nss);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Only one Ns should be added",1, result.value.getNs().size());
+ Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
+ assertEquals(ns.admin, addedNs.getAdmin());
+ assertEquals(ns.name, addedNs.getName());
+ assertEquals(ns.owner, addedNs.getResponsible());
+ assertEquals(ns.description, addedNs.getDescription());
+ assertTrue(addedNs.getAttrib().isEmpty());
+ }
+
+ @Test
+ public void nss_shouldConvertNamespaceToNss_withAttributes() {
+ //given
+ Nss nss = mapper.newInstance(API.NSS);
+ Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
+ ns.attrib = Lists.newArrayList();
+ int attribNum = 5;
+ Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5");
+ attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val)));
+
+ //when
+ Result<Nss> result = mapper.nss(transaction, ns, nss);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Only one Ns should be added",1, result.value.getNs().size());
+ Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
+ assertEquals(attribNum, addedNs.getAttrib().size());
+ addedNs.getAttrib().forEach( attr -> {
+ assertEquals(attr.getValue(), attribs.get(attr.getKey()));
+ });
+ }
+
+ @Test
+ public void nss_shouldAddSeveralNamespacesToNss() {
+ //given
+ Nss nss = mapper.newInstance(API.NSS);
+ Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value;
+ Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value;
+
+ //when
+ Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Two namespaces should be added",2, result.value.getNs().size());
+ }
+
+ @Test
+ public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.err(9, "error"));
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data());
+ boolean filter = true;
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("No perms added",0,result.value.getPerm().size());
+ }
+
+ @Test
+ public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(transaction.requested(REQD_TYPE.ns)).willReturn(true);
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer"
+ ,"org.onap.portal.tester");
+ String namespace = "org.onap.portal";
+ String type = "access";
+ String fullType = namespace + "." +type;
+ String action = "read";
+ String description = "Portal Read Access";
+ List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description));
+ boolean filter = true;
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Perm is added",1,result.value.getPerm().size());
+ Perm perm = Iterables.getOnlyElement(result.value.getPerm());
+ assertEquals(namespace, perm.getNs());
+ assertEquals(fullType, perm.getType());
+ assertEquals(action, perm.getAction());
+ assertEquals("*", perm.getInstance());
+ assertEquals(description, perm.getDescription());
+ assertEquals(Lists.newArrayList(roles), perm.getRoles());
+ }
+
+ @Test
+ public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(transaction.requested(REQD_TYPE.ns)).willReturn(false);
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ String namespace = "org.onap.portal";
+ String type = "access";
+ String fullType = namespace + "." + type;
+ String action = "read";
+ List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null));
+ boolean filter = true;
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Perm is added",1,result.value.getPerm().size());
+ Perm perm = Iterables.getOnlyElement(result.value.getPerm());
+ assertNull(perm.getNs());
+ assertEquals(fullType, perm.getType());
+ assertEquals(action, perm.getAction());
+ }
+
+ @Test
+ public void perm_shouldAddPermsWithCorrectSortedOrder() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ Perms permsContainer = mapper.newInstance(API.PERMS);
+ PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null);
+ PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null);
+ PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null);
+ PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null);
+ PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null);
