1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
23 package org.onap.aaf.auth.service.mapper;
25 import static org.junit.Assert.assertEquals;
26 import static org.junit.Assert.assertFalse;
27 import static org.junit.Assert.assertNotNull;
28 import static org.junit.Assert.assertNull;
29 import static org.junit.Assert.assertTrue;
30 import static org.junit.Assert.fail;
31 import static org.mockito.BDDMockito.given;
32 import static org.mockito.Matchers.any;
33 import static org.mockito.Matchers.anyString;
34 import static org.mockito.Matchers.eq;
35 import static org.mockito.Matchers.isA;
36 import static org.mockito.Mockito.mock;
37 import static org.mockito.Mockito.never;
38 import static org.mockito.Mockito.verify;
39 import static org.mockito.Mockito.verifyZeroInteractions;
40 import static org.onap.aaf.auth.layer.Result.ERR_BadData;
41 import static org.onap.aaf.auth.layer.Result.ERR_General;
43 import java.io.IOException;
44 import java.math.BigInteger;
45 import java.util.ArrayList;
46 import java.util.Calendar;
47 import java.util.Collection;
48 import java.util.Date;
49 import java.util.GregorianCalendar;
50 import java.util.HashMap;
51 import java.util.HashSet;
52 import java.util.List;
55 import java.util.UUID;
56 import java.util.stream.Collectors;
58 import org.junit.Before;
59 import org.junit.Test;
60 import org.junit.runner.RunWith;
61 import org.mockito.Mock;
62 import org.mockito.runners.MockitoJUnitRunner;
63 import org.onap.aaf.auth.dao.cass.CertDAO;
64 import org.onap.aaf.auth.dao.cass.CredDAO;
65 import org.onap.aaf.auth.dao.cass.HistoryDAO;
66 import org.onap.aaf.auth.dao.cass.Namespace;
67 import org.onap.aaf.auth.dao.cass.NsDAO;
68 import org.onap.aaf.auth.dao.cass.NsSplit;
69 import org.onap.aaf.auth.dao.cass.NsType;
70 import org.onap.aaf.auth.dao.cass.PermDAO;
71 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
72 import org.onap.aaf.auth.dao.cass.RoleDAO;
73 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
74 import org.onap.aaf.auth.dao.hl.Question;
75 import org.onap.aaf.auth.dao.hl.Question.Access;
76 import org.onap.aaf.auth.env.AuthzTrans;
77 import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE;
78 import org.onap.aaf.auth.layer.Result;
79 import org.onap.aaf.auth.org.Organization;
80 import org.onap.aaf.auth.org.Organization.Expiration;
81 import org.onap.aaf.auth.rserv.Pair;
82 import org.onap.aaf.auth.service.mapper.Mapper.API;
83 import org.onap.aaf.cadi.CadiException;
84 import org.onap.aaf.misc.env.APIException;
85 import org.onap.aaf.misc.env.Env;
86 import org.onap.aaf.misc.env.TimeTaken;
88 import aaf.v2_0.Certs;
89 import aaf.v2_0.Certs.Cert;
90 import aaf.v2_0.CredRequest;
91 import aaf.v2_0.History;
92 import aaf.v2_0.History.Item;
93 import aaf.v2_0.NsRequest;
95 import aaf.v2_0.Nss.Ns;
97 import aaf.v2_0.PermRequest;
98 import aaf.v2_0.Perms;
100 import aaf.v2_0.Request;
101 import aaf.v2_0.Role;
102 import aaf.v2_0.RoleRequest;
103 import aaf.v2_0.Roles;
104 import aaf.v2_0.UserRole;
105 import aaf.v2_0.UserRoleRequest;
106 import aaf.v2_0.UserRoles;
107 import aaf.v2_0.Users;
108 import aaf.v2_0.Users.User;
110 @RunWith(MockitoJUnitRunner.class)
111 public class JU_Mapper_2_0 {
112 private static final String USER = "John";
114 private Mapper_2_0 mapper;
116 private Question question;
118 private AuthzTrans transaction;
120 private TimeTaken tt;
122 private Organization org;
126 public void setUp() throws APIException, IOException, CadiException {
127 given(transaction.start(anyString(), eq(Env.SUB))).willReturn(tt);
128 given(transaction.user()).willReturn(USER);
129 given(transaction.org()).willReturn(org);
130 this.mapper = new Mapper_2_0(question);
133 @Test(expected = ClassCastException.class)
134 public void ns_willThrowException_whenInvalidRequestType() {
136 Request rq = new Request();
139 mapper.ns(transaction, rq);
142 fail("Expected ClassCastException");
146 public void ns_shouldConvertNamespaceRequest_whenValidTypeIsExplicitlyProvided() {
148 String namespaceName = "org.companyA.app1";
