* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*******************************************************************************/
package org.onap.dmaap.commonauth.kafka.base.authorization;
+import java.io.IOException;
+
public interface AuthorizationProvider {
- public boolean hasPermission(String userId, String permission, String instance, String action);
+ boolean hasPermission(String userId, String permission, String instance, String action);
- public String getId();
+ String getId();
- public String authenticate(String userId, String password) throws Exception;
+ String authenticate(String userId, String password) throws IOException;
}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import java.util.HashMap;
import java.util.Map;
import java.util.ServiceLoader;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-public class AuthorizationProviderFactory<K, V> {
- private static final Map<String, AuthorizationProvider> AUTHORIZATION_PROVIDER_MAP = new HashMap<String, AuthorizationProvider>();
+public class AuthorizationProviderFactory {
+ private static final Logger logger = LoggerFactory.getLogger(AuthorizationProviderFactory.class);
+ private static final Map<String, AuthorizationProvider> AUTHORIZATION_PROVIDER_MAP = new HashMap<>();
private static final AuthorizationProviderFactory AUTHORIZATION_PROVIDER_FACTORY = new AuthorizationProviderFactory();
private AuthorizationProviderFactory() {
}
} catch (Exception ee) {
- System.out.println(ee);
+ logger.error(ee.getMessage(), ee);
System.exit(0);
}
}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import java.io.IOException;
import java.util.Map;
import java.util.Properties;
-
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;
import org.onap.aaf.cadi.principal.UnAuthPrincipal;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class Cadi3AAFProvider implements AuthorizationProvider {
private static AAFAuthn<?> aafAuthn;
private static AbsAAFLur<AAFPermission> aafLur;
private static boolean enableCadi = false;
+ private static final String ENABLE_CADI = "enableCadi";
private static final Logger logger = LoggerFactory.getLogger(Cadi3AAFProvider.class);
static {
- if (System.getProperty("enableCadi") != null) {
- if (System.getProperty("enableCadi").equals("true")) {
+ if (System.getProperty(ENABLE_CADI) != null) {
+ if (System.getProperty(ENABLE_CADI).equals("true")) {
enableCadi = true;
}
}
else{
- if (System.getenv("enableCadi") != null && System.getenv("enableCadi").equals("true")) {
+ if (System.getenv(ENABLE_CADI) != null && System.getenv(ENABLE_CADI).equals("true")) {
enableCadi = true;
}
}
apiKey = "apiKey";
} else {
- for (int i = 0; i < entries.length; i++) {
- AppConfigurationEntry entry = entries[i];
+ for (AppConfigurationEntry entry : entries) {
Map<String, ?> optionsMap = entry.getOptions();
kafkaUsername = (String) optionsMap.get("username");
apiKey = (String) optionsMap.get("password");
}
}
} catch (Exception e) {
- logger.error("CRITICAL ERROR: JAAS configuration incorrectly set: " + e.getMessage());
+ logger.error("CRITICAL ERROR: JAAS configuration incorrectly set: {}", e.getMessage());
}
}
return enableCadi;
}
- public static AAFAuthn<?> getAafAuthn() throws CadiException {
- if (aafAuthn == null) {
- throw new CadiException("Cadi is uninitialized in Cadi3AAFProvider.getAafAuthn()");
- }
- return aafAuthn;
- }
-
public Cadi3AAFProvider() {
setup();
}
if (access == null) {
Properties props = new Properties();
- FileInputStream fis = null;
+ FileInputStream fis;
try {
if (System.getProperty("CADI_PROPERTIES") != null) {
fis = new FileInputStream(System.getProperty("CADI_PROPERTIES"));
public boolean hasPermission(String userId, String permission, String instance, String action) {
boolean hasPermission = false;
