cadi/core/src/test/java/org/onap/aaf/cadi/lur/test/JU_LocalLur.java

   1 /*******************************************************************************
   2  * ============LICENSE_START====================================================
   3  * * org.onap.aaf
   4  * * ===========================================================================
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
   6  * * ===========================================================================
   7  * * Licensed under the Apache License, Version 2.0 (the "License");
   8  * * you may not use this file except in compliance with the License.
   9  * * You may obtain a copy of the License at
  10  * *
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0
  12  * *
  13  *  * Unless required by applicable law or agreed to in writing, software
  14  * * distributed under the License is distributed on an "AS IS" BASIS,
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * * See the License for the specific language governing permissions and
  17  * * limitations under the License.
  18  * * ============LICENSE_END====================================================
  19  * *
  20  * *
  21  ******************************************************************************/
  22
  23 package org.onap.aaf.cadi.lur.test;
  24
  25 import static org.hamcrest.CoreMatchers.is;
  26 import static org.junit.Assert.assertThat;
  27 import static org.mockito.Mockito.when;
  28
  29 import java.io.ByteArrayOutputStream;
  30 import java.io.IOException;
  31 import java.io.PrintStream;
  32 import java.security.Principal;
  33 import java.util.ArrayList;
  34 import java.util.List;
  35
  36 import org.junit.Before;
  37 import org.junit.Test;
  38 import org.mockito.Mock;
  39 import org.mockito.MockitoAnnotations;
  40 import org.onap.aaf.cadi.AbsUserCache;
  41 import org.onap.aaf.cadi.CredVal.Type;
  42 import org.onap.aaf.cadi.Permission;
  43 import org.onap.aaf.cadi.PropAccess;
  44 import org.onap.aaf.cadi.lur.ConfigPrincipal;
  45 import org.onap.aaf.cadi.lur.LocalLur;
  46 import org.onap.aaf.cadi.lur.LocalPermission;
  47
  48 public class JU_LocalLur {
  49
  50     private PropAccess access;
  51     private ByteArrayOutputStream outStream;
  52
  53     @Mock Permission permMock;
  54
  55     @Before
  56     public void setup() throws IOException {
  57         MockitoAnnotations.initMocks(this);
  58
  59         outStream = new ByteArrayOutputStream();
  60         access = new PropAccess(new PrintStream(outStream), new String[0]) {
  61             @Override public String decrypt(String encrypted, boolean anytext) throws IOException {
  62                 return rot13(encrypted);
  63             }
  64             @Override public String encrypt(String unencrypted) throws IOException {
  65                 return rot13(unencrypted);
  66             }
  67         };
  68
  69     }
  70
  71     @Test
  72     public void test() throws IOException {
  73         final String password = "<pass>";
  74         final String encrypted = rot13(password);
  75
  76         LocalLur lur;
  77         List<AbsUserCache<LocalPermission>.DumpInfo> info;
  78
  79         lur = new LocalLur(access, null, null);
  80         assertThat(lur.dumpInfo().size(), is(0));
  81
  82         lur = new LocalLur(access, "user1", null);
  83         info = lur.dumpInfo();
  84         assertThat(info.size(), is(1));
  85         assertThat(info.get(0).user, is("user1"));
  86
  87         lur.clearAll();
  88         assertThat(lur.dumpInfo().size(), is(0));
  89
  90         lur = new LocalLur(access, "user1%" + encrypted, null);
  91         info = lur.dumpInfo();
  92         assertThat(info.size(), is(1));
  93         assertThat(info.get(0).user, is("user1@none"));
  94
  95         lur.clearAll();
  96         assertThat(lur.dumpInfo().size(), is(0));
  97
  98         lur = new LocalLur(access, "user1@domain%" + encrypted, null);
  99         info = lur.dumpInfo();
 100         assertThat(info.size(), is(1));
 101         assertThat(info.get(0).user, is("user1@domain"));
 102
 103         lur = new LocalLur(access, "user1@domain%" + encrypted + ":groupA", null);
 104         info = lur.dumpInfo();
 105         assertThat(info.size(), is(1));
 106         assertThat(info.get(0).user, is("user1@domain"));
 107
 108         when(permMock.getKey()).thenReturn("groupA");
 109         assertThat(lur.handlesExclusively(permMock), is(true));
 110         when(permMock.getKey()).thenReturn("groupB");
 111         assertThat(lur.handlesExclusively(permMock), is(false));
 112
 113         assertThat(lur.fish(null, null), is(false));
 114
 115         Principal princ = new ConfigPrincipal("user1@localized", encrypted);
 116
 117         lur = new LocalLur(access, "user1@localized%" + password + ":groupA", null);
 118         assertThat(lur.fish(princ, lur.createPerm("groupA")), is(true));
 119         assertThat(lur.fish(princ, lur.createPerm("groupB")), is(false));
 120         assertThat(lur.fish(princ, permMock), is(false));
 121
 122         princ = new ConfigPrincipal("user1@domain", encrypted);
 123         assertThat(lur.fish(princ, lur.createPerm("groupB")), is(false));
 124
 125         princ = new ConfigPrincipal("user1@localized", "badpass");
 126         assertThat(lur.fish(princ, lur.createPerm("groupB")), is(false));
 127
 128         assertThat(lur.handles(null), is(false));
 129
 130         lur.fishAll(null,  null);
 131
 132         List<Permission> perms = new ArrayList<>();
 133         perms.add(lur.createPerm("groupB"));
 134         perms.add(lur.createPerm("groupA"));
 135         princ = new ConfigPrincipal("user1@localized", encrypted);
 136         lur.fishAll(princ, perms);
 137         princ = new ConfigPrincipal("user1@localized", "badpass");
 138         lur.fishAll(princ, perms);
 139
 140         assertThat(lur.validate(null, null, null, null), is(false));
 141         assertThat(lur.validate("user", null, "badpass".getBytes(), null), is(false));
 142         assertThat(lur.validate("user1@localized", null, encrypted.getBytes(), null), is(false));
 143
 144         lur = new LocalLur(access, "user1@localized%" + password + ":groupA", null);
 145         // Inconsistent on Jenkins only.
 146         //assertThat(lur.validate("user1@localized", Type.PASSWORD, encrypted.getBytes(), null), is(true));
 147
 148         lur = new LocalLur(access, null, "admin");
 149         lur = new LocalLur(access, null, "admin:user1");
 150         lur = new LocalLur(access, null, "admin:user1@localized");
 151         lur = new LocalLur(access, null, "admin:user1@localized,user2@localized%" + password + ";user:user1@localized");
 152     }
 153
 154     public static String rot13(String input) {
 155         StringBuilder sb = new StringBuilder();
 156         for (int i = 0; i < input.length(); i++) {
 157             char c = input.charAt(i);
 158             if (c >= 'a' && c <= 'm') {
 159                 c += 13;
 160             } else if (c >= 'A' && c <= 'M') {
 161                 c += 13;
 162             } else if (c >= 'n' && c <= 'z') {
 163                 c -= 13;
 164             } else if (c >= 'N' && c <= 'Z') {
 165                 c -= 13;
 166             }
 167             sb.append(c);
 168         }
 169         return sb.toString();
 170     }
 171
 172 }
 173