149 String namespaceType = "APP";
150 NsType expectedNsType = NsType.APP;
151 NsRequest nsRequest = createNsRequestForType(namespaceName, namespaceType);
154 Result<Namespace> result = mapper.ns(transaction,nsRequest);
157 assertTrue(result.isOK());
158 assertNamespaceValues(result.value, expectedNsType, namespaceName);
159 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
163 public void ns_shouldConvertNamespaceRequest_whenInValidTypeIsExplicitlyProvided() {
165 String namespaceName = "org.companyA.app1.service0";
166 String invalidNsType = "BLUE";
167 NsType expectedNsType = NsType.APP;
168 NsRequest nsRequest = createNsRequestForType(namespaceName, invalidNsType);
171 Result<Namespace> result = mapper.ns(transaction,nsRequest);
174 assertTrue(result.isOK());
175 assertNamespaceValues(result.value, expectedNsType, namespaceName);
176 verify(transaction).checkpoint(namespaceName,Env.ALWAYS);
180 public void ns_shouldConvertRootNamespaceRequest_whenTypeNotProvided() {
182 String rootNsName = "org";
183 NsType expectedNsType = NsType.ROOT;
184 NsRequest nsRequest = createNsRequestForType(rootNsName, null);
187 Result<Namespace> result = mapper.ns(transaction,nsRequest);
190 assertTrue(result.isOK());
191 assertNamespaceValues(result.value, expectedNsType, rootNsName);
192 verify(transaction).checkpoint(rootNsName,Env.ALWAYS);
196 public void ns_shouldConvertCompanyNamespaceRequest_whenTypeNotProvided() {
198 String companyNsName = "org.companyA";
199 NsType expectedNsType = NsType.COMPANY;
200 NsRequest nsRequest = createNsRequestForType(companyNsName, null);
203 Result<Namespace> result = mapper.ns(transaction,nsRequest);
206 assertTrue(result.isOK());
207 assertNamespaceValues(result.value, expectedNsType, companyNsName);
208 verify(transaction).checkpoint(companyNsName,Env.ALWAYS);
211 private void assertNamespaceValues(Namespace value, NsType nsType, String namespaceName) {
212 List<String> people = Lists.newArrayList("tk007@people.osaaf.org");
213 assertEquals(Integer.valueOf(nsType.type), value.type);
214 assertEquals(namespaceName, value.name);
215 assertEquals("some namespace description", value.description);
216 assertEquals(people, value.admin);
217 assertEquals(people, value.owner);
220 private NsRequest createNsRequestForType(String nsName, String nsType) {
221 NsRequest req = mapper.newInstance(API.NS_REQ);
224 req.setDescription("some namespace description");
225 req.getAdmin().add("tk007@people.osaaf.org");
226 req.getResponsible().add("tk007@people.osaaf.org");
231 public void nss_shouldConvertNamespaceToNss_withoutAttributes() {
233 Nss nss = mapper.newInstance(API.NSS);
234 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
237 Result<Nss> result = mapper.nss(transaction, ns, nss);
240 assertTrue(result.isOK());
241 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
242 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
243 assertEquals(ns.admin, addedNs.getAdmin());
244 assertEquals(ns.name, addedNs.getName());
245 assertEquals(ns.owner, addedNs.getResponsible());
246 assertEquals(ns.description, addedNs.getDescription());
247 assertTrue(addedNs.getAttrib().isEmpty());
251 public void nss_shouldConvertNamespaceToNss_withAttributes() {
253 Nss nss = mapper.newInstance(API.NSS);
254 Namespace ns = mapper.ns(transaction, createNsRequestForType("org.onap", null)).value;
255 ns.attrib = Lists.newArrayList();
257 Map<String, String> attribs = ImmutableMap.of("key1", "value1", "key2", "value2", "key3", "value3", "key4", "value4", "key5", "value5");
258 attribs.forEach((key,val) -> ns.attrib.add(new Pair<>(key,val)));
261 Result<Nss> result = mapper.nss(transaction, ns, nss);
264 assertTrue(result.isOK());
265 assertEquals("Only one Ns should be added",1, result.value.getNs().size());
266 Ns addedNs = Iterables.getOnlyElement(result.value.getNs());
267 assertEquals(attribNum, addedNs.getAttrib().size());
268 addedNs.getAttrib().forEach( attr -> {
269 assertEquals(attr.getValue(), attribs.get(attr.getKey()));
274 public void nss_shouldAddSeveralNamespacesToNss() {