try {
- logger.info("^ Event at hasPermission to validate userid " + userId + " with " + permission + " " + instance
- + " " + action);
+ logger.info("^ Event at hasPermission to validate userid {} with {} {} {}", userId, permission, instance, action);
// AAF Style permissions are in the form
// Resource Name, Resource Type, Action
if (userId.equals("admin")) {
AAFPermission perm = new AAFPermission(null, permission, instance, action);
if (aafLur != null) {
hasPermission = aafLur.fish(new UnAuthPrincipal(userId), perm);
- logger.trace("Permission: " + perm.getKey() + " for user :" + userId + " found: " + hasPermission);
+ logger.trace("Permission: {} for user : {} found: {}" , perm.getKey(), userId, hasPermission);
} else {
logger.error("AAF client not initialized. Not able to find permissions.");
}
return "CADI_AAF_PROVIDER";
}
- public String authenticate(String userId, String password) throws Exception {
+ public String authenticate(String userId, String password) throws IOException {
- logger.info("^Event received with username " + userId);
+ logger.info("^Event received with username {}", userId);
if (!enableCadi) {
return null;
} else {
if (userId.equals(kafkaUsername)) {
if (password.equals(apiKey)) {
- logger.info("by passes the authentication for the admin " + kafkaUsername);
+ logger.info("by passes the authentication for the admin {}", kafkaUsername);
return null;
} else {
String errorMessage = "Authentication failed for user " + kafkaUsername;
}
String aafResponse = aafAuthn.validate(userId, password);
- logger.info("aafResponse=" + aafResponse + " for " + userId);
+ logger.info("aafResponse = {} for {}", aafResponse, userId);
if (aafResponse != null) {
- logger.error("Authentication failed for user ." + userId);
+ logger.error("Authentication failed for user {}", userId);
}
return aafResponse;
}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
import java.util.EnumSet;
import java.util.Map;
*/
public class KafkaCustomAuthorizer implements Authorizer {
- private String[] adminPermission = new String[3];
- p
ublic static final EnumSet<AclOperation> TOPIC_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.DESCRIBE_CONFIGS);
- p
ublic static final EnumSet<AclOperation> TOPIC_READ_WRITE_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.WRITE,
+ private final String[] adminPermission = new String[3];
+ p
rotected static final EnumSet<AclOperation> TOPIC_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.DESCRIBE_CONFIGS);
+ p
rotected static final EnumSet<AclOperation> TOPIC_READ_WRITE_DESCRIBE_OPERATIONS = EnumSet.of(AclOperation.WRITE,
AclOperation.READ, AclOperation.DESCRIBE_CONFIGS);
- p
ublic static final EnumSet<AclOperation> TOPIC_ADMIN_OPERATIONS = EnumSet.of(AclOperation.ALTER,
+ p
rotected static final EnumSet<AclOperation> TOPIC_ADMIN_OPERATIONS = EnumSet.of(AclOperation.ALTER,
AclOperation.ALTER_CONFIGS, AclOperation.CREATE);
+ static final String TOPIC = "Topic";
private static final Logger logger = LoggerFactory.getLogger(KafkaCustomAuthorizer.class);
}
} else if (aclOperation.equals(AclOperation.DELETE)) {
- permission = new String(System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|destroy").split("\\|");
+ permission = (System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|destroy").split("\\|");
} else if (TOPIC_ADMIN_OPERATIONS.contains(aclOperation)) {
- permission = new String(System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|create").split("\\|");
+ permission = (System.getProperty("msgRtr.topicfactory.aaf") + namspace + "|create").split("\\|");
}
return permission;
case ALTER_CONFIGS:
case CREATE:
case DELETE:
- if (resource.equals("Topic")) {
+ if (resource.equals(TOPIC)) {
permission = getTopicPermission(topicName, aclOperation);
