1 /*******************************************************************************
2 * ============LICENSE_START====================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
21 ******************************************************************************/
22 package org.onap.aaf.cadi.taf.dos.test;
24 import static org.junit.Assert.*;
25 import static org.hamcrest.CoreMatchers.*;
26 import static org.mockito.Mockito.*;
30 import java.io.BufferedReader;
32 import java.io.FileReader;
33 import java.io.IOException;
34 import java.lang.reflect.Field;
35 import java.util.List;
37 import javax.servlet.http.HttpServletRequest;
38 import javax.servlet.http.HttpServletResponse;
40 import org.onap.aaf.cadi.Access;
41 import org.onap.aaf.cadi.CachedPrincipal.Resp;
42 import org.onap.aaf.cadi.CadiException;
43 import org.onap.aaf.cadi.config.Config;
44 import org.onap.aaf.cadi.taf.TafResp;
45 import org.onap.aaf.cadi.Taf.LifeForm;
46 import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf;
47 import org.onap.aaf.cadi.taf.dos.DenialOfServiceTaf.Counter;
49 public class JU_DenialOfServiceTaf {
52 HttpServletResponse respMock;
55 HttpServletRequest reqMock1;
58 HttpServletRequest reqMock2;
61 HttpServletRequest reqMock3;
66 private File dosIPFile;
67 private File dosIDFile;
69 private final String dosDirName = "test";
71 private final String id1 = "id1";
72 private final String id2 = "id2";
74 private final String ip1 = "111.111.111.111";
75 private final String ip2 = "222.222.222.222";
78 public void setup() throws IOException {
79 MockitoAnnotations.initMocks(this);
81 dosDir = new File(dosDirName);
83 dosIPFile = new File(dosDirName, "/dosIP");
84 dosIDFile = new File(dosDirName, "/dosID");
88 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(dosDirName);
89 when(reqMock1.getRemoteAddr()).thenReturn(ip1);
90 when(reqMock2.getRemoteAddr()).thenReturn(ip2);
92 setPrivateField(DenialOfServiceTaf.class, "deniedIP", null);
93 setPrivateField(DenialOfServiceTaf.class, "deniedID", null);
94 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
95 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
99 public void tearDown() {
100 dosIPFile = new File(dosDirName, "/dosIP");
101 dosIDFile = new File(dosDirName, "/dosID");
107 public void constructorTest() throws CadiException {
108 @SuppressWarnings("unused")
109 DenialOfServiceTaf dost;
112 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(null);
113 dost = new DenialOfServiceTaf(accessMock);
115 when(accessMock.getProperty(Config.AAF_DATA_DIR, null)).thenReturn(dosDirName);
116 dost = new DenialOfServiceTaf(accessMock);
119 dost = new DenialOfServiceTaf(accessMock);
122 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
123 dost = new DenialOfServiceTaf(accessMock);
127 public void validateTest() throws CadiException {
128 DenialOfServiceTaf dost;
131 dost = new DenialOfServiceTaf(accessMock);
132 tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
134 assertThat(tafResp.desc(), is("DenialOfServiceTaf is not processing this transaction: This Transaction is not denied"));
136 assertThat(DenialOfServiceTaf.denyIP(ip1), is(true));
138 tafResp = dost.validate(LifeForm.SBLF, reqMock1, respMock);
139 assertThat(tafResp.desc(), is(ip1 + " is on the IP Denial list"));
141 tafResp = dost.validate(LifeForm.SBLF, reqMock2, respMock);
142 assertThat(tafResp.desc(), is("DenialOfServiceTaf is not processing this transaction: This Transaction is not denied"));
