From 40a9c869994113c1d0701d205829c60837fe3e8b Mon Sep 17 00:00:00 2001 From: IanHowell Date: Tue, 15 May 2018 11:58:54 -0500 Subject: [PATCH] Improve tests in cadi-core * Added tests for LocalLur and AbsTafResp * Fixed several warnings on old tests Issue-ID: AAF-225 Change-Id: I3583424a734c9999934153bcd069c50f306d235b Signed-off-by: IanHowell --- .../main/java/org/onap/aaf/cadi/AbsUserCache.java | 5 - .../main/java/org/onap/aaf/cadi/lur/LocalLur.java | 204 +++++++++++---------- .../java/org/onap/aaf/cadi/taf/AbsTafResp.java | 2 +- .../java/org/onap/aaf/cadi/wsse/WSSEParser.java | 5 +- .../onap/aaf/cadi/config/test/JU_SecurityInfo.java | 12 +- .../onap/aaf/cadi/config/test/JU_UsersDump.java | 15 +- .../org/onap/aaf/cadi/lur/test/JU_LocalLur.java | 191 ++++++++++++------- .../aaf/cadi/principal/test/JU_BasicPrincipal.java | 13 +- .../principal/test/JU_CachedBasicPrincipal.java | 19 +- .../org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java | 87 +++++++++ .../org/onap/aaf/cadi/test/JU_AbsUserCache.java | 62 ++++--- .../java/org/onap/aaf/cadi/util/test/JU_Vars.java | 2 - .../org/onap/aaf/cadi/wsse/test/JU_WSSEParser.java | 163 ++++++++++++++++ .../org/onap/aaf/cadi/wsse/test/JU_WSSE_Read.java | 189 ------------------- .../org/onap/aaf/cadi/wsse/test/JU_XReader.java | 20 +- 15 files changed, 558 insertions(+), 431 deletions(-) create mode 100644 cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java create mode 100644 cadi/core/src/test/java/org/onap/aaf/cadi/wsse/test/JU_WSSEParser.java delete mode 100644 cadi/core/src/test/java/org/onap/aaf/cadi/wsse/test/JU_WSSE_Read.java diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java index cf5c92d0..c65a9b22 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/AbsUserCache.java @@ -60,7 +60,6 @@ public abstract class AbsUserCache { private Clean clean; protected Access access; -// private final static Permission teaser = new LocalPermission("***NoPERM****"); protected AbsUserCache(Access access, long cleanInterval, int highCount, int usageCount) { this.access = access; @@ -322,7 +321,6 @@ public abstract class AbsUserCache { for(User user : al) { ++total; if(user.count>usageTriggerCount) { - // access.log(Level.AUDIT, "Checking Thread", new Date(now)); boolean touched = false, removed=false; if(user.principal instanceof CachedPrincipal) { CachedPrincipal cp = (CachedPrincipal)user.principal; @@ -333,7 +331,6 @@ public abstract class AbsUserCache { break; case REVALIDATED: user.resetCount(); - // access.log(Level.AUDIT, "CACHE revalidated credentials"); touched = true; break; default: @@ -346,9 +343,7 @@ public abstract class AbsUserCache { } } - // access.log(Level.AUDIT, "User Perm Expires", new Date(user.permExpires)); if(!removed && lur!=null && user.permExpires<= now ) { - // access.log(Level.AUDIT, "Reloading"); if(lur.reload(user).equals(Resp.REVALIDATED)) { user.renewPerm(); access.log(Level.DEBUG, "Reloaded Perms for",user); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java index c1a27fa7..0f9adb94 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/lur/LocalLur.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -38,10 +38,9 @@ import org.onap.aaf.cadi.User; import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.config.Config; - /** * An in-memory Lur that can be configured locally with User info via properties, similar to Tomcat-users.xml mechanisms. - * + * * @author Jonathan * */ @@ -50,120 +49,69 @@ public final class LocalLur extends AbsUserCache implements Lur public static final String COLON = "\\s*:\\s*"; public static final String COMMA = "\\s*,\\s*"; public static final String PERCENT = "\\s*%\\s*"; - + // Use to quickly determine whether any given group is supported by this LUR private final Set supportingGroups; - private String supportedRealm; - + private String supportedRealm; + /** * Construct by building structure, see "build" - * + * * Reconstruct with "build" - * - * @param userProperty - * @param groupProperty + * + * @param userProperties + * @param groupProperties * @param decryptor * @throws IOException */ - public LocalLur(Access access, String userProperty, String groupProperty) throws IOException { + public LocalLur(Access access, String userProperties, String groupProperties) throws IOException { super(access, 0, 0, Integer.MAX_VALUE); // data doesn't expire supportedRealm = access.getProperty(Config.BASIC_REALM, "localized"); - supportingGroups = new TreeSet(); - - if(userProperty!