276 Nss nss = mapper.newInstance(API.NSS);
277 Namespace ns1 = mapper.ns(transaction, createNsRequestForType("org.onap", "COMPANY")).value;
278 Namespace ns2 = mapper.ns(transaction, createNsRequestForType("org.onap.prh", "APP")).value;
281 Result<Nss> result = mapper.nss(transaction, Lists.newArrayList(ns1,ns2), nss);
284 assertTrue(result.isOK());
285 assertEquals("Two namespaces should be added",2, result.value.getNs().size());
289 public void perm_shouldNotAddPerms_whenFilterIsSet_andUserIsNotAuthorized() {
291 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
292 .willReturn(Result.err(9, "error"));
293 Perms permsContainer = mapper.newInstance(API.PERMS);
294 List<PermDAO.Data> permsData = Lists.newArrayList(new PermDAO.Data());
295 boolean filter = true;
298 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
301 assertTrue(result.isOK());
302 assertEquals("No perms added",0,result.value.getPerm().size());
306 public void perm_shouldAddPerm_withNamespaceSet_whenUserIsAuthorized_AndNamespaceIsRequestedType() {
308 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
309 .willReturn(Result.ok(new NsDAO.Data()));
310 given(transaction.requested(REQD_TYPE.ns)).willReturn(true);
311 Perms permsContainer = mapper.newInstance(API.PERMS);
312 Set<String> roles = Sets.newHashSet("org.onap.portal.owner","org.onap.portal.designer"
313 ,"org.onap.portal.tester");
314 String namespace = "org.onap.portal";
315 String type = "access";
316 String fullType = namespace + "." +type;
317 String action = "read";
318 String description = "Portal Read Access";
319 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, roles, description));
320 boolean filter = true;
323 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
326 assertTrue(result.isOK());
327 assertEquals("Perm is added",1,result.value.getPerm().size());
328 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
329 assertEquals(namespace, perm.getNs());
330 assertEquals(fullType, perm.getType());
331 assertEquals(action, perm.getAction());
332 assertEquals("*", perm.getInstance());
333 assertEquals(description, perm.getDescription());
334 assertEquals(Lists.newArrayList(roles), perm.getRoles());
338 public void perm_shouldAddPerm_withoutNamespaceSet_whenUserIsAuthorized_AndNamespaceIsNotRequestedType() {
340 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
341 .willReturn(Result.ok(new NsDAO.Data()));
342 given(transaction.requested(REQD_TYPE.ns)).willReturn(false);
343 Perms permsContainer = mapper.newInstance(API.PERMS);
344 String namespace = "org.onap.portal";
345 String type = "access";
346 String fullType = namespace + "." + type;
347 String action = "read";
348 List<PermDAO.Data> permsData = Lists.newArrayList(createPermDAOobj(namespace, type, "*",action, null, null));
349 boolean filter = true;
352 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, filter);
355 assertTrue(result.isOK());
356 assertEquals("Perm is added",1,result.value.getPerm().size());
357 Perm perm = Iterables.getOnlyElement(result.value.getPerm());
358 assertNull(perm.getNs());
359 assertEquals(fullType, perm.getType());
360 assertEquals(action, perm.getAction());
364 public void perm_shouldAddPermsWithCorrectSortedOrder() {
366 given(question.mayUser(eq(transaction), eq(USER), any(PermDAO.Data.class), eq(Access.read)))
367 .willReturn(Result.ok(new NsDAO.Data()));
368 Perms permsContainer = mapper.newInstance(API.PERMS);
369 PermDAO.Data perm1 = createPermDAOobj("org.onap.portal", "access", "*", "read", null, null);
370 PermDAO.Data perm2 = createPermDAOobj("org.onap.portal", "access", "*", "write", null, null);
371 PermDAO.Data perm3 = createPermDAOobj("org.onap.portal", "design", "*", "new", null, null);
372 PermDAO.Data perm4 = createPermDAOobj("org.onap.portal", "workflow", "1", "edit", null, null);
373 PermDAO.Data perm5 = createPermDAOobj("org.onap.portal", "workflow", "2", "edit", null, null);
374 List<PermDAO.Data> permsData = Lists.newArrayList(perm4, perm1, perm5, perm3, perm2);