} else if (resource.equals("Cluster")) {
permission = getAdminPermission();
case DESCRIBE_CONFIGS:
case READ:
case WRITE:
- if (resource.equals("Topic")) {
+ if (resource.equals(TOPIC)) {
permission = getTopicPermission(topicName, aclOperation);
}
break;
break;
}
-
return permission;
}
String fullName = arg0.principal().getName();
fullName = fullName != null ? fullName.trim() : fullName;
String topicName = null;
- String[] permission = new String[3];
+ String[] permission;
String resource = arg2.resourceType().name();
- if (resource.equals("Topic")) {
+ if (resource.equals(TOPIC)) {
topicName = arg2.name();
}
permission = getPermission(arg1.toJava(), resource, topicName);
- if (permission[0] == null) {
- return true;
- } else {
-
- try {
-
- if (null != topicName) {
- boolean hasResp = AuthorizationProviderFactory.getProviderFactory().getProvider()
- .hasPermission(fullName, permission[0], permission[1], permission[2]);
- if (hasResp) {
- logger.info("Successful Authorization for " + fullName + " on " + topicName + " for "
- + permission[0] + "|" + permission[1] + "|" + permission[2]);
- }
- if (!hasResp) {
- logger.info(fullName + " is not allowed in " + permission[0] + "|" + permission[1] + "|"
- + permission[2]);
- return false;
- }
+ if (permission[0] != null) {
+ return !checkPermissions(fullName, topicName, permission);
+ }
+ return true;
+ }
+
+ private boolean checkPermissions(String fullName, String topicName, String[] permission) {
+ try {
+
+ if (null != topicName) {
+ boolean hasResp = AuthorizationProviderFactory.getProviderFactory().getProvider()
+ .hasPermission(fullName, permission[0], permission[1], permission[2]);
+ if (hasResp) {
+ logger.info("Successful Authorization for {} on {} for {} | {} | {}", fullName, topicName,
+ permission[0], permission[1], permission[2]);
+ }
+ if (!hasResp) {
+ logger.info("{} is not allowed in {} | {} | {}", fullName, permission[0], permission[1],
+ permission[2]);
+ return true;
}
- } catch (final Exception e) {
- return false;
}
+ } catch (final Exception e) {
return true;
-
}
+ return false;
}
@Override
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
import java.util.Map;
-
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
public class PlainLoginModule1 implements LoginModule {
}
@Override
- public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
- Map<String, ?> options) {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
String username = (String) options.get(USERNAME_CONFIG);
if (username != null)
subject.getPublicCredentials().add(username);
}
@Override
- public boolean login() throws LoginException {
+ public boolean login() {
return true;
}
@Override
- public boolean logout() throws LoginException {
+ public boolean logout() {
return true;
}
@Override
- public boolean commit() throws LoginException {
+ public boolean commit() {
return true;
}
@Override
- public boolean abort() throws LoginException {
+ public boolean abort() {
return false;
}
}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
-import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
-
-import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
-
import org.apache.kafka.common.errors.SaslAuthenticationException;
-import org.apache.kafka.common.security.JaasContext;
-import org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler;
-import org.apache.kafka.common.security.plain.PlainAuthenticateCallback;
-import org.apache.kafka.common.security.plain.internals.PlainSaslServer;
import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory;
/**
private boolean complete;
private String authorizationId;
+ private static final String AUTH_EXC_NOT_COMPLETE = "Authentication exchange has not completed";
/**
try {
