1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
22 package org.onap.aaf.cadi.taf.dos.test;
24 import static org.junit.Assert.*;
25 import static org.hamcrest.CoreMatchers.*;
26 import static org.mockito.Mockito.*;
30 import java.io.BufferedReader;
32 import java.io.FileReader;
33 import java.io.IOException;
34 import java.lang.reflect.Field;
35 import java.util.List;
37 import javax.servlet.http.HttpServletRequest;
38 import javax.servlet.http.HttpServletResponse;
40 import org.onap.aaf.cadi.Access;
41 import org.onap.aaf.cadi.CachedPrincipal.Resp;
42 import org.onap.aaf.cadi.CadiException;
43 import org.onap.aaf.cadi.config.Config;
44 import org.onap.aaf.cadi.taf.TafResp;
45 import org.onap.aaf.cadi.Taf.LifeForm;
46 import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;
47 import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf.Counter;
49 public class JU_DenialOfServiceTaf {
52 HttpServletResponse respMock;
55 HttpServletRequest reqMock1;
58 HttpServletRequest reqMock2;
61 HttpServletRequest reqMock3;
66 private File dosIPFile;
67 private File dosIDFile;
69 private final String dosDirName = "test";
71 private final String id1 = "id1";
72 private final String id2 = "id2";
74 private final String ip1 = "111.111.111.111";
75 private final String ip2 = "222.222.222.222";
78 public void setup() throws IOException {
79 MockitoAnnotations.initMocks(this);
81 dosDir = new File(dosDirName);
83 dosIPFile = new File(dosDirName, "/dosIP");
84 dosIDFile = new File(dosDirName, "/dosID");
88 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(dosDirName);
89 when(reqMock1.getRemoteAddr()).thenReturn(ip1);
90 when(reqMock2.getRemoteAddr()).thenReturn(ip2);
92 setPrivateField(DenialOfServiceTaf.class, "deniedIP", null);
93 setPrivateField(DenialOfServiceTaf.class, "deniedID", null);
94 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
95 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
99 public void tearDown() {
100 dosIPFile = new File(dosDirName, "/dosIP");
101 dosIDFile = new File(dosDirName, "/dosID");
107 public void constructorTest() throws CadiException {
108 @SuppressWarnings("unused")
109 DenialOfServiceTaf dost;
112 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(null);
113 dost = new DenialOfServiceTaf(accessMock);
115 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(dosDirName);
116 dost = new DenialOfServiceTaf(accessMock);
119 dost = new DenialOfServiceTaf(accessMock);
122 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
123 dost = new DenialOfServiceTaf(accessMock);
127 public void validateTest() throws CadiException {
128 DenialOfServiceTaf dost;
131 dost = new DenialOfServiceTaf(accessMock);
132 tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
134 assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
135 assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
137 assertThat(DenialOfServiceTaf.denyIP(ip1), is(true));
139 tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
140 assertThat(tafResp.desc(), is(ip1 + " is on the IP Denial list"));
142 tafResp = dost.validate(LifeForm.SBLF, reqMock2, respMock);
143 assertThat(tafResp.desc(), is("Not processing this transaction: This Transaction is not denied"));
144 assertThat(tafResp.taf(), is("DenialOfServiceTaf"));
148 public void revalidateTest() throws CadiException {
149 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
150 Resp resp = dost.revalidate(null, null);
151 assertThat(resp, is(Resp.NOT_MINE));
155 public void denyIPTest() throws CadiException {
156 assertThat(DenialOfServiceTaf.isDeniedIP(ip1), is(nullValue()));
157 assertThat(DenialOfServiceTaf.denyIP(ip1), is(true)); // true because it's been added
158 assertThat(DenialOfServiceTaf.denyIP(ip2), is(true)); // true because it's been added
159 assertThat(DenialOfServiceTaf.denyIP(ip1), is(false)); // false because it's already been added
160 assertThat(DenialOfServiceTaf.denyIP(ip2), is(false)); // false because it's already been added
163 counter = DenialOfServiceTaf.isDeniedIP(ip1);
164 assertThat(counter.getName(), is(ip1));
165 assertThat(counter.getCount(), is(0));
166 assertThat(counter.getLast(), is(0L));
167 assertThat(counter.toString(), is(ip1 + " is on the denied list, but has not attempted Access" ));
169 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
170 dost.validate(LifeForm.SBLF, reqMock1, respMock);
171 long approxTime = System.currentTimeMillis();
173 counter = DenialOfServiceTaf.isDeniedIP(ip1);
174 assertThat(counter.getName(), is(ip1));
175 assertThat(counter.getCount(), is(1));
176 assertThat((Math.abs(approxTime - counter.getLast()) < 10), is(true));
177 assertThat(counter.toString().contains(ip1), is(true));
178 assertThat(counter.toString().contains(" has been denied 1 times since "), is(true));
179 assertThat(counter.toString().contains(". Last denial was "), is(true));
182 dost.validate(LifeForm.SBLF, reqMock1, respMock);
184 assertThat(DenialOfServiceTaf.removeDenyIP(ip1), is(true));
185 assertThat(DenialOfServiceTaf.removeDenyIP(ip1), is(false));
186 assertThat(DenialOfServiceTaf.removeDenyIP(ip2), is(true));