+ List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2);
+ List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5);
+
+ //when
+ Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals("Alls Perms added",5,result.value.getPerm().size());
+ List<Perm> mappedPerms = result.value.getPerm();
+ for (int i=0; i<5; i++) {
+ comparePerm(correctOrderPerms.get(i), mappedPerms.get(i));
+ }
+ }
+
+ private void comparePerm(Data data, Perm perm) {
+ assertEquals(data.ns + "." + data.type, perm.getType());
+ assertEquals(data.instance, perm.getInstance());
+ assertEquals(data.action, perm.getAction());
+ }
+
+ private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) {
+ NsSplit nss = new NsSplit(ns, name);
+ PermDAO.Data perm = new PermDAO.Data(nss, instance, action);
+ perm.roles = roles;
+ perm.description = description;
+ return perm;
+ }
+
+ @Test
+ public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception {
+ //given
+ String roleName = "admin";
+ RoleRequest request = createRoleRequest(roleName, "role description");
+ given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException()));
+
+ //when
+ Result<RoleDAO.Data> result = mapper.role(transaction, request);
+
+ //then
+ assertFalse(result.isOK());
+ assertNull(result.value);
+ assertEquals(ERR_General, result.status);
+ }
+
+ @Test
+ public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception {
+ //given
+ String roleName = "admin";
+ String roleNs = "org.onap.roles";
+ String roleFullName = roleNs + "." + roleName;
+ String description =" role description";
+ RoleRequest request = createRoleRequest(roleFullName, description);
+ given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName)));
+
+ //when
+ Result<RoleDAO.Data> result = mapper.role(transaction, request);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(roleName, result.value.name);
+ assertEquals(roleNs, result.value.ns);
+ assertEquals(description, result.value.description);
+ verify(transaction).checkpoint(roleFullName, Env.ALWAYS);
+ }
+
+ private RoleRequest createRoleRequest(String name, String description) {
+ RoleRequest req = mapper.newInstance(API.ROLE_REQ);
+ req.setName(name);
+ req.setDescription(description);
+ return req;
+ }
+
+ @Test
+ public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() {
+ //given
+ Roles initialRoles = new Roles();
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(initialRoles.getRole(), result.value.getRole());
+ }
+
+ @Test
+ public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() {
+ //given
+ Roles initialRoles = new Roles();
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.err(9, "error"));
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(initialRoles.getRole(), result.value.getRole());
+ }
+
+ @Test
+ public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() {
+ test_roles_shouldAddRoles(false);
+ }
+
+ @Test
+ public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() {
+ test_roles_shouldAddRoles(true);
+ }
+
+ private void test_roles_shouldAddRoles(boolean namespaceRequested) {
+ //given
+ String namespace = "org.onap.app1";
+ String description = "role description";
+ Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer");
+ List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description))
+ .collect(Collectors.toList());
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested);
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(2, result.value.getRole().size());
+ result.value.getRole().stream().forEach( role -> {
+ assertTrue(role.getPerms().isEmpty());
+ if (namespaceRequested) {
+ assertEquals(namespace, role.getNs());
+ } else {
+ assertNull(role.getNs());
+ }
+ assertTrue(roleNames.contains(role.getName()));
+ assertEquals(description, role.getDescription());
+ });
+ }
+
+ @Test
+ public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
+ role.perms = Sets.newHashSet("invalidPermFormat");
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