aafResponse = AuthorizationProviderFactory.getProviderFactory().getProvider().authenticate(username,
password);
- } catch (Exception e) {
+ } catch (Exception ignored) {
+ throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username);
}
if (null != aafResponse) {
throw new SaslAuthenticationException("Authentication failed: " + aafResponse + " User " + username);
}
-
if (!authorizationIdFromClient.isEmpty() && !authorizationIdFromClient.equals(username))
throw new SaslAuthenticationException("Authentication failed: Client requested an authorization id that is different from username");
@Override
public String getAuthorizationID() {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return authorizationId;
}
@Override
public Object getNegotiatedProperty(String propName) {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return null;
}
@Override
public byte[] unwrap(byte[] incoming, int offset, int len) {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return Arrays.copyOfRange(incoming, offset, offset + len);
}
@Override
public byte[] wrap(byte[] outgoing, int offset, int len) {
if (!complete)
- throw new IllegalStateException("Authentication exchange has not completed");
+ throw new IllegalStateException(AUTH_EXC_NOT_COMPLETE);
return Arrays.copyOfRange(outgoing, offset, offset + len);
}
@Override
public void dispose() {
+ // TODO Auto-generate method stub
}
public static class PlainSaslServerFactory1 implements SaslServerFactory {
throws SaslException {
if (!PLAIN_MECHANISM.equals(mechanism))
- throw new SaslException(String.format("Mechanism \'%s\' is not supported. Only PLAIN is supported.", mechanism));
+ throw new SaslException(String.format("Mechanism '%s' is not supported. Only PLAIN is supported.", mechanism));
return new PlainSaslServer1();
}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
import java.security.Provider;
import java.security.Security;
-import org.onap.dmaap.kafkaAuthorize.PlainSaslServer1.PlainSaslServerFactory1;
+import org.onap.dmaap.kafkaauthorize.PlainSaslServer1.PlainSaslServerFactory1;
public class PlainSaslServerProvider1 extends Provider {
*******************************************************************************/
package org.onap.dmaap.commonauth.kafka.base.authorization;
+import static org.junit.Assert.assertNotNull;
+
import org.junit.Test;
import org.junit.runner.RunWith;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
@Test
public void testFactory() {
- AuthorizationProviderFactory.getProviderFactory().getProvider();
-
+ assertNotNull(AuthorizationProviderFactory.getProviderFactory().getProvider());
}
}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.when;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.aaf.AAFPermission;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
-import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
-import org.onap.aaf.cadi.aaf.v2_0.AbsAAFLur;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.modules.junit4.PowerMockRunner;
@Mock
private static AAFAuthn<?> aafAuthn;
-
- @Mock
- private static AAFConHttp aafCon;
-
- @Mock
- private static AbsAAFLur<AAFPermission> aafLur;
- @Mock
- private static PropAccess access;
+ static {
+ System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+ System.setProperty("enableCadi", "true");
+ }
@Before
- public void setUp() throws Exception {
+ public void setUp() {
MockitoAnnotations.initMocks(this);
- System.setProperty("enableCadi", "true");
- System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
cadi3AAFProvider = new Cadi3AAFProvider();
}
@Test
public void testHasAdminPermission() {
- assertEquals(cadi3AAFProvider.hasPermission("admin", "permission", "instance", "action"), true);
+ assertTrue(cadi3AAFProvider.hasPermission("admin", "permission", "instance", "action"));
