1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.authz.service.validation;
\r
25 import static org.junit.Assert.assertFalse;
\r
26 import static org.junit.Assert.assertTrue;
\r
28 import java.util.HashSet;
\r
29 import java.util.Set;
\r
31 import org.junit.Before;
\r
32 import org.junit.Test;
\r
33 import org.onap.aaf.authz.layer.Result;
\r
34 import org.onap.aaf.dao.aaf.cass.PermDAO;
\r
35 import org.onap.aaf.dao.aaf.cass.RoleDAO;
\r
37 public class JU_Validator {
\r
39 Validator validator;
\r
42 public void setUp() {
\r
43 validator = new Validator();
\r
47 public void test() {
\r
48 assertTrue(Validator.ACTION_CHARS.matcher("HowdyDoody").matches());
\r
49 assertFalse(Validator.ACTION_CHARS.matcher("Howd?yDoody").matches());
\r
50 assertTrue(Validator.ACTION_CHARS.matcher("_HowdyDoody").matches());
\r
51 assertTrue(Validator.INST_CHARS.matcher("HowdyDoody").matches());
\r
52 assertFalse(Validator.INST_CHARS.matcher("Howd?yDoody").matches());
\r
53 assertTrue(Validator.INST_CHARS.matcher("_HowdyDoody").matches());
\r
56 assertTrue(Validator.ACTION_CHARS.matcher("*").matches());
\r
57 assertTrue(Validator.INST_CHARS.matcher("*").matches());
\r
58 assertFalse(Validator.ACTION_CHARS.matcher(":*").matches());
\r
59 assertTrue(Validator.INST_CHARS.matcher(":*").matches());
\r
60 assertFalse(Validator.ACTION_CHARS.matcher(":*:*").matches());
\r
61 assertTrue(Validator.INST_CHARS.matcher(":*:*").matches());
\r
63 assertFalse(Validator.ACTION_CHARS.matcher(":hello").matches());
\r
64 assertTrue(Validator.INST_CHARS.matcher(":hello").matches());
\r
65 assertFalse(Validator.INST_CHARS.matcher("hello:").matches());
\r
66 assertFalse(Validator.INST_CHARS.matcher("hello:d").matches());
\r
68 assertFalse(Validator.ACTION_CHARS.matcher(":hello:*").matches());
\r
69 assertTrue(Validator.INST_CHARS.matcher(":hello:*").matches());
\r
70 assertFalse(Validator.ACTION_CHARS.matcher(":hello:d*:*").matches());
\r
71 assertFalse(Validator.INST_CHARS.matcher(":hello:d*d:*").matches());
\r
72 assertTrue(Validator.INST_CHARS.matcher(":hello:d*:*").matches());
\r
73 assertFalse(Validator.ACTION_CHARS.matcher("HowdyDoody*").matches());
\r
74 assertFalse(Validator.INST_CHARS.matcher("Howdy*Doody").matches());
\r
75 assertTrue(Validator.INST_CHARS.matcher("HowdyDoody*").matches());
\r
76 assertFalse(Validator.ACTION_CHARS.matcher("*HowdyDoody").matches());
\r
77 assertFalse(Validator.INST_CHARS.matcher("*HowdyDoody").matches());
\r
78 assertFalse(Validator.ACTION_CHARS.matcher(":h*").matches());
\r
79 assertFalse(Validator.INST_CHARS.matcher(":h*h*").matches());
\r
80 assertTrue(Validator.INST_CHARS.matcher(":h*").matches());
\r
81 assertFalse(Validator.ACTION_CHARS.matcher(":h:h*:*").matches());
\r
82 assertTrue(Validator.INST_CHARS.matcher(":h:h*:*").matches());
\r
83 assertFalse(Validator.INST_CHARS.matcher(":h:h*h:*").matches());
\r
84 assertFalse(Validator.INST_CHARS.matcher(":h:h*h*:*").matches());
\r
85 assertFalse(Validator.ACTION_CHARS.matcher(":h:*:*h").matches());
\r
86 assertFalse(Validator.INST_CHARS.matcher(":h:*:*h").matches());
\r
87 assertTrue(Validator.INST_CHARS.matcher(":com.test.*:ns:*").matches());
\r
89 assertFalse(Validator.ACTION_CHARS.matcher("1234+235gd").matches());
\r
90 assertTrue(Validator.ACTION_CHARS.matcher("1234-235gd").matches());
\r
91 assertTrue(Validator.ACTION_CHARS.matcher("1234-23_5gd").matches());
\r
92 assertTrue(Validator.ACTION_CHARS.matcher("1234-235g,d").matches());
\r
93 assertTrue(Validator.ACTION_CHARS.matcher("1234-235gd(Version12)").matches());
\r
94 assertFalse(Validator.ACTION_CHARS.matcher("123#4-23@5g:d").matches());
\r
95 assertFalse(Validator.ACTION_CHARS.matcher("123#4-23@5g:d").matches());
\r
96 assertFalse(Validator.ACTION_CHARS.matcher("1234-23 5gd").matches());
\r
97 assertFalse(Validator.ACTION_CHARS.matcher("1234-235gd ").matches());
\r
98 assertFalse(Validator.ACTION_CHARS.matcher(" 1234-235gd").matches());
\r
99 assertFalse(Validator.ACTION_CHARS.matcher("").matches());
\r
100 assertFalse(Validator.ACTION_CHARS.matcher(" ").matches());