375 List<PermDAO.Data> correctOrderPerms = Lists.newArrayList(perm1, perm2, perm3, perm4, perm5);
378 Result<Perms> result = mapper.perms(transaction, permsData, permsContainer, true);
381 assertTrue(result.isOK());
382 assertEquals("Alls Perms added",5,result.value.getPerm().size());
383 List<Perm> mappedPerms = result.value.getPerm();
384 for (int i=0; i<5; i++) {
385 comparePerm(correctOrderPerms.get(i), mappedPerms.get(i));
389 private void comparePerm(Data data, Perm perm) {
390 assertEquals(data.ns + "." + data.type, perm.getType());
391 assertEquals(data.instance, perm.getInstance());
392 assertEquals(data.action, perm.getAction());
395 private PermDAO.Data createPermDAOobj(String ns, String name, String instance, String action, Set<String> roles, String description) {
396 NsSplit nss = new NsSplit(ns, name);
397 PermDAO.Data perm = new PermDAO.Data(nss, instance, action);
399 perm.description = description;
404 public void role_shouldReturnErrorResult_whenNssIsNok() throws Exception {
406 String roleName = "admin";
407 RoleRequest request = createRoleRequest(roleName, "role description");
408 given(question.deriveNsSplit(transaction, roleName)).willReturn(Result.err(new IllegalArgumentException()));
411 Result<RoleDAO.Data> result = mapper.role(transaction, request);
414 assertFalse(result.isOK());
415 assertNull(result.value);
416 assertEquals(ERR_General, result.status);
420 public void role_shouldReturnMappedRoleObject_whenNssIsOk() throws Exception {
422 String roleName = "admin";
423 String roleNs = "org.onap.roles";
424 String roleFullName = roleNs + "." + roleName;
425 String description =" role description";
426 RoleRequest request = createRoleRequest(roleFullName, description);
427 given(question.deriveNsSplit(transaction, roleFullName)).willReturn(Result.ok(new NsSplit(roleNs, roleName)));
430 Result<RoleDAO.Data> result = mapper.role(transaction, request);
433 assertTrue(result.isOK());
434 assertEquals(roleName, result.value.name);
435 assertEquals(roleNs, result.value.ns);
436 assertEquals(description, result.value.description);
437 verify(transaction).checkpoint(roleFullName, Env.ALWAYS);
440 private RoleRequest createRoleRequest(String name, String description) {
441 RoleRequest req = mapper.newInstance(API.ROLE_REQ);
443 req.setDescription(description);
448 public void roles_shouldNotAddAnyRoles_whenFilterFlagIsNotSet() {
450 Roles initialRoles = new Roles();
451 RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
454 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, false);
457 assertTrue(result.isOK());
458 assertEquals(initialRoles.getRole(), result.value.getRole());
462 public void roles_shouldNotAddAnyRoles_whenFilterFlagIsSet_andUserIsNotAuthorizedToReadRole() {
464 Roles initialRoles = new Roles();
465 RoleDAO.Data role = createRoleDAOobj("org.onap.app1", "org.onap.app1.admin", "description");
466 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
467 .willReturn(Result.err(9, "error"));
470 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), initialRoles, true);
473 assertTrue(result.isOK());
474 assertEquals(initialRoles.getRole(), result.value.getRole());
478 public void roles_shouldAddRolesWithoutNamespace_whenNsNotRequested_andFilterFlagSet_andUserIsAuthorized() {
479 test_roles_shouldAddRoles(false);
483 public void roles_shouldAddRolesWithNamespace_whenNsRequested_andFilterFlagSet_andUserIsAuthorized() {
484 test_roles_shouldAddRoles(true);
487 private void test_roles_shouldAddRoles(boolean namespaceRequested) {
489 String namespace = "org.onap.app1";
490 String description = "role description";
491 Set<String> roleNames = Sets.newHashSet(namespace+".admin", namespace+".deployer");
492 List<RoleDAO.Data> daoRoles = roleNames.stream().map( name -> createRoleDAOobj(namespace, name, description))
493 .collect(Collectors.toList());
494 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
495 .willReturn(Result.ok(new NsDAO.Data()));
496 given(transaction.requested(REQD_TYPE.ns)).willReturn(namespaceRequested);