=null) { - // For each User name... - for(String user : userProperty.trim().split(SEMI)) { - String[] us = user.split(COLON,2); - String[] userpass = us[0].split(PERCENT,2); - String u; - User usr; - if(userpass.length>1) { - if(userpass.length>0 && userpass[0].indexOf('@')<0) { - userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()); - } - - u = userpass[0]; - byte[] pass = access.decrypt(userpass[1], true).getBytes(); - usr = new User(new ConfigPrincipal(u, pass)); - } else { - u = us[0]; - usr = new User(new ConfigPrincipal(u, (byte[])null)); - } - addUser(usr); - access.log(Level.INIT, "Local User:",usr.principal); - - if(us.length>1) { - Map newMap = usr.newMap(); - for(String group : us[1].split(COMMA)) { - supportingGroups.add(group); - usr.add(newMap,new LocalPermission(group)); - } - usr.setMap(newMap); - } - } + supportingGroups = new TreeSet<>(); + + if (userProperties != null) { + parseUserProperties(userProperties); } - if(groupProperty!=null) { - // For each Group name... - for(String group : groupProperty.trim().split(SEMI)) { - String[] gs = group.split(COLON,2); - if(gs.length>1) { - supportingGroups.add(gs[0]); - LocalPermission p = new LocalPermission(gs[0]); - // Add all users (known by comma separators) - - for(String grpMem : gs[1].split(COMMA)) { - // look for password, if so, put in passMap - String[] userpass = grpMem.split(PERCENT,2); - if(userpass.length>0 && userpass[0].indexOf('@')<0) { - userpass[0]=userpass[0] + '@' + access.getProperty(Config.AAF_DEFAULT_REALM,Config.getDefaultRealm()); - } - User usr = null; - if(userpass.length>1) { - byte[] pass = access.decrypt(userpass[1], true).getBytes(); - usr = getUser(userpass[0],pass); - if(usr==null)addUser(usr=new User(new ConfigPrincipal(userpass[0],pass))); - else usr.principal=new ConfigPrincipal(userpass[0],pass); - } else { - addUser(usr=new User(new ConfigPrincipal(userpass[0],(byte[])null))); - } - usr.add(p); - access.log(Level.INIT, "Local User:",usr.principal); - } - } - } + + if (groupProperties != null) { + parseGroupProperties(groupProperties); } } - + public boolean validate(String user, CredVal.Type type, byte[] cred, Object state) { - User usr = getUser(user,cred); - switch(type) { - case PASSWORD: - // covers null as well as bad pass - if(usr!=null && cred!=null && usr.principal instanceof ConfigPrincipal) { - return Hash.isEqual(cred,((ConfigPrincipal)usr.principal).getCred()); - } - break; + if (cred == null) { + return false; + } + User usr = getUser(user, cred); + if (usr == null) { + return false; + } + // covers null as well as bad pass + if ((type == Type.PASSWORD) && (usr.principal instanceof ConfigPrincipal)) {; + return Hash.isEqual(cred, ((ConfigPrincipal)usr.principal).getCred()); } return false; } // @Override public boolean fish(Principal bait, Permission pond) { - if(pond == null) { + if (pond == null) { return false; } - if(handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions - User user = getUser(bait); - return user==null?false:user.contains((LocalPermission)pond); + if (handles(bait) && pond instanceof LocalPermission) { // local Users only have LocalPermissions + User user = getUser(bait); + if (user != null) { + return user.contains((LocalPermission)pond); } + } return false; } // We do not want to expose the actual Group, so make a copy. public void fishAll(Principal bait, List perms) { - if(handles(bait)) { + if (handles(bait)) { User user = getUser(bait); - if(user!=null) { + if (user != null) { user.copyPermsTo(perms); } } @@ -174,13 +122,12 @@ public final class LocalLur extends AbsUserCache implements Lur */ @Override public boolean handles(Principal principal) { - return principal!=null && principal.getName().endsWith(supportedRealm); + if (principal == null) { + return false; + } + return principal.getName().endsWith(supportedRealm); } -// public boolean supports(String userName) { -// return userName!=null && userName.endsWith(supportedRealm); -// } -// public boolean handlesExclusively(Permission pond) { return supportingGroups.contains(pond.getKey()); } @@ -192,5 +139,74 @@ public final class LocalLur extends AbsUserCache implements Lur public Permission createPerm(String p) { return new LocalPermission(p); } + + private void parseUserProperties(String userProperties) throws IOException { + // For each User name... + for (String userProperty : userProperties.trim().split(SEMI)) { + String[] userInfo = userProperty.split(COLON, 2); + String[] userPass = userInfo[0].split(PERCENT, 2); + String userName = userPass[0]; + + byte[] password = null; + if (userPass.length > 1) { + password = access.decrypt(userPass[1], true).getBytes(); + if (userName.indexOf('@') < 0) { + userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); + } + } + User usr; + usr = new User<>(new ConfigPrincipal(userName, password)); + addUser(usr); + access.log(Level.INIT, "Local