}
- @Test(expected = NullPointerException.class)
public void tesAuthenticate() throws Exception {
- System.setProperty("enableCadi", "true");
when(aafAuthn.validate("userId", "password")).thenReturn("valid");
- assertEquals(cadi3AAFProvider.authenticate("userId", "password"), "valid");
+ assertEquals("valid", cadi3AAFProvider.authenticate("userId", "password"));
}
@Test
public void tesAuthenticateAdminwtWrongCred() throws Exception {
assertNotNull(cadi3AAFProvider.authenticate("kafkaUsername", "api"));
}
-
}
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP Policy Engine
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.commonauth.kafka.base.authorization;
-
-import junit.framework.TestSuite;
-import org.junit.runner.RunWith;
-import org.junit.runners.Suite;
-import org.junit.runners.Suite.SuiteClasses;
-import org.apache.log4j.Logger;
-
-@RunWith(Suite.class)
-@SuiteClasses({ AuthorizationProviderFactoryTest.class, Cadi3AAFProviderTest.class })
-public class JUnitTestSuite {
- private static final Logger LOGGER = Logger.getLogger(JUnitTestSuite.class);
-
- public static void main(String[] args) {
- LOGGER.info("Running the test suite");
-
- TestSuite tstSuite = new TestSuite();
- LOGGER.info("Total Test Counts " + tstSuite.countTestCases());
- }
-
-}
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP Policy Engine
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.commonauth.kafka.base.authorization;
-
-import org.junit.runner.JUnitCore;
-import org.junit.runner.Result;
-import org.junit.runner.notification.Failure;
-import org.apache.log4j.Logger;
-
-public class TestRunner {
- private static final Logger LOGGER = Logger.getLogger(TestRunner.class);
-
- public static void main(String[] args) {
- // TODO Auto-generated method stub
- Result result = JUnitCore.runClasses(JUnitTestSuite.class);
- for (Failure failure : result.getFailures()) {
- LOGGER.info(failure.toString());
-
- }
- LOGGER.info(result.wasSuccessful());
- }
-
-}
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP Policy Engine
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.kafkaAuthorize;
-
-import junit.framework.TestSuite;
-import org.junit.runner.RunWith;
-import org.junit.runners.Suite;
-import org.junit.runners.Suite.SuiteClasses;
-import org.apache.log4j.Logger;
-
-@RunWith(Suite.class)
-@SuiteClasses({ KafkaCustomAuthorizerTest.class, PlainSaslServer1Test.class, PlainLoginModule1Test.class })
-public class JUnitTestSuite {
- private static final Logger LOGGER = Logger.getLogger(JUnitTestSuite.class);
-
- public static void main(String[] args) {
- LOGGER.info("Running the test suite");
-
- TestSuite tstSuite = new TestSuite();
- LOGGER.info("Total Test Counts " + tstSuite.countTestCases());
- }
-
-}
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP Policy Engine
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.kafkaAuthorize;
-
-import org.junit.runner.JUnitCore;
-import org.junit.runner.Result;
-import org.junit.runner.notification.Failure;
-import org.apache.log4j.Logger;
-
-public class TestRunner {
- private static final Logger LOGGER = Logger.getLogger(TestRunner.class);
-
- public static void main(String[] args) {
- // TODO Auto-generated method stub
- Result result = JUnitCore.runClasses(JUnitTestSuite.class);
- for (Failure failure : result.getFailures()) {
- LOGGER.info(failure.toString());
-
- }
- LOGGER.info(result.wasSuccessful());
- }
-
-}
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
AuthorizationProvider provider;
KafkaCustomAuthorizer authorizer;
-
+
static {
System.setProperty("CADI_PROPERTIES", "src/test/resources/cadi.properties");
+ System.setProperty("enableCadi", "true");
}
@Before
- public void setUp() throws Exception {
-
+ public void setUp() {