+
+ //then
+ assertFalse(result.isOK());
+ assertEquals(ERR_BadData, result.status);
+ }
+
+ @Test
+ public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() {
+ //given
+ given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
+ .willReturn(Result.ok(new NsDAO.Data()));
+ given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class)));
+ RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
+ role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve");
+
+ //when
+ Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
+
+ //then
+ assertTrue(result.isOK());
+ Role mappedRole = Iterables.getOnlyElement(result.value.getRole());
+ Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms());
+ assertEquals("org.onap.app.access", pKey.getType());
+ assertEquals("*", pKey.getInstance());
+ assertEquals("read,approve", pKey.getAction());
+ }
+
+ private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) {
+ NsDAO.Data ns = new NsDAO.Data();
+ ns.name = namespace;
+ RoleDAO.Data role = RoleDAO.Data.create(ns, rolename);
+ role.description = desc;
+ return role;
+ }
+
+ @Test
+ public void userRoles_shouldMapUserRolesFromDAO() {
+ //given
+ String user = "john@people.osaaf.org";
+ String role = "admin";
+ String namespace = "org.osaaf.aaf";
+ int year = 2020;
+ int month = 10;
+ int day = 31;
+ Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based
+ UserRoles targetRoles = new UserRoles();
+
+ //when
+ Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList(
+ createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles);
+
+ //then
+ assertTrue(result.isOK());
+ UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole());
+ assertEquals(user, targetRole.getUser());
+ assertEquals(role, targetRole.getRole());
+ assertEquals(year, targetRole.getExpires().getYear());
+ assertEquals(month, targetRole.getExpires().getMonth());
+ assertEquals(day, targetRole.getExpires().getDay());
+ }
+
+ @Test
+ public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() {
+ //given
+ PermRequest wrongRequestType = new PermRequest();
+
+ //when
+ Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType);
+
+ //then
+ assertFalse(result.isOK());
+ assertEquals(ERR_BadData, result.status);
+ verifyZeroInteractions(transaction);
+ }
+
+ @Test
+ public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() {
+ //given
+ UserRoleRequest request = new UserRoleRequest();
+ given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException()));
+ Organization org = mock(Organization.class);
+ given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
+ given(transaction.org()).willReturn(org);
+
+ //when
+ Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request);
+
+ //then
+ assertTrue(result.isOK());
+ assertNull(result.value.ns);
+ assertNull(result.value.rname);
+ assertNull(result.value.role);
+ assertNull(result.value.user);
+ assertNotNull(result.value.expires);
+ }
+
+ @Test
+ public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() {
+ //given
+ String user = "johny@people.osaaf.org";
+ String role = "org.onap.app1.deployer";
+ String rName = "deployer";
+ String namespace = "org.onap.app1";
+
+ given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName)));
+ Organization org = mock(Organization.class);
+ given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
+ given(transaction.org()).willReturn(org);
+
+ //when
+ Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user));
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(user, result.value.user);
+ assertEquals(role, result.value.role);
+ assertEquals(rName, result.value.rname);
+ assertEquals(namespace, result.value.ns);
+ assertNotNull(result.value.expires);
+ }
+
+ private UserRoleRequest createUserRoleRequest(String role, String user) {
+ UserRoleRequest request = new UserRoleRequest();
+ request.setRole(role);
+ request.setUser(user);
+ return request;
+ }
+
+ private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) {