499 Result<Roles> result = mapper.roles(transaction, daoRoles, new Roles(), true);
502 assertTrue(result.isOK());
503 assertEquals(2, result.value.getRole().size());
504 result.value.getRole().stream().forEach( role -> {
505 assertTrue(role.getPerms().isEmpty());
506 if (namespaceRequested) {
507 assertEquals(namespace, role.getNs());
509 assertNull(role.getNs());
511 assertTrue(roleNames.contains(role.getName()));
512 assertEquals(description, role.getDescription());
517 public void roles_shouldReturnErrorResult_whenAnyPermHasInvalidFormat() {
519 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
520 .willReturn(Result.ok(new NsDAO.Data()));
521 RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
522 role.perms = Sets.newHashSet("invalidPermFormat");
525 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
528 assertFalse(result.isOK());
529 assertEquals(ERR_BadData, result.status);
533 public void roles_shouldAddPerms_whenAllPermsProperlyDefined_andUserCanViewIt() {
535 given(question.mayUser(eq(transaction), eq(USER), any(RoleDAO.Data.class), eq(Access.read)))
536 .willReturn(Result.ok(new NsDAO.Data()));
537 given(question.deriveNsSplit(transaction, "org.onap.app")).willReturn(Result.ok(mock(NsSplit.class)));
538 RoleDAO.Data role = createRoleDAOobj("org.onap.app", "org.onap.app.admin", "description");
539 role.perms = Sets.newHashSet("org.onap.app|access|*|read,approve");
542 Result<Roles> result = mapper.roles(transaction, Lists.newArrayList(role), new Roles(), true);
545 assertTrue(result.isOK());
546 Role mappedRole = Iterables.getOnlyElement(result.value.getRole());
547 Pkey pKey = Iterables.getOnlyElement(mappedRole.getPerms());
548 assertEquals("org.onap.app.access", pKey.getType());
549 assertEquals("*", pKey.getInstance());
550 assertEquals("read,approve", pKey.getAction());
553 private RoleDAO.Data createRoleDAOobj(String namespace, String rolename, String desc) {
554 NsDAO.Data ns = new NsDAO.Data();
556 RoleDAO.Data role = RoleDAO.Data.create(ns, rolename);
557 role.description = desc;
562 public void userRoles_shouldMapUserRolesFromDAO() {
564 String user = "john@people.osaaf.org";
565 String role = "admin";
566 String namespace = "org.osaaf.aaf";
570 Date expiration = new Calendar.Builder().setDate(year,month-1, day).build().getTime(); //month is 0-based
571 UserRoles targetRoles = new UserRoles();
574 Result<UserRoles> result = mapper.userRoles(transaction, Lists.newArrayList(
575 createUserRoleDAOobj(user, expiration, namespace, role)), targetRoles);
578 assertTrue(result.isOK());
579 UserRole targetRole = Iterables.getOnlyElement(result.value.getUserRole());
580 assertEquals(user, targetRole.getUser());
581 assertEquals(role, targetRole.getRole());
582 assertEquals(year, targetRole.getExpires().getYear());
583 assertEquals(month, targetRole.getExpires().getMonth());
584 assertEquals(day, targetRole.getExpires().getDay());
588 public void userRole_shouldReturnErrorResult_whenAnyExceptionOccurs() {
590 PermRequest wrongRequestType = new PermRequest();
593 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, wrongRequestType);
596 assertFalse(result.isOK());
597 assertEquals(ERR_BadData, result.status);
598 verifyZeroInteractions(transaction);
602 public void userRole_shouldReturnEmptyRoleDAOobj_whenRequestIsEmpty() {
604 UserRoleRequest request = new UserRoleRequest();
605 given(question.deriveNsSplit(any(), any())).willReturn(Result.err(new IllegalArgumentException()));
606 Organization org = mock(Organization.class);
607 given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
608 given(transaction.org()).willReturn(org);
611 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, request);
614 assertTrue(result.isOK());
615 assertNull(result.value.ns);
616 assertNull(result.value.rname);
617 assertNull(result.value.role);
618 assertNull(result.value.user);
619 assertNotNull(result.value.expires);
623 public void userRole_shouldReturnMappedRoleDAOobj_whenRequestIsFilled() {
625 String user = "johny@people.osaaf.org";
626 String role = "org.onap.app1.deployer";