User:", usr.principal); + + if (userInfo.length > 1) { + Map newMap = usr.newMap(); + for (String group : userInfo[1].split(COMMA)) { + supportingGroups.add(group); + usr.add(newMap, new LocalPermission(group)); + } + usr.setMap(newMap); + } + } + } + + + private void parseGroupProperties(String groupProperties) throws IOException { + // For each Group name... + for (String group : groupProperties.trim().split(SEMI)) { + String[] groups = group.split(COLON, 2); + if (groups.length <= 1) { + continue; + } + supportingGroups.add(groups[0]); + LocalPermission p = new LocalPermission(groups[0]); + + // Add all users (known by comma separators) + for (String groupMember : groups[1].split(COMMA)) { + // look for password, if so, put in passMap + String[] userPass = groupMember.split(PERCENT, 2); + String userName = userPass[0]; + if (userName.indexOf('@') < 0) { + userName += '@' + access.getProperty(Config.AAF_DEFAULT_REALM, Config.getDefaultRealm()); + } + + User usr = null; + byte[] password = null; + if (userPass.length > 1) { + password = access.decrypt(userPass[1], true).getBytes(); + } + usr = getUser(userName, password); + if (usr == null) { + usr = new User<>(new ConfigPrincipal(userName, password)); + addUser(usr); + } + else { + usr.principal = new ConfigPrincipal(userName, password); + } + usr.add(p); + access.log(Level.INIT, "Local User:", usr.principal); + } + } + } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java index a2fc730e..c216fb57 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/AbsTafResp.java @@ -62,7 +62,7 @@ public abstract class AbsTafResp implements TafResp { * Respond in the affirmative if the TAF was able to Authenticate */ public boolean isValid() { - return principal!=null; + return principal != null; } /** diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java index 9e36c11f..017337b1 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java @@ -21,7 +21,6 @@ package org.onap.aaf.cadi.wsse; -import java.io.IOException; import java.io.InputStream; import javax.xml.stream.XMLStreamException; @@ -46,7 +45,6 @@ public class WSSEParser { private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/"; private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; private Match parseTree; - //private XMLInputFactory inputFactory; public WSSEParser() { // soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username] @@ -72,10 +70,9 @@ public class WSSEParser { ).stopAfter() // Stop Processing when Header Ends ).exclusive()// Envelope must match Header, and no other. FYI, Body comes after Header short circuits (see above), so it's ok ).exclusive(); // root must be Envelope - //inputFactory = XMLInputFactory.newInstance(); } - public XMLStreamException parse(BasicCred bc, InputStream is) throws IOException { + public XMLStreamException parse(BasicCred bc, InputStream is) { try { parseTree.onMatch(bc, new XReader(is)); return null; diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java index c442e6f2..842a7098 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java @@ -21,11 +21,13 @@ package org.onap.aaf.cadi.config.test; -import static org.junit.Assert.*; -import static org.hamcrest.CoreMatchers.*; -import static org.mockito.Mockito.*; -import org.junit.*; -import org.mockito.*; + +import static org.junit.Assert.assertNotNull; + +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; import java.io.ByteArrayOutputStream; import java.io.File; diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_UsersDump.java b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_UsersDump.java index 63b8cf2d..7d7ca77c 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_UsersDump.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_UsersDump.java @@ -21,9 +21,13 @@ package org.onap.aaf.cadi.config.test; -import static org.junit.Assert.*; -import static org.hamcrest.CoreMatchers.*; -import org.junit.*; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; import java.io.ByteArrayOutputStream; import java.io.File; @@ -64,7 +68,7 @@ public class JU_UsersDump { private final static String names = "admin:myname,yourname;suser:hisname,hername,m1234"; private AbsUserCache lur; - + @Before public void setup() throws IOException { outStream = new ByteArrayOutputStream(); @@ -85,6 +89,9 @@ public class JU_UsersDump { UsersDump.write(outStream, lur); String[] actualLines = Split.splitTrim('\n', outStream.toString()); String[] expectedLines = Split.splitTrim('\n', expected); + for (String s : actualLines) { + System.out.println(s); + } assertThat(actualLines.length, is(expectedLines.length)); diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java