1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
23 package org.onap.aaf.cadi.taf.dos.test;
25 import static org.junit.Assert.*;
26 import static org.hamcrest.CoreMatchers.*;
27 import static org.mockito.Mockito.*;
31 import java.io.BufferedReader;
33 import java.io.FileReader;
34 import java.io.IOException;
35 import java.lang.reflect.Field;
36 import java.util.List;
38 import javax.servlet.http.HttpServletRequest;
39 import javax.servlet.http.HttpServletResponse;
41 import org.onap.aaf.cadi.Access;
42 import org.onap.aaf.cadi.CachedPrincipal.Resp;
43 import org.onap.aaf.cadi.CadiException;
44 import org.onap.aaf.cadi.config.Config;
45 import org.onap.aaf.cadi.taf.TafResp;
46 import org.onap.aaf.cadi.Taf.LifeForm;
47 import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;
48 import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf.Counter;
50 public class JU_DenialOfServiceTaf {
53 HttpServletResponse respMock;
56 HttpServletRequest reqMock1;
59 HttpServletRequest reqMock2;
62 HttpServletRequest reqMock3;
67 private File dosIPFile;
68 private File dosIDFile;
70 private final String dosDirName = "test";
72 private final String id1 = "id1";
73 private final String id2 = "id2";
75 private final String ip1 = "111.111.111.111";
76 private final String ip2 = "222.222.222.222";
79 public void setup() throws IOException {
80 MockitoAnnotations.initMocks(this);
82 dosDir = new File(dosDirName);
84 dosIPFile = new File(dosDirName, "/dosIP");
85 dosIDFile = new File(dosDirName, "/dosID");
89 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(dosDirName);
90 when(reqMock1.getRemoteAddr()).thenReturn(ip1);
91 when(reqMock2.getRemoteAddr()).thenReturn(ip2);
93 setPrivateField(DenialOfServiceTaf.class, "deniedIP", null);
94 setPrivateField(DenialOfServiceTaf.class, "deniedID", null);
95 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
96 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
100 public void tearDown() {
101 dosIPFile = new File(dosDirName, "/dosIP");
102 dosIDFile = new File(dosDirName, "/dosID");
108 public void constructorTest() throws CadiException {
109 @SuppressWarnings("unused")
110 DenialOfServiceTaf dost;
113 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(null);
114 dost = new DenialOfServiceTaf(accessMock);
116 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(dosDirName);
117 dost = new DenialOfServiceTaf(accessMock);
120 dost = new DenialOfServiceTaf(accessMock);
123 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
124 dost = new DenialOfServiceTaf(accessMock);
128 public void validateTest() throws CadiException {
129 DenialOfServiceTaf dost;
132 dost = new DenialOfServiceTaf(accessMock);
133 tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
135 assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
136 assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
138 assertThat(DenialOfServiceTaf.denyIP(ip1), is(true));
140 tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
141 assertThat(tafResp.desc(), is(ip1 + " is on the IP Denial list"));
143 tafResp = dost.validate(LifeForm.SBLF, reqMock2, respMock);
144 assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
145 assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
149 public void revalidateTest() throws CadiException {
150 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
151 Resp resp = dost.revalidate(null, null);
152 assertThat(resp, is(Resp.NOT_MINE));
156 public void denyIPTest() throws CadiException {
157 assertThat(DenialOfServiceTaf.isDeniedIP(ip1), is(nullValue()));
158 assertThat(DenialOfServiceTaf.denyIP(ip1), is(true)); // true because it's been added
159 assertThat(DenialOfServiceTaf.denyIP(ip2), is(true)); // true because it's been added
160 assertThat(DenialOfServiceTaf.denyIP(ip1), is(false)); // false because it's already been added
161 assertThat(DenialOfServiceTaf.denyIP(ip2), is(false)); // false because it's already been added
164 counter = DenialOfServiceTaf.isDeniedIP(ip1);
165 assertThat(counter.getName(), is(ip1));
166 assertThat(counter.getCount(), is(0));
167 assertThat(counter.getLast(), is(0L));
168 assertThat(counter.toString(), is(ip1 + " is on the denied list, but has not attempted Access" ));
170 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
171 dost.validate(LifeForm.SBLF, reqMock1, respMock);
172 long approxTime = System.currentTimeMillis();
174 counter = DenialOfServiceTaf.isDeniedIP(ip1);
175 assertThat(counter.getName(), is(ip1));
176 assertThat(counter.getCount(), is(1));
177 assertThat((Math.abs(approxTime - counter.getLast()) < 10), is(true));
178 assertThat(counter.toString().contains(ip1), is(true));
179 assertThat(counter.toString().contains(" has been denied 1 times since "), is(true));
180 assertThat(counter.toString().contains(". Last denial was "), is(true));
183 dost.validate(LifeForm.SBLF, reqMock1, respMock);
185 assertThat(DenialOfServiceTaf.removeDenyIP(ip1), is(true));
186 assertThat(DenialOfServiceTaf.removeDenyIP(ip1), is(false));
187 assertThat(DenialOfServiceTaf.removeDenyIP(ip2), is(true));