MockitoAnnotations.initMocks(this);
PowerMockito.when(principal.getName()).thenReturn("fullName");
PowerMockito.when(arg0.principal()).thenReturn(principal);
@Test
public void testAuthorizerSuccess() {
-
-
PowerMockito.when(provider.hasPermission("fullName", "namespace.topic", ":topic.namespace.Topic", "pub"))
.thenReturn(true);
authorizer = new KafkaCustomAuthorizer();
assertTrue(authorizer.authorize(arg0, arg1, arg2));
-
}
@Test
* org.onap.dmaap
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * Modification copyright (C) 2021 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
-import javax.security.auth.login.LoginException;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
import org.junit.Before;
import org.junit.Test;
-import org.junit.runner.RunWith;
+import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
+import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-@RunWith(PowerMockRunner.class)
@PowerMockIgnore({"jdk.internal.reflect.*"})
@PrepareForTest({ PlainLoginModule1.class })
public class PlainLoginModule1Test {
- PlainLoginModule1 pLogin = new PlainLoginModule1();
-
+ static PlainLoginModule1 pLogin = new PlainLoginModule1();
+ static Subject subject;
+ @Mock
+ static CallbackHandler callbackHandler;
+
+ @Mock
+ static Map<String, String> mymap1;
+
+ @Mock
+ static Map<String, ?> mymap2;
+
@Before
- public void setUp() throws Exception {
+ public void setUp() {
MockitoAnnotations.initMocks(this);
+ PowerMockito.when(mymap1.get("username")).thenReturn("user1");
+ PowerMockito.when(mymap1.get("password")).thenReturn("pass1");
+ pLogin.initialize(subject, callbackHandler, mymap1, mymap2);
}
@Test
- public void testLogin() throws LoginException {
- boolean b = pLogin.login();
-
- assert(b==true);
+ public void testLogin() {
+ assertTrue(pLogin.login());
}
@Test
- public void testLogout() throws LoginException {
- assert(pLogin.logout()==true);
+ public void testLogout() {
+ assertTrue(pLogin.logout());
}
@Test
- public void testCommit() throws LoginException {
- assert(pLogin.commit()==true);
+ public void testCommit() {
+ assertTrue(pLogin.commit());
}
@Test
- public void testAbort() throws LoginException {
- assert(pLogin.abort()==false);
+ public void testAbort() {
+ assertFalse(pLogin.abort());
}
}
*
*
*******************************************************************************/
-package org.onap.dmaap.kafkaAuthorize;
+package org.onap.dmaap.kafkaauthorize;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import java.util.Map;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
-
import org.apache.kafka.common.errors.SaslAuthenticationException;
-import org.apache.kafka.common.security.JaasContext;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
+import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProvider;
import org.onap.dmaap.commonauth.kafka.base.authorization.AuthorizationProviderFactory;
+import org.onap.dmaap.kafkaauthorize.PlainSaslServer1.PlainSaslServerFactory1;
import org.powermock.api.mockito.PowerMockito;
import org.powermock.core.classloader.annotations.PowerMockIgnore;
import org.powermock.core.classloader.annotations.PrepareForTest;
public class PlainSaslServer1Test {
PlainSaslServer1 sslServer = new PlainSaslServer1();
- @Mock
- JaasContext jaasContext;
+
@Mock
AuthorizationProviderFactory factory;
@Mock
AuthorizationProvider provider;
+ @Mock
+ CallbackHandler callbackHandler;
+ @Mock
+ static Map<String, String> props;
@Before
- public void setUp() throws Exception {
-
+ public void setUp() {
MockitoAnnotations.initMocks(this);
PowerMockito.mockStatic(AuthorizationProviderFactory.class);
PowerMockito.when(AuthorizationProviderFactory.getProviderFactory()).thenReturn(factory);
public void testAuthenticationEmptyAuth() throws Exception {
