--- /dev/null
+/**
+ *
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.lur.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.nullValue;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.when;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.cadi.CachingLur;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.CredVal;
+import org.onap.aaf.cadi.Lur;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.lur.EpiLur;
+
+public class JU_EpiLur {
+
+ private ArrayList<Permission> perms;
+ private CredValStub lurMock3;
+
+ @Mock private Lur lurMock1;
+ @Mock private CachingLur<?> lurMock2;
+ @Mock private Principal princMock;
+ @Mock private Permission permMock;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.initMocks(this);
+
+ perms = new ArrayList<>();
+ perms.add(permMock);
+
+ lurMock3 = new CredValStub();
+ }
+
+ @Test
+ public void test() throws CadiException {
+ EpiLur lur;
+ try {
+ lur = new EpiLur();
+ } catch (CadiException e) {
+ assertThat(e.getMessage(), is("Need at least one Lur implementation in constructor"));
+ }
+ lur = new EpiLur(lurMock1, lurMock2, lurMock3);
+ assertThat(lur.fish(null, null), is(false));
+
+ assertThat(lur.fish(princMock, permMock), is(false));
+
+ when(lurMock2.handlesExclusively(permMock)).thenReturn(true);
+ assertThat(lur.fish(princMock, permMock), is(false));
+
+ when(lurMock2.fish(princMock, permMock)).thenReturn(true);
+ assertThat(lur.fish(princMock, permMock), is(true));
+
+ lur.fishAll(princMock, perms);
+
+ assertThat(lur.handlesExclusively(permMock), is(false));
+
+ assertThat(lur.get(-1), is(nullValue()));
+ assertThat(lur.get(0), is(lurMock1));
+ assertThat(lur.get(1), is((Lur)lurMock2));
+ assertThat(lur.get(2), is((Lur)lurMock3));
+ assertThat(lur.get(3), is(nullValue()));
+
+ assertThat(lur.handles(princMock), is(false));
+ when(lurMock2.handles(princMock)).thenReturn(true);
+ assertThat(lur.handles(princMock), is(true));
+
+ lur.remove("id");
+
+ lur.clear(princMock, null);
+
+ assertThat(lur.createPerm("perm"), is(not(nullValue())));
+
+ lur.getUserPassImpl();
+ assertThat(lur.getUserPassImpl(), is((CredVal)lurMock3));
+
+ lur.toString();
+ lur.destroy();
+
+ lur = new EpiLur(lurMock1, lurMock2);
+ assertThat(lur.getUserPassImpl(), is(nullValue()));
+
+ assertThat(lur.subLur(Lur.class), is(nullValue()));
+ }
+
+ private class CredValStub implements Lur, CredVal {
+ @Override public boolean validate(String user, Type type, byte[] cred, Object state) { return false; }
+ @Override public Permission createPerm(String p) { return null; }
+ @Override public boolean fish(Principal bait, Permission pond) { return false; }
+ @Override public void fishAll(Principal bait, List<Permission> permissions) { }
+ @Override public void destroy() { }
+ @Override public boolean handlesExclusively(Permission pond) { return false; }
+ @Override public boolean handles(Principal principal) { return false; }
+ @Override public void clear(Principal p, StringBuilder report) { }
+ }
+
+}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.taf.basic.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.nullValue;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Mockito.when;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.io.UnsupportedEncodingException;
+import java.security.Principal;
+import java.util.Collection;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.AsyncContext;
+import javax.servlet.DispatcherType;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.Part;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.cadi.BasicCred;
+import org.onap.aaf.cadi.CachedPrincipal;
+import org.onap.aaf.cadi.CachedPrincipal.Resp;
+import org.onap.aaf.cadi.CredVal;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.Taf.LifeForm;
+import org.onap.aaf.cadi.taf.basic.BasicHttpTaf;
+
+public class JU_BasicHttpTaf {
+
+ private final static String realm = "realm";
+ private final static String id = "id";
+ private final static String addr = "addr";
+
+ private final static String name = "User";
+ private final static String password = "password";
+ private final static String content = name + ":" + password;
+ private static String encrypted;
+