187 assertThat(DenialOfServiceTaf.removeDenyIP(ip2), is(false));
191 public void denyIDTest() throws CadiException {
192 assertThat(DenialOfServiceTaf.isDeniedID(id1), is(nullValue()));
193 assertThat(DenialOfServiceTaf.denyID(id1), is(true)); // true because it's been added
194 assertThat(DenialOfServiceTaf.denyID(id2), is(true)); // true because it's been added
195 assertThat(DenialOfServiceTaf.denyID(id1), is(false)); // false because it's already been added
196 assertThat(DenialOfServiceTaf.denyID(id2), is(false)); // false because it's already been added
199 counter = DenialOfServiceTaf.isDeniedID(id1);
200 assertThat(counter.getName(), is(id1));
201 assertThat(counter.getCount(), is(0));
202 assertThat(counter.getLast(), is(0L));
204 assertThat(DenialOfServiceTaf.removeDenyID(id1), is(true));
205 assertThat(DenialOfServiceTaf.removeDenyID(id1), is(false));
206 assertThat(DenialOfServiceTaf.removeDenyID(id2), is(true));
207 assertThat(DenialOfServiceTaf.removeDenyID(id2), is(false));
211 public void reportTest() throws CadiException {
212 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
213 List<String> denials = dost.report();
214 assertThat(denials.size(), is(0));
216 DenialOfServiceTaf.denyID(id1);
217 DenialOfServiceTaf.denyID(id2);
219 DenialOfServiceTaf.denyIP(ip1);
220 DenialOfServiceTaf.denyIP(ip2);
222 denials = dost.report();
223 assertThat(denials.size(), is(4));
224 for (String denied : denials) {
225 switch (denied.split(" ", 2)[0]) {
232 fail("The line: [" + denied + "] shouldn't be in the report");
238 public void respDenyIDTest() {
239 TafResp tafResp = DenialOfServiceTaf.respDenyID(accessMock, id1);
240 assertThat(tafResp.desc(), is(id1 + " is on the Identity Denial list"));
244 public void ipFileIOTest() throws CadiException, IOException {
245 @SuppressWarnings("unused")
246 DenialOfServiceTaf dost;
248 dosIPFile.createNewFile();
251 DenialOfServiceTaf.denyIP(ip1);
252 DenialOfServiceTaf.removeDenyIP(ip1);
254 dost = new DenialOfServiceTaf(accessMock);
255 DenialOfServiceTaf.denyIP(ip1);
256 DenialOfServiceTaf.denyIP(ip2);
258 DenialOfServiceTaf.denyIP(ip2);
260 String contents = readContentsFromFile(dosIPFile);
261 assertThat(contents.contains(ip1), is(true));
262 assertThat(contents.contains(ip2), is(true));
264 // Removing all ips should delete the file
265 assertThat(dosIPFile.exists(), is(true));
266 DenialOfServiceTaf.removeDenyIP(ip1);
267 DenialOfServiceTaf.removeDenyIP(ip2);
268 assertThat(dosIPFile.exists(), is(false));
270 dosIPFile.createNewFile();
272 DenialOfServiceTaf.denyIP(ip1);
273 DenialOfServiceTaf.denyIP(ip2);
275 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
276 dost = new DenialOfServiceTaf(accessMock);
278 contents = readContentsFromFile(dosIPFile);
279 assertThat(contents.contains(ip1), is(true));
280 assertThat(contents.contains(ip2), is(true));
285 setPrivateField(DenialOfServiceTaf.class, "deniedIP", null);
286 DenialOfServiceTaf.denyIP(ip1);
288 DenialOfServiceTaf.removeDenyIP(ip1);
292 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
293 dost = new DenialOfServiceTaf(accessMock);
297 public void idFileIOTest() throws CadiException, IOException {
298 @SuppressWarnings("unused")
299 DenialOfServiceTaf dost;
301 dosIDFile.createNewFile();
304 DenialOfServiceTaf.denyID(id1);
305 DenialOfServiceTaf.removeDenyID(id1);
307 dost = new DenialOfServiceTaf(accessMock);
308 DenialOfServiceTaf.denyID(id1);
309 DenialOfServiceTaf.denyID(id2);
311 DenialOfServiceTaf.denyID(id2);
313 String contents = readContentsFromFile(dosIDFile);
314 assertThat(contents.contains(id1), is(true));
315 assertThat(contents.contains(id2), is(true));
317 // Removing all ids should delete the file
318 assertThat(dosIDFile.exists(), is(true));
319 DenialOfServiceTaf.removeDenyID(id1);
320 DenialOfServiceTaf.removeDenyID(id2);
321 assertThat(dosIDFile.exists(), is(false));
323 dosIDFile.createNewFile();
325 DenialOfServiceTaf.denyID(id1);
326 DenialOfServiceTaf.denyID(id2);
328 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
329 dost = new DenialOfServiceTaf(accessMock);
331 contents = readContentsFromFile(dosIDFile);
332 assertThat(contents.contains(id1), is(true));
333 assertThat(contents.contains(id2), is(true));
338 setPrivateField(DenialOfServiceTaf.class, "deniedID", null);
339 DenialOfServiceTaf.denyID(id1);
341 DenialOfServiceTaf.removeDenyID(id1);
345 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
346 dost = new DenialOfServiceTaf(accessMock);
349 private void setPrivateField(Class<?> clazz, String fieldName, Object value) {
351 Field field = clazz.getDeclaredField(fieldName);
352 field.setAccessible(true);
353 field.set(null, value);
354 field.setAccessible(false);
355 } catch(Exception e) {
356 System.err.println("Could not set field [" + fieldName + "] to " + value);
360 private String readContentsFromFile(File file) throws IOException {
361 BufferedReader br = new BufferedReader(new FileReader(file));
362 StringBuilder sb = new StringBuilder();
364 while ((line = br.readLine()) != null) {
368 return sb.toString();
Code Review / aaf / authz.git / blob