String response = "\u0000username\u0000password";
PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null);
- sslServer.evaluateResponse(response.getBytes());
- assert(true);
+ assertNotNull(sslServer.evaluateResponse(response.getBytes()));
}
@Test
public void testAuthenticationEmptyUser() throws Exception {
String response = "authorizationID\u0000\u0000password";
PowerMockito.when(provider.authenticate("username", "password")).thenReturn(null);
-
try {
sslServer.evaluateResponse(response.getBytes());
}
assertNotNull(e);
}
}
+
@Test
public void testAuthenticationEmptyPassword() throws Exception {
String response = "authorizationID\u0000username\u0000";
@Test
public void testGetAuthorizationIdWithException() {
-
try {
sslServer.getAuthorizationID();
}
@Test
public void testGetNegotiatedPropertyWithException() {
-
try {
sslServer.getNegotiatedProperty("test");
}
@Test
public void testIsComplete() {
-
try {
sslServer.getNegotiatedProperty("test");
}
assert(true);
}
-
@Test
public void testUnwrap() {
try {
e.printStackTrace();
}
assert(true);
- }
+ }
+
+ @Test
+ public void testGetMech() {
+ assertEquals("PLAIN", sslServer.getMechanismName());
+ }
+
+ @Test
+ public void testIsCompleteBool() {
+ assertFalse(sslServer.isComplete());
+ }
+
+ @Test
+ public void testPlainSaslServer1() throws SaslException {
+ PlainSaslServerFactory1 plainSaslServerFactory1 = new PlainSaslServerFactory1();
+ PlainSaslServer1 saslServer1 = (PlainSaslServer1) plainSaslServerFactory1.createSaslServer(PlainSaslServer1.PLAIN_MECHANISM, "https", "mySaslServer", props, callbackHandler);
+ assertNotNull(saslServer1);
+ Mockito.when(props.get(Sasl.POLICY_NOPLAINTEXT)).thenReturn("javax.security.sasl.policy.noplaintext");
+ assertEquals(new String[]{"PLAIN"}, plainSaslServerFactory1.getMechanismNames(props));
+ }
}
-aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
+aaf_locate_url=https://aaf-locate.onap:8095
aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
aaf_env=DEV
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-Challenge=enc:26N3deVSkeOeUORRKhI8aWTMLTGNMgO-EdGT7blB5O3XmNXtHcE4du9Bunz8k7O5
-cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_key_password=enc:je9_4VCevykPfd24WLzQDzCqokPRfmNsyhwUC3mXcibPFhzvjmCKyws3-r-oZEqo
+
+cadi_truststore=src/test/resources/org.onap.dmaap.mr.trust.jks
+cadi_truststore_password=@MP:Wc^8}%n6tG1kr]MI{:#V
+
cadi_keyfile=src/test/resources/org.onap.dmaap.mr.keyfile
+
+cadi_alias=dmaapmr@mr.dmaap.onap.org
cadi_keystore=src/test/resources/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:NHmvDrri9DSkZJ_-GLuOM0e-UGi_RpVgj9xYdpAamEILHm7I2E6rjbOif2G94UYW
-cadi_keystore_password_jks=enc:wi5LqsAIJ8W29tFYNiPMgJ86n9BAgOrlcOq2_xPNzb6F5M_r487_GLiQT4iIcXbb
-cadi_keystore_password_p12=enc:NHmvDrri9DSkZJ_-GLuOM0e-UGi_RpVgj9xYdpAamEILHm7I2E6rjbOif2G94UYW
-cadi_truststore=src/test/resources/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:7U4uOSdXQblnjiDsrqyjXugG4nChBXBBjqZ5amRaCq5yeYzbC9hQpH7BwUzYTa59
+cadi_keystore_password=iAHma{haRm)lJ^ah5Au{nZ;$
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+
+cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
-cadi_longitude=-122.26147
\ No newline at end of file
+cadi_longitude=-122.26147
-WGfF6i2ePMJQ-xNiTEG4qmMOjn6lD4UaQCwsUminLaaGj5ymqQBGQedJFOnhE49UJwwv-pRGJeXP
-w-xAgAKArIr7MGRCtGrgau28nl1i4s6Sc1f8FiPkZfavnjlXw9kqtmpswg0sWoR9CvnUSlcMXgyi
-ZF4BNenYBYwMOEi5cQN1P0qI6dYOEOFw-wD8tXYMBOjeeF6NjQP5kyk3QXIdktdF12ixmKh2ziMV
-yLsJ1nL7Cp4scGLKYKH349tLTEESxdgQYsmljnw5H9OaLPUyFfNn5HqyAQHbd-GTJ-zNcQwvDbQI
-bMqi0rlB_Z4NvvZ_6cS7O2NakNMOZoUFdrfDNCh1H2SltxmFwz1hzyU4NWFxF2rzSOdJplJVkb5O
-vg4U2lxvAGaNyg2Qz_XbR_mIgLG2pba8doWzNnMImjm8uc4dexWpHmqogHHg2BWVsYfOuEV7HL-b
-IaJKNrdU2L9vwpxmKzE0LyRnK41nZ1w22BHUck3FoLSZfOBIoV7ufzs7H3b2G8I3Iwh3M9ax44Fu