index 50933f4e..d86a0754 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java @@ -7,9 +7,9 @@ * * Licensed under the Apache License, Version 2.0 (the "License"); * * you may not use this file except in compliance with the License. * * You may obtain a copy of the License at - * * + * * * * http://www.apache.org/licenses/LICENSE-2.0 - * * + * * * * Unless required by applicable law or agreed to in writing, software * * distributed under the License is distributed on an "AS IS" BASIS, * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -19,97 +19,156 @@ * * * * ******************************************************************************/ + package org.onap.aaf.cadi.lur.test; -import static junit.framework.Assert.assertEquals; -import static junit.framework.Assert.assertFalse; -import static junit.framework.Assert.assertTrue; +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.Mockito.when; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.PrintStream; import java.security.Principal; import java.util.ArrayList; import java.util.List; -import java.util.Set; -import java.util.TreeSet; +import org.junit.Before; import org.junit.Test; -import org.onap.aaf.cadi.Lur; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.Symm; +import org.onap.aaf.cadi.AbsUserCache; import org.onap.aaf.cadi.CredVal.Type; -import org.onap.aaf.cadi.config.UsersDump; +import org.onap.aaf.cadi.lur.ConfigPrincipal; import org.onap.aaf.cadi.lur.LocalLur; import org.onap.aaf.cadi.lur.LocalPermission; public class JU_LocalLur { - @Test - public void test() throws IOException { - final Symm symmetric = Symm.baseCrypt().obtain(); - LocalLur up; - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - baos.write(Symm.ENC.getBytes()); - symmetric.enpass("", baos); - PropAccess ta = new PropAccess() { - @Override - public String decrypt(String encrypted, boolean anytext) throws IOException { - return symmetric.depass(encrypted); - } + private static final String password = ""; + private String encrypted; + + private PropAccess access; + private ByteArrayOutputStream outStream; + + @Mock Permission permMock; + + @Before + public void setup() throws IOException { + MockitoAnnotations.initMocks(this); + + encrypted = rot13(password); - @Override - public String encrypt(String unencrypted) throws IOException { - return symmetric.enpass(unencrypted); + outStream = new ByteArrayOutputStream(); + access = new PropAccess(new PrintStream(outStream), new String[0]) { + @Override public String decrypt(String encrypted, boolean anytext) throws IOException { + return rot13(encrypted); + } + @Override public String encrypt(String unencrypted) throws IOException { + return rot13(unencrypted); } - }; + + } + + @Test + public void test() throws IOException { + LocalLur lur; + List.DumpInfo> info; + + lur = new LocalLur(access, null, null); + assertThat(lur.dumpInfo().size(), is(0)); + + lur = new LocalLur(access, "user1", null); + info = lur.dumpInfo(); + assertThat(info.size(), is(1)); + assertThat(info.get(0).user, is("user1")); + + lur.clearAll(); + assertThat(lur.dumpInfo().size(), is(0)); + + lur = new LocalLur(access, "user1%" + encrypted, null); + info = lur.dumpInfo(); + assertThat(info.size(), is(1)); + assertThat(info.get(0).user, is("user1@none")); + + lur.clearAll(); + assertThat(lur.dumpInfo().size(), is(0)); + + lur = new LocalLur(access, "user1@domain%" + encrypted, null); + info = lur.dumpInfo(); + assertThat(info.size(), is(1)); + assertThat(info.get(0).user, is("user1@domain")); + + lur = new LocalLur(access, "user1@domain%" + encrypted + ":groupA", null); + info = lur.dumpInfo(); + assertThat(info.size(), is(1)); + assertThat(info.get(0).user, is("user1@domain")); + + when(permMock.getKey()).thenReturn("groupA"); + assertThat(lur.handlesExclusively(permMock), is(true)); + when(permMock.getKey()).thenReturn("groupB"); + assertThat(lur.handlesExclusively(permMock), is(false)); - Lur ml = up = new LocalLur(ta,"myname:groupA,groupB","admin:myname,yourname;suser:hisname,hername,m1234%"+baos.toString()); + assertThat(lur.fish(null, null), is(false)); + + Principal princ = new ConfigPrincipal("user1@localized", encrypted); + + lur = new LocalLur(access, "user1@localized%" + password + ":groupA", null); + assertThat(lur.fish(princ, lur.createPerm("groupA")), is(true)); + assertThat(lur.fish(princ, lur.createPerm("groupB")), is(false)); + assertThat(lur.fish(princ, permMock), is(false)); + + princ = new ConfigPrincipal("user1@domain", encrypted); + assertThat(lur.fish(princ, lur.createPerm("groupB")), is(false)); + princ = new ConfigPrincipal("user1@localized", "badpass"); + assertThat(lur.fish(princ, lur.createPerm("groupB")), is(false)); -// Permission