627 String rName = "deployer";
628 String namespace = "org.onap.app1";
630 given(question.deriveNsSplit(transaction, role)).willReturn(Result.ok(new NsSplit(namespace, rName)));
631 Organization org = mock(Organization.class);
632 given(org.expiration(any(), eq(Expiration.UserInRole), any())).willReturn(new GregorianCalendar());
633 given(transaction.org()).willReturn(org);
636 Result<UserRoleDAO.Data> result = mapper.userRole(transaction, createUserRoleRequest(role, user));
639 assertTrue(result.isOK());
640 assertEquals(user, result.value.user);
641 assertEquals(role, result.value.role);
642 assertEquals(rName, result.value.rname);
643 assertEquals(namespace, result.value.ns);
644 assertNotNull(result.value.expires);
647 private UserRoleRequest createUserRoleRequest(String role, String user) {
648 UserRoleRequest request = new UserRoleRequest();
649 request.setRole(role);
650 request.setUser(user);
654 private UserRoleDAO.Data createUserRoleDAOobj(String userName, Date expires, String namespace, String roleName) {
655 UserRoleDAO.Data userRole = new UserRoleDAO.Data();
656 userRole.user = userName;
657 userRole.expires = expires;
658 userRole.ns = namespace;
659 userRole.role = roleName;
664 public void cred_shouldReturnError_whenGivenPasswordDoesNotFulfillPolicy() {
666 String id = "aaf@aaf.osaaf.org";
667 String strp = "invalid";
668 given(org.isValidPassword(transaction, id, strp)).willReturn("Password does not match org.osaaf Password Standards");
671 Result<CredDAO.Data> result = mapper.cred(transaction, createCredRequest(id, strp), true);
674 assertFalse(result.isOK());
675 assertEquals(ERR_BadData, result.status);
679 public void cred_shouldNotCheckPassword_andSetProperType_whenPasswordNotRequired() {
681 String id = "aaf@aaf.osaaf.org";
682 GregorianCalendar expiration = new GregorianCalendar();
683 given(org.expiration(isA(GregorianCalendar.class), eq(Expiration.Password), eq(id))).willReturn(expiration);
686 Result<CredDAO.Data> result = mapper.cred(transaction, createCredRequest(id, null), false);
689 assertTrue(result.isOK());
690 verify(org, never()).isValidPassword(eq(transaction), eq(id), any());
691 assertEquals(Integer.valueOf(0), result.value.type);
692 assertNotNull(result.value.expires);
696 public void cred_shouldSetProperValues_whenPasswordRequired() {
698 String ns = "org.osaaf.aaf";
699 String id = "aaf@aaf.osaaf.org";
700 String strp = "SomeValidPassword123!";
701 GregorianCalendar expiration = new GregorianCalendar();
702 given(org.expiration(isA(GregorianCalendar.class), eq(Expiration.Password), eq(id))).willReturn(expiration);
703 given(org.isValidPassword(transaction, id, strp)).willReturn("");
706 Result<CredDAO.Data> result = mapper.cred(transaction, createCredRequest(id, strp), true);
709 assertTrue(result.isOK());
710 assertNotNull(result.value.cred);
711 assertEquals(id, result.value.id);
712 assertEquals(ns, result.value.ns);
713 assertEquals(Integer.valueOf(CredDAO.RAW), result.value.type);
714 assertNotNull(result.value.expires);
717 private CredRequest createCredRequest(String id, String password) {
718 CredRequest credRequest = new CredRequest();
719 credRequest.setId(id);
720 credRequest.setPassword(password);
725 public void cred_shouldConvertCredDAOtoUser_andAddItToInitialObject() {
727 String id = "aaf@aaf.osaaf.org";
729 Date expiration = Calendar.getInstance().getTime();
730 Users to = new Users();
733 Result<Users> result = mapper.cred(Lists.newArrayList(createCredData(id, type, expiration)), to);
736 assertTrue(result.isOK());
737 User user = Iterables.getOnlyElement(result.value.getUser());
738 assertEquals(id, user.getId());
739 assertNotNull(user.getExpires());
740 assertEquals(type, user.getType());
744 public void cred_shouldLeaveInitialUsers_whenAddingConvertedObject() {
746 String id = "aaf@aaf.osaaf.org";
748 Date expiration = Calendar.getInstance().getTime();
749 Users to = new Users();
750 to.getUser().add(new User());
751 assertEquals(1, to.getUser().size());
754 Result<Users> result = mapper.cred(Lists.newArrayList(createCredData(id, type, expiration)), to);