+ UserRoleDAO.Data userRole = new UserRoleDAO.Data();
+ userRole.user = userName;
+ userRole.expires = expires;
+ userRole.ns = namespace;
+ userRole.role = roleName;
+ return userRole;
+ }
+
+ @Test
+ public void cred_shouldReturnError_whenGivenPasswordDoesNotFulfillPolicy() {
+ //given
+ String id = "aaf@aaf.osaaf.org";
+ String password = "invalid";
+ given(org.isValidPassword(transaction, id, password)).willReturn("Password does not match org.osaaf Password Standards");
+
+ //when
+ Result<CredDAO.Data> result = mapper.cred(transaction, createCredRequest(id, password), true);
+
+ //then
+ assertFalse(result.isOK());
+ assertEquals(ERR_BadData, result.status);
+ }
+
+ @Test
+ public void cred_shouldNotCheckPassword_andSetProperType_whenPasswordNotRequired() {
+ //given
+ String id = "aaf@aaf.osaaf.org";
+ GregorianCalendar expiration = new GregorianCalendar();
+ given(org.expiration(isA(GregorianCalendar.class), eq(Expiration.Password), eq(id))).willReturn(expiration);
+
+ //when
+ Result<CredDAO.Data> result = mapper.cred(transaction, createCredRequest(id, null), false);
+
+ //then
+ assertTrue(result.isOK());
+ verify(org, never()).isValidPassword(eq(transaction), eq(id), any());
+ assertEquals(Integer.valueOf(0), result.value.type);
+ assertNotNull(result.value.expires);
+ }
+
+ @Test
+ public void cred_shouldSetProperValues_whenPasswordRequired() {
+ //given
+ String ns = "org.osaaf.aaf";
+ String id = "aaf@aaf.osaaf.org";
+ String password = "SomeValidPassword123!";
+ GregorianCalendar expiration = new GregorianCalendar();
+ given(org.expiration(isA(GregorianCalendar.class), eq(Expiration.Password), eq(id))).willReturn(expiration);
+ given(org.isValidPassword(transaction, id, password)).willReturn("");
+
+ //when
+ Result<CredDAO.Data> result = mapper.cred(transaction, createCredRequest(id, password), true);
+
+ //then
+ assertTrue(result.isOK());
+ assertNotNull(result.value.cred);
+ assertEquals(id, result.value.id);
+ assertEquals(ns, result.value.ns);
+ assertEquals(Integer.valueOf(CredDAO.RAW), result.value.type);
+ assertNotNull(result.value.expires);
+ }
+
+ private CredRequest createCredRequest(String id, String password) {
+ CredRequest credRequest = new CredRequest();
+ credRequest.setId(id);
+ credRequest.setPassword(password);
+ return credRequest;
+ }
+
+ @Test
+ public void cred_shouldConvertCredDAOtoUser_andAddItToInitialObject() {
+ //given
+ String id = "aaf@aaf.osaaf.org";
+ Integer type = 1;
+ Date expiration = Calendar.getInstance().getTime();
+ Users to = new Users();
+
+ //when
+ Result<Users> result = mapper.cred(Lists.newArrayList(createCredData(id, type, expiration)), to);
+
+ //then
+ assertTrue(result.isOK());
+ User user = Iterables.getOnlyElement(result.value.getUser());
+ assertEquals(id, user.getId());
+ assertNotNull(user.getExpires());
+ assertEquals(type, user.getType());
+ }
+
+ @Test
+ public void cred_shouldLeaveInitialUsers_whenAddingConvertedObject() {
+ //given
+ String id = "aaf@aaf.osaaf.org";
+ Integer type = 0;
+ Date expiration = Calendar.getInstance().getTime();
+ Users to = new Users();
+ to.getUser().add(new User());
+ assertEquals(1, to.getUser().size());
+
+ //when
+ Result<Users> result = mapper.cred(Lists.newArrayList(createCredData(id, type, expiration)), to);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(2,result.value.getUser().size());
+ }
+
+ private CredDAO.Data createCredData(String id, int type, Date expires) {
+ CredDAO.Data credDao = new CredDAO.Data();
+ credDao.id = id;
+ credDao.type = type;
+ credDao.expires = expires;
+ return credDao;
+ }
+
+ @Test
+ public void cert_shouldConvertCertDAOtoUser_andAddItToInitialObject() {
+ //given
+ String x500 = provideTestCertificate();
+ String id = "aaf@aaf.osaaf.org";
+ BigInteger serial = new BigInteger("123456789987654321123456789987654321");
+ Certs to = new Certs();
+
+ //when
+ Result<Certs> result = mapper.cert(Lists.newArrayList(createCertData(id, x500, serial)), to);