+ private final static long timeToLive = 10000L;
+
+ private PropAccess access;
+
+ @Mock private HttpServletResponse respMock;
+ @Mock private HttpServletRequest reqMock;
+ @Mock private CredVal rbacMock;
+ @Mock private CachedPrincipal princMock;
+
+ @Before
+ public void setup() throws IOException {
+ MockitoAnnotations.initMocks(this);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
+ encrypted = new String(Symm.base64.encode(content.getBytes()));
+ }
+
+ @Test
+ public void test() {
+ BasicHttpTaf taf = new BasicHttpTaf(access, rbacMock, realm, timeToLive, true);
+ BasicCredStub bcstub = new BasicCredStub();
+ assertThat(taf.validate(LifeForm.SBLF, bcstub, respMock), is(not(nullValue())));
+
+ assertThat(taf.validate(LifeForm.SBLF, reqMock, respMock), is(not(nullValue())));
+
+ when(reqMock.getHeader("Authorization")).thenReturn("test");
+ assertThat(taf.validate(LifeForm.SBLF, reqMock, respMock), is(not(nullValue())));
+
+ when(reqMock.getHeader("Authorization")).thenReturn("Basic " + encrypted);
+ assertThat(taf.validate(LifeForm.SBLF, reqMock, respMock), is(not(nullValue())));
+
+ assertThat(taf.revalidate(princMock, "state"), is(Resp.NOT_MINE));
+
+ assertThat(taf.toString(), is("Basic Auth enabled on realm: " + realm));
+ }
+
+ private class BasicCredStub implements HttpServletRequest, BasicCred {
+ @Override public String getUser() { return id; }
+ @Override public String getRemoteAddr() { return addr; }
+
+ @Override public AsyncContext getAsyncContext() { return null; }
+ @Override public Object getAttribute(String arg0) { return null; }
+ @Override public Enumeration<String> getAttributeNames() { return null; }
+ @Override public String getCharacterEncoding() { return null; }
+ @Override public int getContentLength() { return 0; }
+ @Override public String getContentType() { return null; }
+ @Override public DispatcherType getDispatcherType() { return null; }
+ @Override public ServletInputStream getInputStream() throws IOException { return null; }
+ @Override public String getLocalAddr() { return null; }
+ @Override public String getLocalName() { return null; }
+ @Override public int getLocalPort() { return 0; }
+ @Override public Locale getLocale() { return null; }
+ @Override public Enumeration<Locale> getLocales() { return null; }
+ @Override public String getParameter(String arg0) { return null; }
+ @Override public Map<String, String[]> getParameterMap() { return null; }
+ @Override public Enumeration<String> getParameterNames() { return null; }
+ @Override public String[] getParameterValues(String arg0) { return null; }
+ @Override public String getProtocol() { return null; }
+ @Override public BufferedReader getReader() throws IOException { return null; }
+ @Override public String getRealPath(String arg0) { return null; }
+ @Override public String getRemoteHost() { return null; }
+ @Override public int getRemotePort() { return 0; }
+ @Override public RequestDispatcher getRequestDispatcher(String arg0) { return null; }
+ @Override public String getScheme() { return null; }
+ @Override public String getServerName() { return null; }
+ @Override public int getServerPort() { return 0; }
+ @Override public ServletContext getServletContext() { return null; }
+ @Override public boolean isAsyncStarted() { return false; }
+ @Override public boolean isAsyncSupported() { return false; }
+ @Override public boolean isSecure() { return false; }
+ @Override public void removeAttribute(String arg0) { }
+ @Override public void setAttribute(String arg0, Object arg1) { }
+ @Override public void setCharacterEncoding(String arg0) throws UnsupportedEncodingException { }
+ @Override public AsyncContext startAsync() throws IllegalStateException { return null; }
+ @Override public AsyncContext startAsync(ServletRequest arg0, ServletResponse arg1) throws IllegalStateException { return null; }
+ @Override public byte[] getCred() { return null; }
+ @Override public void setUser(String user) { }
+ @Override public void setCred(byte[] passwd) { }
+ @Override public boolean authenticate(HttpServletResponse arg0) throws IOException, ServletException { return false; }
+ @Override public String getAuthType() { return null; }