-h3YEbwyTCEJwKr8VH8isyISfUYCzwjvF_MNCfAh4Sv8uXVDv9w2hYuwgw0Gf0kw9UPcKrl6hAYpg
-WuoQYgGWuAl8BF1KB08Em1sQ-4Cn_irfjKrIJSRIUyLqZwOz_5HhQCSAhhx8Hk8hf3VPKNWEhkoi
-zNt6AomxE_LS3qcNrxdR1PAzfvg2Lqd0mszE6bMA4I-Nfm41Ji47b4ym6bn5BRwJxcFFfRhfw2V0
-BNWU3ipfoKcfKakHNbZERDZ5WREWNqt6Tzw_qde1qWo9s102Uk8At3nfVNKcfxaB3q9TlUGj0sGP
-TmqZvRGYABXrAnILPeCnn66ZcY-HF6q-TZ2KHCeRYm2oGJ5M9G4bVIdMK55QDG6yaRxmwjwyWH3z
-gvC5dH5hhmY-uUA5gCtskdHxC9eGXpsb-y-zCZkOgRWY_IWCnzJmDqZzij3cnh_iDpBQIecDMUgi
-oI3GlOkZv7jffN-5k2lREpmIH14CjpQCwBcTWoBsMeJNgIXBGoZj3N8gxelQ1n6YUNGm5yflviGa
-pIbCgLRXwUsalOj6WQMSHSwTUuV5S_DmWTYc7vYPfyDQeO0XoiNDGFRZt11J55KvcKYZ3l8KZxPl
-YqwD1qmV9A46746FLBvxeIfaiAtS4TTtUcUINDF55ywRCIM6SnFwL7fk82qmv8sYKlyBuAnfS75b
-1nW8bFvJyrVdQdl9VIbmPZAvEiVPo7sj6t9xUxxhfv-vYT45prl8xR3TetIWuQH_sLhj7Cc9-Foh
-BvWniCcQtQbZhdB383MibWYDtQUje9xa9O4gCkebqW0uTbz1YtezhgOH5R6O7tsYfLzPOGiFAYAS
-VhrtRQCslAcUPCMYFlr5UUIMPNyocyligiR4TQxFxpXN3yb0dyQUjdY9Utf-fdjYC9IRqWQ4XlKa
-Om9b9p2n5p3C4HQbuvKd1Gl4d1aZ3IYSfXsJiNdXB5xc-_-CzMHiHUu7QeAOQBNzRWbskOIqxLnj
-1e5DpiPYq98-dKFWY8dcUtgUdje7CojXToVTRNxzoLf9hRFDTBvMMHY3zasCGG5LymQ2G0PBox3V
-vOgRfTuGznBjoYzZr2jhGUF9H0jbRaG7wiyWt1dOOEOCiRMZL2Ct_VMcobVdlMyz_vNYNkzf8Ggu
-u5j3dPjfB3a1q-GOuxeKU1GSQNW2kYPJNR37o-2HR_-NIXddwGPEHPnesRgZoWmwCEn32SrLXRqL
-9QROJQAC4OOm9TqYX0iFYbCNM-qfdlwkgdBn7ZXeKATVVipiytugwJ9jLFrcXlUrNInuMFdxnt5a
-hRAZjQcYsSx8OJLJqtoDrFYH-bjEahgTTpxjNfJEojPTiiBC72OHAym6XVmMTsw5hFSnqYoPdDxj
-02NQGNs3wZdDRcbBG731RnoLJxdZz5063iwBMjwYzFjwZAtVCyvQkmv628nIwT6OImGlOfEgO88d
-iWSOV3FfbORgvQIlzKcY6DawyJLsEAmqQ3Pvx5WffHiaMHTWI38adAIj4ApDIDFfOzSTJlZb
\ No newline at end of file
+TbnInQ-QMCbTM2Kl9R8DfsTKhwt0nv8PTHooRfzyuHDQD3bHVmU4vjGXeQaFbj1Rq_DcOz6shg8k
+mYL0F5L0a-ZxO8id4sbkKqs_BAcRMf4PLJB0X0kBEvAq7Cqt_Hafgq4tz3c_OmutLJlGsWU4AtDe
+b68ISK2TG_P1CJGO-Y4xmRC4WW3YxnrL7pWq3r1VJ59KLlCAkL796EGy253lP2Uxl3788uUHZo-Q
+h74Yq3sxyyBn2shlH6vhRFOY8PVXO2-ljmBHrQj_NpL62ensYb1cxuGD5mivayGo2g98S3pX2ec2
+jhBB1uXsRSOJ-g1oScB9mDJYkib5l52lNKGw_ZSVaTNh2BP8T-HQjtgpM4lRps6nqLpwzV37u5wi
+67a5KIAdQz4txAjBBr62zGBpwkvEOgrtG-fk3Gh6C6C8KwxfUk-mysZNP1SaWLG0U4T05ilnrZa6
+PNqr35wqh_IBfJj2iK1pLqvlFCq8-VDDg1HWNvzlTzyzmlIFNrvHRaskgoM0QNi9ulbQyZ-j6Nsw
+l0B4khpNcOt2nc2cnI_jK7yy92i9I3IF4RcubZJSwvL1UEhtbw21XgIaWOcfnCmzIDdUZ33T-eNn
+6C6nL4_YAYfSndxOtr25tuUAbq5LWvXKUij1HAaQluN4gBMJxIdY4qm_tcKDxLTsHPTsjujyA_vr
+Ut2RWwwIqvUb98Sf2P7r8aIJe6GYrbKMs4mEnbKHzWibaW5z6652EGK20-Z3gvnZaGZ103fcV_4C
+IIQUxMmZf8TbPgjMHAP-f-uLCoQ9pPSAFsm3tdQB8IRCsfIFXsg65FPpa2YW7lVpwajCa-hPcGer
+pDbT7gKvUNijmcokNFRjjCiMUv8GyXk9xJ1XUB54pb0pZO9Nvswn94FHTpJV8o-ZSeEbnWGYfbFP
+gJYtLMrjmoolSQeGOH3gZiLoi_qkscBXhVVQ8_USSouQQPVgs2CgHpYqCrEeul9tIVTEQ6Ae_-nY
+IZKHmaEWewIRa7MhP3QzdwbuQ4v5V8D2vYYGrfrTSCOogPx8nwLKhfD1uztbMFb3pZ_qfjEvvL93
+2s8M2tnAGKXOG4z-TLQZmA0KkW32B0IB7XKQBQaElHlkbv2Sibt87APkTk38H4dlGGs1eVRnjmyX
+7sIjtbPSCzU9YXr6sRzCQH6qbzdioExUJQYNmraLx8JwJZw-C5_6jUc1jYkGMB3WFGj5i8awxSGM
+aPOeH8s6PzwK0M_4hsdl_40S8KVtaMH3541hxpUeTl_wWtlYGyRefHzSB3cEE_UD3ZvKaR56DFFJ
+szIVTeNBgZewHPkRyUiUYM3OhUwgbGkLPMA5es60qXGstqGUUZWWGRNOjE8aqQDOMElPpMZOFeqi
+m-zaUNU5i0uVpgwfEGVzl5i3jr6qRRnRRYyt7Ufiq_-L4gATQ_FtpO3YR87V9MSqKFoFT1Lr9XSg
+_-RSlaZ_uUc6DeplZqD3sExqqz3RcxvyaF1pieFMAv4IUb2-8FwNVSiMymT4g_F98s3iavydu5oy
+YtnYVAMgXeMM_O3uLnWX3uyNDWVTmSmYHSm9L0yL84E55Q-KHyjRJ5k5MKqAOmj_NzpdFyJ0zvly
+wI145Rr0IErHcrVAaqk7PR1NMoRFnndd3eRWRnsP8JzajvZfJLtLIiR2KRBl8q3Hw55rx0zr7lLu
+Wf_tRnAHfhdvwaTXZiGWPDTVOm4LlXUYm4WNu2RjEJeKq0aJ8z4aRSynxAE95xBn4wPEgu76l97X
+ipIYDz8Fv2VD4k2Oe358FtQri6wxeHV_0PVJqwSGthn3X9aDpfrAl4scUU8SoOG6CGkWRM1U1ALv
+2pv7aYrdv729j-2F8UTdXYDCxg8nlXXIi0RekPviB-AhQRX9vt4z4z6ePFXKIZqf5Lt0diG4rz_z
+-tN7Vyb21CsgcE-yDk_yonyp66G1dOFMaJd-FXelfyx-9-0PskvRCrD_OMspAqb7xqDyML2CSZxs
+BvDTH9V-5Ixr72FlA3jecd9SJwCE_icpdqttZnkF-Gu7DN2dHM31WIX7ivnwef2YmxtglwKL
\ No newline at end of file
Code Review / dmaap / kafka11aaf.git / commitdiff