757 assertTrue(result.isOK());
758 assertEquals(2,result.value.getUser().size());
761 private CredDAO.Data createCredData(String id, int type, Date expires) {
762 CredDAO.Data credDao = new CredDAO.Data();
765 credDao.expires = expires;
770 public void cert_shouldConvertCertDAOtoUser_andAddItToInitialObject() {
772 String x500 = provideTestCertificate();
773 String id = "aaf@aaf.osaaf.org";
774 BigInteger serial = new BigInteger("123456789987654321123456789987654321");
775 Certs to = new Certs();
778 Result<Certs> result = mapper.cert(Lists.newArrayList(createCertData(id, x500, serial)), to);
781 assertTrue(result.isOK());
782 Cert cert = Iterables.getOnlyElement(result.value.getCert());
783 assertEquals(id, cert.getId());
784 assertEquals(x500, cert.getX500());
785 assertNotNull(cert.getFingerprint());
789 public void cert_shouldLeaveInitialCerts_whenAddingConvertedObject() {
791 Certs to = new Certs();
792 Cert initial = new Cert();
793 to.getCert().add(initial);
794 CertDAO.Data certDao = new CertDAO.Data();
795 certDao.serial = new BigInteger("123456789");
796 assertEquals(1, to.getCert().size());
799 Result<Certs> result = mapper.cert(Lists.newArrayList(certDao), to);
802 assertTrue(result.isOK());
803 assertEquals(2,result.value.getCert().size());
804 assertTrue(result.value.getCert().contains(initial));
807 private CertDAO.Data createCertData(String id, String x500, BigInteger serial) {
808 CertDAO.Data certDao = new CertDAO.Data();
811 certDao.serial= serial;
815 private String provideTestCertificate() {
816 StringBuilder sb = new StringBuilder("-----BEGIN CERTIFICATE-----\n");
817 return sb.append("MIIEdTCCAl2gAwIBAgIBBTANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB\n")
818 .append("RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNzAyMTEyNjMwWhcN\n")
819 .append("MjMwNzAyMTEyNjMwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG\n")
820 .append("A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzcwggEiMA0GCSqG\n")
821 .append("SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQAcZtvJ5j4wqaZHqU/NkG0CjflDRD3x9Y\n")
822 .append("4a+C63dxuTyWZ6EtQanoM9l6vwb6Gj4SOHeBfOaQbxwiJfX3WP9+SWV/Rciei0EY\n")
823 .append("w9C0ZOsDA8VVA5S4TK4OLXCLDSeTeMN8wrlydnwG5u/14m22yNTNxPX90bijc6WH\n")
824 .append("zo7+z+3WarveN0CBYcDQkKkyR8rKafkCWlq+GzqLYQh0K4atnuyIZQ7kr9Od48vT\n")
825 .append("KyVJzkyMS6HeH++3Ty0JmPREgzOUjUAoYvR2kI02LedFndr5ZdiBQGAXnLQsVuG6\n")
826 .append("mJHfsRjQ+zTZ2Q5Xs++Bc/clSNlWz7Kqqcxto2bp8YOWC3RaXzfNAgMBAAGjgYYw\n")
827 .append("gYMwHQYDVR0OBBYEFA8QFOfTZ/fEqwtuM4hlNYpwk0OTMB8GA1UdIwQYMBaAFFNV\n")
828 .append("M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/\n")
829 .append("BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B\n")
830 .append("AQsFAAOCAgEAsUvLinLLby1D+F+UKv/7jCqqrUYxlpNsdBm1dD8M3mIIpsjoTrlU\n")
831 .append("2yywL9EPp4BhCN7rI0YbPX+DWu2RnxtbsEKdhutEvbTE2Sfg6a1+9dH7txdaGp3F\n")
832 .append("qapojPqdZ7pjgtIhHVgepGJc08efsxSW6+Gv5easQXhn7XyaZf1MfZUobAPnEcaY\n")
833 .append("p5cOee2gjMy6usB8AiKzVXrmGn6MAQQ9w6u8XKnvIoivQW3PLlKTMbLFVB7B4YH8\n")
834 .append("90HQJnhnLJ9T5U+Gy1Mb5GpVKnI0ZIKURA9b/x8bVFixT83xugstbeVdxgS97Fcz\n")
835 .append("9wOjG6d6YhrwnE/kz8aiXWs8KsTsrgk//kv3AqL4ykpvn545WJUj7EhuAK+Kmh1B\n")
836 .append("LCC0wyny2RBZYVP92AMdLqgU7HEng2ZWsCGdf/QLKpXsawsR/0oM2uAT2KeDiSy4\n")
837 .append("0WTfe3qirhJ9AKtfkj1NukymIcpx9Ld1kb3rapfT63LJ5kGkQpztuYoEa1FCsQwU\n")
838 .append("z/UeknC00mqnH5X4ooGRMMkRyPp68+iWmTNlUaVfU2NUNwZiIsD9CbytR5y9rt2r\n")
839 .append("XJM2BkKy5QEEvmr4GGfbGAYYOfdVpUXB/VBUYNf5uwENqhQB6q7OmiU39Vb/37Zf\n")
840 .append("EWK8mju11Om2l1a4xYw6HH/SPIqqIDtS28XccDTMMiOVoR2HUAZMNdw=\n")
841 .append("-----END CERTIFICATE-----").toString();
845 public void history_shouldConvertHistoryDAOdataToHistory() {
847 UUID uuid = UUID.fromString("c81d4e2e-bcf2-11e6-869b-7df92533d2db");
849 String subject = "cred";
850 String action = "remove";
851 String target = "john";
854 HistoryDAO.Data input = createHistoryData(uuid, user, subject, action, target, memo, yr_mon);