\r
102 // Allow % and = (Needed for Escaping & Base64 usages) jg
\r
103 assertTrue(Validator.ACTION_CHARS.matcher("1234%235g=d").matches());
\r
104 assertFalse(Validator.ACTION_CHARS.matcher(":1234%235g=d").matches());
\r
105 assertTrue(Validator.INST_CHARS.matcher("1234%235g=d").matches());
\r
106 assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d").matches());
\r
107 assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:%20==").matches());
\r
108 assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:==%20:=%23").matches());
\r
109 assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:*:=%23").matches());
\r
110 assertTrue(Validator.INST_CHARS.matcher(":1234%235g=d:==%20:*").matches());
\r
111 assertTrue(Validator.INST_CHARS.matcher(":*:==%20:*").matches());
\r
113 // Allow / instead of : (more natural instance expression) jg
\r
114 assertFalse(Validator.INST_CHARS.matcher("1234/a").matches());
\r
115 assertTrue(Validator.INST_CHARS.matcher("/1234/a").matches());
\r
116 assertTrue(Validator.INST_CHARS.matcher("/1234/*/a/").matches());
\r
117 assertTrue(Validator.INST_CHARS.matcher("/1234//a").matches());
\r
118 assertFalse(Validator.ACTION_CHARS.matcher("1234/a").matches());
\r
119 assertFalse(Validator.ACTION_CHARS.matcher("/1234/*/a/").matches());
\r
120 assertFalse(Validator.ACTION_CHARS.matcher("1234//a").matches());
\r
122 assertFalse(Validator.INST_CHARS.matcher("1234+235gd").matches());
\r
123 assertTrue(Validator.INST_CHARS.matcher("1234-235gd").matches());
\r
124 assertTrue(Validator.INST_CHARS.matcher("1234-23_5gd").matches());
\r
125 assertTrue(Validator.INST_CHARS.matcher("1234-235g,d").matches());
\r
126 assertTrue(Validator.INST_CHARS.matcher("m1234@shb.dd.com").matches());
\r
127 assertTrue(Validator.INST_CHARS.matcher("1234-235gd(Version12)").matches());
\r
128 assertFalse(Validator.INST_CHARS.matcher("123#4-23@5g:d").matches());
\r
129 assertFalse(Validator.INST_CHARS.matcher("123#4-23@5g:d").matches());
\r
130 assertFalse(Validator.INST_CHARS.matcher("").matches());
\r
132 for (char c = 0x20; c < 0x7F; ++c) {
\r
138 continue; // test separately
\r
148 assertFalse(Validator.ID_CHARS.matcher("abc").matches());
\r
149 assertFalse(Validator.ID_CHARS.matcher("").matches());
\r
150 assertTrue(Validator.ID_CHARS.matcher("abc@att.com").matches());
\r
151 assertTrue(Validator.ID_CHARS.matcher("ab-me@att.com").matches());
\r
152 assertTrue(Validator.ID_CHARS.matcher("ab-me_.x@att._-com").matches());
\r
154 assertFalse(Validator.NAME_CHARS.matcher("ab-me_.x@att._-com").matches());
\r
155 assertTrue(Validator.NAME_CHARS.matcher("ab-me").matches());
\r
156 assertTrue(Validator.NAME_CHARS.matcher("ab-me_.xatt._-com").matches());
\r
159 assertTrue(Validator.INST_CHARS.matcher("/!com.att.*/role/write").matches());
\r
160 assertTrue(Validator.INST_CHARS.matcher(":!com.att.*:role:write").matches());
\r
165 public void permNotOk() {
\r
167 Result<PermDAO.Data> rpd = Result.err(1, "ERR_Security");
\r
169 validator.perm(rpd);
\r
170 assertTrue(validator.errs().equals("ERR_Security\n"));
\r
175 public void permOkNull() {
\r
177 Result rpd = Result.ok();
\r
179 validator.perm(rpd);
\r
180 assertTrue(validator.errs().equals("Perm Data is null.\n"));
\r
185 public void roleOkNull() {
\r
187 Result rrd = Result.ok();
\r
189 validator.role(rrd);
\r
190 assertTrue(validator.errs().equals("Role Data is null.\n"));
\r
194 public void roleOk() {
\r
195 RoleDAO.Data to = new RoleDAO.Data();
\r
196 to.ns = "namespace";
\r
198 to.description = "description";
\r
199 Set<String> permissions = new HashSet<String>();
\r
200 permissions.add("perm1");
\r
201 to.perms = permissions;
\r
203 Result<RoleDAO.Data> rrd = Result.ok(to);
\r
205 validator.role(rrd);
\r
207 validator.errs().equals("Perm [perm1] in Role [namespace.name] is not correctly separated with '|'\n"));
\r
211 public void roleNotOk() {
\r
213 Result rrd = Result.err(1, "ERR_Security");
\r
215 validator.role(rrd);
\r
216 assertTrue(validator.errs().equals("ERR_Security\n"));
\r