146 public void revalidateTest() throws CadiException {
147 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
148 Resp resp = dost.revalidate(null, null);
149 assertThat(resp, is(Resp.NOT_MINE));
153 public void denyIPTest() throws CadiException {
154 assertThat(DenialOfServiceTaf.isDeniedIP(ip1), is(nullValue()));
155 assertThat(DenialOfServiceTaf.denyIP(ip1), is(true)); // true because it's been added
156 assertThat(DenialOfServiceTaf.denyIP(ip2), is(true)); // true because it's been added
157 assertThat(DenialOfServiceTaf.denyIP(ip1), is(false)); // false because it's already been added
158 assertThat(DenialOfServiceTaf.denyIP(ip2), is(false)); // false because it's already been added
161 counter = DenialOfServiceTaf.isDeniedIP(ip1);
162 assertThat(counter.getName(), is(ip1));
163 assertThat(counter.getCount(), is(0));
164 assertThat(counter.getLast(), is(0L));
165 assertThat(counter.toString(), is(ip1 + " is on the denied list, but has not attempted Access" ));
167 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
168 dost.validate(LifeForm.SBLF, reqMock1, respMock);
169 long approxTime = System.currentTimeMillis();
171 counter = DenialOfServiceTaf.isDeniedIP(ip1);
172 assertThat(counter.getName(), is(ip1));
173 assertThat(counter.getCount(), is(1));
174 assertThat((Math.abs(approxTime - counter.getLast()) < 10), is(true));
175 assertThat(counter.toString().contains(ip1), is(true));
176 assertThat(counter.toString().contains(" has been denied 1 times since "), is(true));
177 assertThat(counter.toString().contains(". Last denial was "), is(true));
180 dost.validate(LifeForm.SBLF, reqMock1, respMock);
182 assertThat(DenialOfServiceTaf.removeDenyIP(ip1), is(true));
183 assertThat(DenialOfServiceTaf.removeDenyIP(ip1), is(false));
184 assertThat(DenialOfServiceTaf.removeDenyIP(ip2), is(true));
185 assertThat(DenialOfServiceTaf.removeDenyIP(ip2), is(false));
189 public void denyIDTest() throws CadiException {
190 assertThat(DenialOfServiceTaf.isDeniedID(id1), is(nullValue()));
191 assertThat(DenialOfServiceTaf.denyID(id1), is(true)); // true because it's been added
192 assertThat(DenialOfServiceTaf.denyID(id2), is(true)); // true because it's been added
193 assertThat(DenialOfServiceTaf.denyID(id1), is(false)); // false because it's already been added
194 assertThat(DenialOfServiceTaf.denyID(id2), is(false)); // false because it's already been added
197 counter = DenialOfServiceTaf.isDeniedID(id1);
198 assertThat(counter.getName(), is(id1));
199 assertThat(counter.getCount(), is(0));
200 assertThat(counter.getLast(), is(0L));
202 assertThat(DenialOfServiceTaf.removeDenyID(id1), is(true));
203 assertThat(DenialOfServiceTaf.removeDenyID(id1), is(false));
204 assertThat(DenialOfServiceTaf.removeDenyID(id2), is(true));
205 assertThat(DenialOfServiceTaf.removeDenyID(id2), is(false));
209 public void reportTest() throws CadiException {
210 DenialOfServiceTaf dost = new DenialOfServiceTaf(accessMock);
211 List<String> denials = dost.report();
212 assertThat(denials.size(), is(0));
214 DenialOfServiceTaf.denyID(id1);
215 DenialOfServiceTaf.denyID(id2);
217 DenialOfServiceTaf.denyIP(ip1);
218 DenialOfServiceTaf.denyIP(ip2);
220 denials = dost.report();
221 assertThat(denials.size(), is(4));
222 for (String denied : denials) {
223 switch (denied.split(" ", 2)[0]) {
230 fail("The line: [" + denied + "] shouldn't be in the report");
236 public void respDenyIDTest() {
237 TafResp tafResp = DenialOfServiceTaf.respDenyID(accessMock, id1);