admin = new LocalPermission("admin"); -// Permission suser = new LocalPermission("suser"); -// -// // Check User fish -// assertTrue(ml.fish(new JUPrincipal("myname"),admin)); -// assertTrue(ml.fish(new JUPrincipal("hisname"),admin)); -// assertFalse(ml.fish(new JUPrincipal("noname"),admin)); -// assertTrue(ml.fish(new JUPrincipal("itsname"),suser)); -// assertTrue(ml.fish(new JUPrincipal("hername"),suser)); -// assertFalse(ml.fish(new JUPrincipal("myname"),suser)); -// -// // Check validate password -// assertTrue(up.validate("m1234",Type.PASSWORD, "".getBytes())); -// assertFalse(up.validate("m1234",Type.PASSWORD, "badPass".getBytes())); -// - // Check fishAll - Set set = new TreeSet(); - List perms = new ArrayList(); - ml.fishAll(new JUPrincipal("myname"), perms); - for(Permission p : perms) { - set.add(p.getKey()); - } -// assertEquals("[admin, groupA, groupB]",set.toString()); - UsersDump.write(System.out, up); - System.out.flush(); + assertThat(lur.handles(null), is(false)); + lur.fishAll(null, null); + + List perms = new ArrayList<>(); + perms.add(lur.createPerm("groupB")); + perms.add(lur.createPerm("groupA")); + princ = new ConfigPrincipal("user1@localized", encrypted); + lur.fishAll(princ, perms); + princ = new ConfigPrincipal("user1@localized", "badpass"); + lur.fishAll(princ, perms); + + assertThat(lur.validate(null, null, null, null), is(false)); + assertThat(lur.validate("user", null, "badpass".getBytes(), null), is(false)); + assertThat(lur.validate("user1@localized", null, encrypted.getBytes(), null), is(false)); + + lur = new LocalLur(access, "user1@localized%" + password + ":groupA", null); + assertThat(lur.validate("user1@localized", Type.PASSWORD, encrypted.getBytes(), null), is(true)); + + lur = new LocalLur(access, null, "admin"); + lur = new LocalLur(access, null, "admin:user1"); + lur = new LocalLur(access, null, "admin:user1@localized"); + lur = new LocalLur(access, null, "admin:user1@localized,user2@localized%" + password + ";user:user1@localized"); } - - // Simplistic Principal for testing purposes - private static class JUPrincipal implements Principal { - private String name; - public JUPrincipal(String name) { - this.name = name; - } -// @Override - public String getName() { - return name; + + public static String rot13(String input) { + StringBuilder sb = new StringBuilder(); + for (int i = 0; i < input.length(); i++) { + char c = input.charAt(i); + if (c >= 'a' && c <= 'm') { + c += 13; + } else if (c >= 'A' && c <= 'M') { + c += 13; + } else if (c >= 'n' && c <= 'z') { + c -= 13; + } else if (c >= 'N' && c <= 'Z') { + c -= 13; + } + sb.append(c); } + return sb.toString(); } - - - - } + diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java index 1fafe2e8..32d6cd0a 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_BasicPrincipal.java @@ -22,9 +22,13 @@ package org.onap.aaf.cadi.principal.test; -import static org.junit.Assert.*; -import static org.hamcrest.CoreMatchers.*; -import static org.mockito.Mockito.*; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.mockito.Mockito.when; +import static org.mockito.Mockito.mock; import org.junit.*; import java.io.IOException; @@ -33,9 +37,6 @@ import java.util.Date; import org.onap.aaf.cadi.BasicCred; import org.onap.aaf.cadi.Symm; import org.onap.aaf.cadi.principal.BasicPrincipal; -import org.onap.aaf.cadi.principal.StringTagLookup; -import org.onap.aaf.cadi.principal.TaggedPrincipal; -import org.onap.aaf.cadi.principal.TaggedPrincipal.TagLookup; public class JU_BasicPrincipal { diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_CachedBasicPrincipal.java b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_CachedBasicPrincipal.java index aa9a01a5..20e1d4d9 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_CachedBasicPrincipal.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/principal/test/JU_CachedBasicPrincipal.java @@ -22,25 +22,24 @@ package org.onap.aaf.cadi.principal.test; -import static org.junit.Assert.*; -import static org.hamcrest.CoreMatchers.*; -import static org.mockito.Mockito.*; -import org.junit.*; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.hamcrest.CoreMatchers.is; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.when; +import static org.mockito.Mockito.mock; + +import org.junit.Before; +import org.junit.Test; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import java.io.IOException; import java.lang.reflect.Field; -import java.util.Date; import org.onap.aaf.cadi.BasicCred; import org.onap.aaf.cadi.CachedPrincipal; -import org.onap.aaf.cadi.CachedPrincipal.Resp; -import org.onap.aaf.cadi.Symm; import org.onap.aaf.cadi.principal.CachedBasicPrincipal; -import org.onap.aaf.cadi.principal.StringTagLookup; -import org.onap.aaf.cadi.principal.TaggedPrincipal; -import org.onap.aaf.cadi.principal.TaggedPrincipal.TagLookup; import org.onap.aaf.cadi.taf.HttpTaf; public class JU_CachedBasicPrincipal { diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java new file mode 100644 index 00000000..6d0c04b7 --- /dev/null +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_AbsTafResp.java @@ -0,0 +1,87 @@ +/******************************************************************************* +* ============LICENSE_START==================================================== +* * org.onap.aaf +* * =========================================================================== +* * Copyright © 2017 AT&T Intellectual Property. All rights reserved. +* * =========================================================================== +* * Licensed under the Apache License, Version 2.0 (the "License"); +* * you may not use this file except in compliance with the License. +* * You may obtain a copy of the License at +* * +* * http://www.apache.org/licenses/LICENSE-2.0 +* * +* * Unless required by applicable law or agreed to in writing, software +* * distributed under the License is distributed on an "AS IS" BASIS, +* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* * See the License for the specific language governing permissions and +* * limitations under the License. +* * ============LICENSE_END==================================================== +* * +* * +******************************************************************************/ + +package org.onap.aaf.cadi.taf.test; + +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.junit.Assert.assertThat; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.PrintStream; + +import org.junit.Before; +import org.junit.Test; +import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.principal.TaggedPrincipal; +import org.onap.aaf.cadi.taf.AbsTafResp; +import org.onap.aaf.cadi.taf.TafResp.RESP; + +public class JU_AbsTafResp { + + private static final String name = "name"; + private static final String tag = "tag"; + private static final String description = "description"; + + private Access access; + private TaggedPrincipal taggedPrinc; + + @Before + public void setup() { + access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]); + taggedPrinc = new TaggedPrincipal() { + @Override public String getName() { return name; } + @Override public String tag() { return tag; } + }; + } + + @Test + public void test() { + AbsTafResp tafResp = new AbsTafResp(access, taggedPrinc, description) { + @Override public RESP authenticate() throws IOException { + return null; + } + }; + + assertThat(tafResp.isValid(), is(true)); + assertThat(tafResp.desc(), is(description)); + assertThat(tafResp.isAuthenticated(), is(RESP.IS_AUTHENTICATED)); + assertThat(tafResp.getPrincipal(), is(taggedPrinc)); + assertThat(tafResp.getAccess(), is(access)); + assertThat(tafResp.isFailedAttempt(), is(false)); + + tafResp = new AbsTafResp(null, null, null) { + @Override public RESP authenticate() throws IOException { + return null; + } + }; + + assertThat(tafResp.isValid(), is(false)); + assertThat(tafResp.isAuthenticated(), is(RESP.TRY_ANOTHER_TAF)); + assertThat(tafResp.getPrincipal(), is(nullValue())); + assertThat(tafResp.getAccess(), is(nullValue())); + assertThat(tafResp.isFailedAttempt(), is(false)); + } + +} diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java index 441765a6..b2739b9d 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_AbsUserCache.java @@ -21,11 +21,13 @@ package org.onap.aaf.cadi.test; -import static org.junit.Assert.*; -import static org.hamcrest.CoreMatchers.*; -import static org.mockito.Mockito.*; -import org.junit.*; -import org.mockito.*; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -35,13 +37,17 @@ import java.security.Principal; import java.util.ArrayList; import java.util.List; +import org.junit.After; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; import org.onap.aaf.cadi.AbsUserCache; -import org.onap.aaf.cadi.AbsUserCache.*; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CachedPrincipal.Resp; import org.onap.aaf.cadi.CachingLur; import org.onap.aaf.cadi.GetCred; -import org.onap.aaf.cadi.Hash; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.PropAccess; import org.onap.aaf.cadi.User; @@ -51,14 +57,10 @@ import org.onap.aaf.cadi.principal.CachedBasicPrincipal; public class JU_AbsUserCache { @Mock private CachingLur cl; - @Mock private Principal principal; - @Mock private CachedBasicPrincipal cbp; - @Mock private LocalPermission permission1; @Mock private LocalPermission permission2; - private Access access; @@ -67,7 +69,7 @@ public class JU_AbsUserCache { private String name1 = "name1"; private String name2 = "name2"; private byte[] password = "password".getBytes(); - + private static Field timerField; @BeforeClass @@ -300,22 +302,22 @@ public class JU_AbsUserCache { @Test public void handlesExclusivelyTest() { - AbsUserCacheStub aucs = new AbsUserCacheStub(access, 0, 0, Integer.MAX_VALUE); + AbsUserCacheStub aucs = new AbsUserCacheStub(access, 0, 0, Integer.MAX_VALUE); assertFalse(aucs.handlesExclusively(permission1)); assertFalse(aucs.handlesExclusively(permission2)); } @Test public void destroyTest() { - AbsUserCacheStub aucs = new AbsUserCacheStub(access, 0, 0, Integer.MAX_VALUE); + AbsUserCacheStub aucs = new AbsUserCacheStub(access, 0, 0, Integer.MAX_VALUE); aucs.destroy(); - aucs = new AbsUserCacheStub(access, 1, 1, Integer.MAX_VALUE); + aucs = new AbsUserCacheStub(access, 1, 1, Integer.MAX_VALUE); aucs.destroy(); } @Test public void missTest() throws IOException { - AbsUserCacheStub aucs = new AbsUserCacheStub(access, 0, 0, Integer.MAX_VALUE); + AbsUserCacheStub aucs = new AbsUserCacheStub(access, 0, 0, Integer.MAX_VALUE); // Add the Miss to the missmap assertTrue(aucs.addMiss("key", password)); // This one actually adds it assertTrue(aucs.addMiss("key", password)); // this one doesn't really do anything @@ -332,26 +334,26 @@ public class JU_AbsUserCache { } class AbsUserCacheStub extends AbsUserCache { - public AbsUserCacheStub(Access access, long cleanInterval, int highCount, int usageCount) { super(access, cleanInterval, highCount, usageCount); } - public AbsUserCacheStub(AbsUserCache cache) { super(cache); } - @Override public void setLur(CachingLur lur) { super.setLur(lur); } - @Override public void addUser(User user) { super.addUser(user); } - @Override public void addUser(String key, User user) { super.addUser(key, user); } - @Override public User getUser(Principal p) { return super.getUser(p); } - @Override public User getUser(CachedBasicPrincipal p) { return super.getUser(p); } - @Override public User getUser(String user, byte[] cred) { return super.getUser(user, cred); } + public AbsUserCacheStub(Access access, long cleanInterval, int highCount, int usageCount) { super(access, cleanInterval, highCount, usageCount); } + public AbsUserCacheStub(AbsUserCache cache) { super(cache); } + @Override public void setLur(CachingLur lur) { super.setLur(lur); } + @Override public void addUser(User user) { super.addUser(user); } + @Override public void addUser(String key, User user) { super.addUser(key, user); } + @Override public User getUser(Principal p) { return super.getUser(p); } + @Override public User getUser(CachedBasicPrincipal p) { return super.getUser(p); } + @Override public User getUser(String user, byte[] cred) { return super.getUser(user, cred); } @Override public void remove(User user) { super.remove(user); } @Override public boolean addMiss(String key, byte[] bs) { return super.addMiss(key, bs); } @Override public Miss missed(String key, byte[] bs) throws IOException { return super.missed(key, bs); } } class AbsUserCacheCLStub extends AbsUserCache implements CachingLur { - public AbsUserCacheCLStub(AbsUserCache cache) { super(cache); } - @Override public Permission createPerm(String p) { return null; } - @Override public boolean fish(Principal bait, Permission pond) { return false; } - @Override public void fishAll(Principal bait, List permissions) { } - @Override public boolean handles(Principal principal) { return false; } - @Override public Resp reload(User user) { return null; } + public AbsUserCacheCLStub(AbsUserCache cache) { super(cache); } + @Override public Permission createPerm(String p) { return null; } + @Override public boolean fish(Principal bait, Permission pond) { return false; } + @Override public void fishAll(Principal bait, List permissions) { } + @Override public boolean handles(Principal principal) { return false; } + @Override public Resp reload(User user) { return null; } @Override public void setDebug(String commaDelimIDsOrNull) { } } diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/util/test/JU_Vars.java b/cadi/core/src/test/java/org/onap/aaf/cadi/util/test/JU_Vars.java index 32ca8f84..b2600aa5 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/util/test/JU_Vars.