+
+ //then
+ assertTrue(result.isOK());
+ Cert cert = Iterables.getOnlyElement(result.value.getCert());
+ assertEquals(id, cert.getId());
+ assertEquals(x500, cert.getX500());
+ assertNotNull(cert.getFingerprint());
+ }
+
+ @Test
+ public void cert_shouldLeaveInitialCerts_whenAddingConvertedObject() {
+ //given
+ Certs to = new Certs();
+ Cert initial = new Cert();
+ to.getCert().add(initial);
+ CertDAO.Data certDao = new CertDAO.Data();
+ certDao.serial = new BigInteger("123456789");
+ assertEquals(1, to.getCert().size());
+
+ //when
+ Result<Certs> result = mapper.cert(Lists.newArrayList(certDao), to);
+
+ //then
+ assertTrue(result.isOK());
+ assertEquals(2,result.value.getCert().size());
+ assertTrue(result.value.getCert().contains(initial));
+ }
+
+ private CertDAO.Data createCertData(String id, String x500, BigInteger serial) {
+ CertDAO.Data certDao = new CertDAO.Data();
+ certDao.x500 = x500;
+ certDao.id = id;
+ certDao.serial= serial;
+ return certDao;
+ }
+
+ private String provideTestCertificate() {
+ StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
+ return sb.append("MIIEdTCCAl2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB\n")
+ .append("RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNzAyMTEyNjMwWhcN\n")
+ .append("MjMwNzAyMTEyNjMwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG\n")
+ .append("A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzcwggEiMA0GCSqG\n")
+ .append("SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQAcZtvJ5j4wqaZHqU/NkG0CjflDRD3x9Y\n")
+ .append("4a+C63dxuTyWZ6EtQanoM9l6vwb6Gj4SOHeBfOaQbxwiJfX3WP9+SWV/Rciei0EY\n")
+ .append("w9C0ZOsDA8VVA5S4TK4OLXCLDSeTeMN8wrlydnwG5u/14m22yNTNxPX90bijc6WH\n")
+ .append("zo7+z+3WarveN0CBYcDQkKkyR8rKafkCWlq+GzqLYQh0K4atnuyIZQ7kr9Od48vT\n")
+ .append("KyVJzkyMS6HeH++3Ty0JmPREgzOUjUAoYvR2kI02LedFndr5ZdiBQGAXnLQsVuG6\n")
+ .append("mJHfsRjQ+zTZ2Q5Xs++Bc/clSNlWz7Kqqcxto2bp8YOWC3RaXzfNAgMBAAGjgYYw\n")
+ .append("gYMwHQYDVR0OBBYEFA8QFOfTZ/fEqwtuM4hlNYpwk0OTMB8GA1UdIwQYMBaAFFNV\n")
+ .append("M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/\n")
+ .append("BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B\n")
+ .append("AQsFAAOCAgEAsUvLinLLby1D+F+UKv/7jCqqrUYxlpNsdBm1dD8M3mIIpsjoTrlU\n")
+ .append("2yywL9EPp4BhCN7rI0YbPX+DWu2RnxtbsEKdhutEvbTE2Sfg6a1+9dH7txdaGp3F\n")
+ .append("qapojPqdZ7pjgtIhHVgepGJc08efsxSW6+Gv5easQXhn7XyaZf1MfZUobAPnEcaY\n")
+ .append("p5cOee2gjMy6usB8AiKzVXrmGn6MAQQ9w6u8XKnvIoivQW3PLlKTMbLFVB7B4YH8\n")
+ .append("90HQJnhnLJ9T5U+Gy1Mb5GpVKnI0ZIKURA9b/x8bVFixT83xugstbeVdxgS97Fcz\n")
+ .append("9wOjG6d6YhrwnE/kz8aiXWs8KsTsrgk//kv3AqL4ykpvn545WJUj7EhuAK+Kmh1B\n")
+ .append("LCC0wyny2RBZYVP92AMdLqgU7HEng2ZWsCGdf/QLKpXsawsR/0oM2uAT2KeDiSy4\n")
+ .append("0WTfe3qirhJ9AKtfkj1NukymIcpx9Ld1kb3rapfT63LJ5kGkQpztuYoEa1FCsQwU\n")
+ .append("z/UeknC00mqnH5X4ooGRMMkRyPp68+iWmTNlUaVfU2NUNwZiIsD9CbytR5y9rt2r\n")
+ .append("XJM2BkKy5QEEvmr4GGfbGAYYOfdVpUXB/VBUYNf5uwENqhQB6q7OmiU39Vb/37Zf\n")
+ .append("EWK8mju11Om2l1a4xYw6HH/SPIqqIDtS28XccDTMMiOVoR2HUAZMNdw=\n")
+ .append("-----END CERTIFICATE-----").toString();
+ }
+
+ @Test
+ public void history_shouldConvertHistoryDAOdataToHistory() {
+ //given
+ UUID uuid = UUID.fromString("c81d4e2e-bcf2-11e6-869b-7df92533d2db");
+ String user = "aaf";
+ String subject = "cred";
+ String action = "remove";
+ String target = "john";
+ String memo ="n/a";
+ int yr_mon = 201809;
+ HistoryDAO.Data input = createHistoryData(uuid, user, subject, action, target, memo, yr_mon);
+
+ //when
+ Result<History> result = mapper.history(transaction, Lists.newArrayList(input), 0);
+
+ //then
+ assertTrue(result.isOK());
+ Item historyItem = Iterables.getOnlyElement(result.value.getItem());
+ assertEquals(user, historyItem.getUser());
+ assertEquals(subject, historyItem.getSubject());
+ assertEquals(action, historyItem.getAction());
+ assertEquals(target, historyItem.getTarget());
+ assertEquals(memo, historyItem.getMemo());