238 assertThat(tafResp.desc(), is(id1 + " is on the Identity Denial list"));
242 public void ipFileIOTest() throws CadiException, IOException {
243 @SuppressWarnings("unused")
244 DenialOfServiceTaf dost;
246 dosIPFile.createNewFile();
249 DenialOfServiceTaf.denyIP(ip1);
250 DenialOfServiceTaf.removeDenyIP(ip1);
252 dost = new DenialOfServiceTaf(accessMock);
253 DenialOfServiceTaf.denyIP(ip1);
254 DenialOfServiceTaf.denyIP(ip2);
256 DenialOfServiceTaf.denyIP(ip2);
258 String contents = readContentsFromFile(dosIPFile);
259 assertThat(contents.contains(ip1), is(true));
260 assertThat(contents.contains(ip2), is(true));
262 // Removing all ips should delete the file
263 assertThat(dosIPFile.exists(), is(true));
264 DenialOfServiceTaf.removeDenyIP(ip1);
265 DenialOfServiceTaf.removeDenyIP(ip2);
266 assertThat(dosIPFile.exists(), is(false));
268 dosIPFile.createNewFile();
270 DenialOfServiceTaf.denyIP(ip1);
271 DenialOfServiceTaf.denyIP(ip2);
273 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
274 dost = new DenialOfServiceTaf(accessMock);
276 contents = readContentsFromFile(dosIPFile);
277 assertThat(contents.contains(ip1), is(true));
278 assertThat(contents.contains(ip2), is(true));
283 setPrivateField(DenialOfServiceTaf.class, "deniedIP", null);
284 DenialOfServiceTaf.denyIP(ip1);
286 DenialOfServiceTaf.removeDenyIP(ip1);
290 setPrivateField(DenialOfServiceTaf.class, "dosIP", null);
291 dost = new DenialOfServiceTaf(accessMock);
295 public void idFileIOTest() throws CadiException, IOException {
296 @SuppressWarnings("unused")
297 DenialOfServiceTaf dost;
299 dosIDFile.createNewFile();
302 DenialOfServiceTaf.denyID(id1);
303 DenialOfServiceTaf.removeDenyID(id1);
305 dost = new DenialOfServiceTaf(accessMock);
306 DenialOfServiceTaf.denyID(id1);
307 DenialOfServiceTaf.denyID(id2);
309 DenialOfServiceTaf.denyID(id2);
311 String contents = readContentsFromFile(dosIDFile);
312 assertThat(contents.contains(id1), is(true));
313 assertThat(contents.contains(id2), is(true));
315 // Removing all ids should delete the file
316 assertThat(dosIDFile.exists(), is(true));
317 DenialOfServiceTaf.removeDenyID(id1);
318 DenialOfServiceTaf.removeDenyID(id2);
319 assertThat(dosIDFile.exists(), is(false));
321 dosIDFile.createNewFile();
323 DenialOfServiceTaf.denyID(id1);
324 DenialOfServiceTaf.denyID(id2);
326 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
327 dost = new DenialOfServiceTaf(accessMock);
329 contents = readContentsFromFile(dosIDFile);
330 assertThat(contents.contains(id1), is(true));
331 assertThat(contents.contains(id2), is(true));
336 setPrivateField(DenialOfServiceTaf.class, "deniedID", null);
337 DenialOfServiceTaf.denyID(id1);
339 DenialOfServiceTaf.removeDenyID(id1);
343 setPrivateField(DenialOfServiceTaf.class, "dosID", null);
344 dost = new DenialOfServiceTaf(accessMock);
347 private void setPrivateField(Class<?> clazz, String fieldName, Object value) {
349 Field field = clazz.getDeclaredField(fieldName);
350 field.setAccessible(true);
351 field.set(null, value);
352 field.setAccessible(false);
353 } catch(Exception e) {
354 System.err.println("Could not set field [" + fieldName + "] to " + value);
358 private String readContentsFromFile(File file) throws IOException {
359 BufferedReader br = new BufferedReader(new FileReader(file));
360 StringBuilder sb = new StringBuilder();
362 while ((line = br.readLine()) != null) {
366 return sb.toString();
Code Review / aaf / authz.git / blob