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/util/test/JU_Vars.java @@ -46,7 +46,6 @@ public class JU_Vars { @Test public void convertTest1() { - String test = "te%t"; List list = new ArrayList(); list.add("method"); assertEquals(Vars.convert("test", list), "test"); @@ -54,7 +53,6 @@ public class JU_Vars { @Test public void convertTest2() { - String test = "te%s%t"; List list = new ArrayList(); list.add("method"); assertEquals(Vars.convert("test", list), "test"); diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/wsse/test/JU_WSSEParser.java b/cadi/core/src/test/java/org/onap/aaf/cadi/wsse/test/JU_WSSEParser.java new file mode 100644 index 00000000..0d7bdc2c --- /dev/null +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/wsse/test/JU_WSSEParser.java @@ -0,0 +1,163 @@ +/******************************************************************************* +* ============LICENSE_START==================================================== +* * org.onap.aaf +* * =========================================================================== +* * Copyright © 2017 AT&T Intellectual Property. All rights reserved. +* * =========================================================================== +* * Licensed under the Apache License, Version 2.0 (the "License"); +* * you may not use this file except in compliance with the License. +* * You may obtain a copy of the License at +* * +* * http://www.apache.org/licenses/LICENSE-2.0 +* * +* * Unless required by applicable law or agreed to in writing, software +* * distributed under the License is distributed on an "AS IS" BASIS, +* * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* * See the License for the specific language governing permissions and +* * limitations under the License. +* * ============LICENSE_END==================================================== +* * +* * +******************************************************************************/ +package org.onap.aaf.cadi.wsse.test; + +import org.junit.Test; +import org.onap.aaf.cadi.wsse.WSSEParser; + +public class JU_WSSEParser { + + @Test + public void test() { + @SuppressWarnings("unused") + WSSEParser wp = new WSSEParser(); + + // TODO: test the rest of this class +// final BasicCred bc = new BasicCred() { +// private String user; +// private byte[] password; +// +// public void setUser(String user) { this.user = user; } +// public void setCred(byte[] passwd) { this.password = passwd; } +// public String getUser() { return user; } +// public byte[] getCred() { return password; } +// }; + +// FileInputStream fis; +// fis = new FileInputStream("test/example.xml"); +// BufferedServletInputStream is = new BufferedServletInputStream(fis); +// try { +// is.mark(1536); +// try { +// assertNull(wp.parse(bc, is)); +// } finally { +// is.reset(); +// assertEquals(814,is.buffered()); +// } +// String password = new String(bc.getCred()); +// System.out.println("CadiWrap credentials are: " + bc.getUser() + ", " + password); +// assertEquals("some_user", bc.getUser()); +// assertEquals("some_password", password); +// +// } finally { +// fis.close(); +// } +// +// // CBUS (larger) +// fis = new FileInputStream("test/CBUSevent.xml"); +// is = new BufferedServletInputStream(fis); +// try { +// is.mark(1536); +// try { +// assertNull(wp.parse(bc, is)); +// } finally { +// is.reset(); +// assertEquals(667,is.buffered()); +// } +// String password = new String(bc.getCred()); +// System.out.println("CadiWrap credentials are: " + bc.getUser() + ", " + password); +// assertEquals("none", bc.getUser()); +// assertEquals("none", password); +// +// } finally { +// fis.close(); +// } +// +// // Closed Stream +// fis = new FileInputStream("test/example.xml"); +// fis.close(); +// bc.setCred(null); +// bc.setUser(null); +// XMLStreamException ex = wp.parse(bc, fis); +// assertNotNull(ex); +// assertNull(bc.getUser()); +// assertNull(bc.getCred()); +// +// +// fis = new FileInputStream("test/exampleNoSecurity.xml"); +// try { +// bc.setCred(null); +// bc.setUser(null); +// assertNull(wp.parse(bc, fis)); +// assertNull(bc.getUser()); +// assertNull(bc.getCred()); +// } finally { +// fis.close(); +// } +// +// fis = new FileInputStream("test/exampleBad1.xml"); +// try { +// bc.setCred(null); +// bc.setUser(null); +// assertNull(wp.parse(bc, fis)); +// assertNull(bc.getUser()); +// assertNull(bc.getCred()); +// } finally { +// fis.close(); +// } +// +// XMLStreamException e = wp.parse(bc, new ByteArrayInputStream("Not XML".getBytes())); // empty +// assertNotNull(e); +// +// e = wp.parse(bc, new ByteArrayInputStream("".getBytes())); // empty +// assertNotNull(e); +// +// +// long start, count = 0L; +// int iter = 30000; +// File f = new File("test/CBUSevent.xml"); +// fis = new FileInputStream(f); +// is = new BufferedServletInputStream(fis); +// is.mark(0); +// try { +// while(is.read()>=0); +// } finally { +// fis.close(); +// } +// +// for(int i=0;i=0); -// } finally { -// fis.close(); -// } - -// for(int i=0;i