857 Result<History> result = mapper.history(transaction, Lists.newArrayList(input), 0);
860 assertTrue(result.isOK());
861 Item historyItem = Iterables.getOnlyElement(result.value.getItem());
862 assertEquals(user, historyItem.getUser());
863 assertEquals(subject, historyItem.getSubject());
864 assertEquals(action, historyItem.getAction());
865 assertEquals(target, historyItem.getTarget());
866 assertEquals(memo, historyItem.getMemo());
867 assertEquals(Integer.toString(yr_mon), historyItem.getYYYYMM());
868 assertNotNull(historyItem.getTimestamp());
872 public void history_shouldReturnUnsortedData_whenNoSortingRequired() {
875 UUID firstUuid = UUID.fromString("c81d4e2e-bcf2-11e6-869b-7df92533d2db");
876 UUID secondUuid = UUID.fromString("c81eadbf-bcf2-11e6-869b-7df92533d2db");
877 String firstUser = "first";
878 String secondUser = "second";
879 HistoryDAO.Data firstItem = createMinimalHistoryData(firstUuid, firstUser);
880 HistoryDAO.Data secondItem = createMinimalHistoryData(secondUuid, secondUser);
883 Result<History> result = mapper.history(transaction, Lists.newArrayList(secondItem, firstItem), noSorting);
886 assertTrue(result.isOK());
887 List<Item> historyItems = result.value.getItem();
888 assertEquals(2, historyItems.size());
889 assertEquals(secondUser, historyItems.get(0).getUser());
890 assertEquals(firstUser, historyItems.get(1).getUser());
894 public void history_shouldReturnSortedData_whenSortingIsRequired() {
897 UUID firstUuid = UUID.fromString("c81d4e2e-bcf2-11e6-869b-7df92533d2db");
898 UUID secondUuid = UUID.fromString("c81eadbf-bcf2-11e6-869b-7df92533d2db");
899 String firstUser = "first";
900 String secondUser = "second";
901 HistoryDAO.Data firstItem = createMinimalHistoryData(firstUuid, firstUser);
902 HistoryDAO.Data secondItem = createMinimalHistoryData(secondUuid, secondUser);
905 Result<History> result = mapper.history(transaction, Lists.newArrayList(secondItem, firstItem), withSorting);
908 assertTrue(result.isOK());
909 List<Item> historyItems = result.value.getItem();
910 assertEquals(2, historyItems.size());
911 assertEquals(firstUser, historyItems.get(0).getUser());
912 assertEquals(secondUser, historyItems.get(1).getUser());
915 private HistoryDAO.Data createHistoryData(UUID id, String user, String subject, String action, String target,
916 String memo, int yr_mon) {
917 HistoryDAO.Data historyDao = createMinimalHistoryData(id, user);
918 historyDao.subject = subject;
919 historyDao.action = action;
920 historyDao.target = target;
921 historyDao.memo = memo;
922 historyDao.yr_mon = yr_mon;
926 private HistoryDAO.Data createMinimalHistoryData(UUID uuid, String user) {
927 HistoryDAO.Data historyDao = new HistoryDAO.Data();
928 historyDao.id = uuid;
929 historyDao.user = user;
934 //Why so? Is there any particular reason for removing guava dependency from the code, and even from the tests?
936 * Need to do without Google stuff
937 * @author Instrumental
940 public static class ImmutableMap {
941 @SuppressWarnings("unchecked")
942 public static <T,U> Map<T,U> of(Object ... tag_value) {
943 Map<T,U> rv = new HashMap<>();
944 for(int i=0;i<tag_value.length-1;i+=2) {
945 rv.put((T)tag_value[i],(U)tag_value[i+1]);
953 * Need to do without Google stuff
954 * @author Instrumental
957 public static class Iterables {
958 public static <T> T getOnlyElement(List<T> lt) {
968 * Need to do without Google stuff
969 * @author Instrumental
972 public static class Lists {
974 public static <T> List<T> newArrayList(Collection<T> ... init ) {
975 List<T> rv = new ArrayList<>();
976 for(Collection<T> o : init) {
984 @SuppressWarnings("unchecked")
985 public static <T> List<T> newArrayList(Object ... init ) {
986 List<T> rv = new ArrayList<>();
987 for(Object o : init) {
996 * Need to do without Google stuff
997 * @author Instrumental
1000 public static class Sets {
1001 @SuppressWarnings("unchecked")
1002 public static <T> Set<T> newHashSet(Object ... init ) {
1003 Set<T> rv = new HashSet<>();
1004 for(Object o : init) {
Code Review / aaf / authz.git / blob