+ assertEquals(Integer.toString(yr_mon), historyItem.getYYYYMM());
+ assertNotNull(historyItem.getTimestamp());
+ }
+
+ @Test
+ public void history_shouldReturnUnsortedData_whenNoSortingRequired() {
+ //given
+ int noSorting = 0;
+ UUID firstUuid = UUID.fromString("c81d4e2e-bcf2-11e6-869b-7df92533d2db");
+ UUID secondUuid = UUID.fromString("c81eadbf-bcf2-11e6-869b-7df92533d2db");
+ String firstUser = "first";
+ String secondUser = "second";
+ HistoryDAO.Data firstItem = createMinimalHistoryData(firstUuid, firstUser);
+ HistoryDAO.Data secondItem = createMinimalHistoryData(secondUuid, secondUser);
+
+ //when
+ Result<History> result = mapper.history(transaction, Lists.newArrayList(secondItem, firstItem), noSorting);
+
+ //then
+ assertTrue(result.isOK());
+ List<Item> historyItems = result.value.getItem();
+ assertEquals(2, historyItems.size());
+ assertEquals(secondUser, historyItems.get(0).getUser());
+ assertEquals(firstUser, historyItems.get(1).getUser());
+ }
+
+ @Test
+ public void history_shouldReturnSortedData_whenSortingIsRequired() {
+ //given
+ int withSorting = 1;
+ UUID firstUuid = UUID.fromString("c81d4e2e-bcf2-11e6-869b-7df92533d2db");
+ UUID secondUuid = UUID.fromString("c81eadbf-bcf2-11e6-869b-7df92533d2db");
+ String firstUser = "first";
+ String secondUser = "second";
+ HistoryDAO.Data firstItem = createMinimalHistoryData(firstUuid, firstUser);
+ HistoryDAO.Data secondItem = createMinimalHistoryData(secondUuid, secondUser);
+
+ //when
+ Result<History> result = mapper.history(transaction, Lists.newArrayList(secondItem, firstItem), withSorting);
+
+ //then
+ assertTrue(result.isOK());
+ List<Item> historyItems = result.value.getItem();
+ assertEquals(2, historyItems.size());
+ assertEquals(firstUser, historyItems.get(0).getUser());
+ assertEquals(secondUser, historyItems.get(1).getUser());
+ }
+
+ private HistoryDAO.Data createHistoryData(UUID id, String user, String subject, String action, String target,
+ String memo, int yr_mon) {
+ HistoryDAO.Data historyDao = createMinimalHistoryData(id, user);
+ historyDao.subject = subject;
+ historyDao.action = action;
+ historyDao.target = target;
+ historyDao.memo = memo;
+ historyDao.yr_mon = yr_mon;
+ return historyDao;
+ }
+
+ private HistoryDAO.Data createMinimalHistoryData(UUID uuid, String user) {
+ HistoryDAO.Data historyDao = new HistoryDAO.Data();
+ historyDao.id = uuid;
+ historyDao.user = user;
+ return historyDao;
+ }
+
+
+ //Why so? Is there any particular reason for removing guava dependency from the code, and even from the tests?
+ /**
+ * Need to do without Google stuff
+ * @author Instrumental
+ *
+ */
+ public static class ImmutableMap {
+ public static <T,U> Map<T,U> of(Object ... tag_value) {
+ Map<T,U> rv = new HashMap<>();
+ for(int i=0;i<tag_value.length-1;i+=2) {
+ rv.put((T)tag_value[i],(U)tag_value[i+1]);
+ }
+ return rv;
+ }
+
+ }
+
+ /**
+ * Need to do without Google stuff
+ * @author Instrumental
+ *
+ */
+ public static class Iterables {
+ public static <T> T getOnlyElement(List<T> lt) {
+ if(lt.isEmpty()) {
+ return null;
+ } else {
+ return lt.get(0);
+ }
+ }
+ }
+
+ /**
+ * Need to do without Google stuff
+ * @author Instrumental
+ *
+ */
+ public static class Lists {
+ @SuppressWarnings("unchecked")
+ public static <T> List<T> newArrayList(Collection<T> ... init ) {
+ List<T> rv = new ArrayList<>();
+ for(Collection<T> o : init) {
+ for(T t : o) {
+ rv.add(t);
+ }
+ }
+ return rv;
+ }
+
+ @SuppressWarnings("unchecked")
+ public static <T> List<T> newArrayList(Object ... init ) {
+ List<T> rv = new ArrayList<>();
+ for(Object o : init) {
+ rv.add((T)o);
+ }
+ return rv;
+ }
+
+ }
+
+ /**
+ * Need to do without Google stuff
+ * @author Instrumental
+ *
+ */
+ public static class Sets {
+ @SuppressWarnings("unchecked")
+ public static <T> Set<T> newHashSet(Object ... init ) {
+ Set<T> rv = new HashSet<>();
+ for(Object o : init) {
+ rv.add((T)o);
+ }
+ return rv;
+ }
+ }
+}
Code Review / aaf / authz.git / blobdiff