188 assertThat(DenialOfServiceTaf.removeDenyIP(ip2), is(false));
192 public void denyIDTest() throws CadiException {
193 assertThat(DenialOfServiceTaf.isDeniedID(id1), is(nullValue()));
194 assertThat(DenialOfServiceTaf.denyID(id1), is(true)); // true because it's been added
195 assertThat(DenialOfServiceTaf.denyID(id2), is(true)); // true because it's been added
196 assertThat(DenialOfServiceTaf.denyID(id1), is(false)); // false because it's already been added
197 assertThat(DenialOfServiceTaf.denyID(id2), is(false)); // false because it's already been added
200 counter = DenialOfServiceTaf.isDeniedID(id1);
201 assertThat(counter.getName(), is(id1));
202 assertThat(counter.getCount(), is(0));
203 assertThat(counter.getLast(), is(0L));
205 assertThat(DenialOfServiceTaf.removeDenyID(id1), is(true));
206 assertThat(DenialOfServiceTaf.removeDenyID(id1), is(false));
207 assertThat(DenialOfServiceTaf.removeDenyID(id2), is(true));
208 assertThat(DenialOfServiceTaf.removeDenyID(id2), is(false));
212 public void reportTest() throws CadiException {
213 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
214 List<String> denials = dost.report();
215 assertThat(denials.size(), is(0));
217 DenialOfServiceTaf.denyID(id1);
218 DenialOfServiceTaf.denyID(id2);
220 DenialOfServiceTaf.denyIP(ip1);
221 DenialOfServiceTaf.denyIP(ip2);
223 denials = dost.report();
224 assertThat(denials.size(), is(4));
225 for (String denied : denials) {
226 switch (denied.split(" ", 2)[0]) {
233 fail("The line: [" + denied + "] shouldn't be in the report");
239 public void respDenyIDTest() {
240 TafResp tafResp = DenialOfServiceTaf.respDenyID(accessMock, id1);
241 assertThat(tafResp.desc(), is(id1 + " is on the Identity Denial list"));
245 public void ipFileIOTest() throws CadiException, IOException {
246 @SuppressWarnings("unused")
247 DenialOfServiceTaf dost;
249 dosIPFile.createNewFile();
252 DenialOfServiceTaf.denyIP(ip1);
253 DenialOfServiceTaf.removeDenyIP(ip1);
255 dost = new DenialOfServiceTaf(accessMock);
256 DenialOfServiceTaf.denyIP(ip1);
257 DenialOfServiceTaf.denyIP(ip2);
259 DenialOfServiceTaf.denyIP(ip2);
261 String contents = readContentsFromFile(dosIPFile);
262 assertThat(contents.contains(ip1), is(true));
263 assertThat(contents.contains(ip2), is(true));
265 // Removing all ips should delete the file
266 assertThat(dosIPFile.exists(), is(true));
267 DenialOfServiceTaf.removeDenyIP(ip1);
268 DenialOfServiceTaf.removeDenyIP(ip2);
269 assertThat(dosIPFile.exists(), is(false));
271 dosIPFile.createNewFile();
273 DenialOfServiceTaf.denyIP(ip1);
274 DenialOfServiceTaf.denyIP(ip2);
276 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
277 dost = new DenialOfServiceTaf(accessMock);
279 contents = readContentsFromFile(dosIPFile);
280 assertThat(contents.contains(ip1), is(true));
281 assertThat(contents.contains(ip2), is(true));
286 setPrivateField(DenialOfServiceTaf.class, "deniedIP", null);
287 DenialOfServiceTaf.denyIP(ip1);
289 DenialOfServiceTaf.removeDenyIP(ip1);
293 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
294 dost = new DenialOfServiceTaf(accessMock);
298 public void idFileIOTest() throws CadiException, IOException {
299 @SuppressWarnings("unused")
300 DenialOfServiceTaf dost;
302 dosIDFile.createNewFile();
305 DenialOfServiceTaf.denyID(id1);
306 DenialOfServiceTaf.removeDenyID(id1);
308 dost = new DenialOfServiceTaf(accessMock);
309 DenialOfServiceTaf.denyID(id1);
310 DenialOfServiceTaf.denyID(id2);
312 DenialOfServiceTaf.denyID(id2);
314 String contents = readContentsFromFile(dosIDFile);
315 assertThat(contents.contains(id1), is(true));
316 assertThat(contents.contains(id2), is(true));
318 // Removing all ids should delete the file
319 assertThat(dosIDFile.exists(), is(true));
320 DenialOfServiceTaf.removeDenyID(id1);
321 DenialOfServiceTaf.removeDenyID(id2);
322 assertThat(dosIDFile.exists(), is(false));
324 dosIDFile.createNewFile();
326 DenialOfServiceTaf.denyID(id1);
327 DenialOfServiceTaf.denyID(id2);
329 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
330 dost = new DenialOfServiceTaf(accessMock);
332 contents = readContentsFromFile(dosIDFile);
333 assertThat(contents.contains(id1), is(true));
334 assertThat(contents.contains(id2), is(true));
339 setPrivateField(DenialOfServiceTaf.class, "deniedID", null);
340 DenialOfServiceTaf.denyID(id1);
342 DenialOfServiceTaf.removeDenyID(id1);
346 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
347 dost = new DenialOfServiceTaf(accessMock);
350 private void setPrivateField(Class<?> clazz, String fieldName, Object value) {
352 Field field = clazz.getDeclaredField(fieldName);
353 field.setAccessible(true);
354 field.set(null, value);
355 field.setAccessible(false);
356 } catch (Exception e) {
357 System.err.println("Could not set field [" + fieldName + "] to " + value);
361 private String readContentsFromFile(File file) throws IOException {
362 BufferedReader br = new BufferedReader(new FileReader(file));
363 StringBuilder sb = new StringBuilder();
365 while ((line = br.readLine()) != null) {
369 return sb.toString();
Code Review / aaf / authz.git / blob