+ @Override public String getContextPath() { return null; }
+ @Override public Cookie[] getCookies() { return null; }
+ @Override public long getDateHeader(String arg0) { return 0; }
+ @Override public String getHeader(String arg0) { return null; }
+ @Override public Enumeration<String> getHeaderNames() { return null; }
+ @Override public Enumeration<String> getHeaders(String arg0) { return null; }
+ @Override public int getIntHeader(String arg0) { return 0; }
+ @Override public String getMethod() { return null; }
+ @Override public Part getPart(String arg0) throws IOException, ServletException { return null; }
+ @Override public Collection<Part> getParts() throws IOException, ServletException { return null; }
+ @Override public String getPathInfo() { return null; }
+ @Override public String getPathTranslated() { return null; }
+ @Override public String getQueryString() { return null; }
+ @Override public String getRemoteUser() { return null; }
+ @Override public String getRequestURI() { return null; }
+ @Override public StringBuffer getRequestURL() { return null; }
+ @Override public String getRequestedSessionId() { return null; }
+ @Override public String getServletPath() { return null; }
+ @Override public HttpSession getSession() { return null; }
+ @Override public HttpSession getSession(boolean arg0) { return null; }
+ @Override public Principal getUserPrincipal() { return null; }
+ @Override public boolean isRequestedSessionIdFromCookie() { return false; }
+ @Override public boolean isRequestedSessionIdFromURL() { return false; }
+ @Override public boolean isRequestedSessionIdFromUrl() { return false; }
+ @Override public boolean isRequestedSessionIdValid() { return false; }
+ @Override public boolean isUserInRole(String arg0) { return false; }
+ @Override public void login(String arg0, String arg1) throws ServletException { }
+ @Override public void logout() throws ServletException { }
+ }
+}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.taf.basic.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.taf.basic.BasicHttpTafResp;
+
+public class JU_BasicHttpTafResp {
+
+ private final static String realm = "realm";
+ private final static String description = "description";
+
+ private PropAccess access;
+
+ @Mock private HttpServletResponse respMock;
+ @Mock private TaggedPrincipal princMock;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.initMocks(this);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
+ }
+
+ @Test
+ public void test() throws IOException {
+ BasicHttpTafResp tafResp = new BasicHttpTafResp(access, princMock, description, RESP.IS_AUTHENTICATED, respMock, realm, false);
+
+ assertThat(tafResp.authenticate(), is(RESP.HTTP_REDIRECT_INVOKED));
+ assertThat(tafResp.isAuthenticated(), is (RESP.IS_AUTHENTICATED));
+ assertThat(tafResp.isFailedAttempt(), is(false));
+ }
+
+}
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.taf.cert.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.principal.TaggedPrincipal;
+import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.taf.cert.X509HttpTafResp;
+
+public class JU_X509HttpTafResp {
+
+ private final static String description = "description";
+ private final static RESP status = RESP.IS_AUTHENTICATED;
+
+ private PropAccess access;
+
+ @Mock private TaggedPrincipal princMock;
+
+ @Before
+ public void setup() {
+ MockitoAnnotations.initMocks(this);
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
+ }
+
+ @Test
+ public void test() throws IOException {
+ X509HttpTafResp resp = new X509HttpTafResp(access, princMock, description, status);
+ assertThat(resp.authenticate(), is(RESP.TRY_ANOTHER_TAF));
+ assertThat(resp.isAuthenticated(), is(status));
+ assertThat(resp.toString(), is(status.name()));
+ }
+
+}
--- /dev/null
+/**
+ *
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.cadi.taf.dos.test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.PrintStream;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.taf.dos.DenialOfServiceTafResp;
+
+public class JU_DenialOfServiceTafResp {
+
+ private final static String description = "description";
+ private final static RESP status = RESP.IS_AUTHENTICATED;
+
+ private PropAccess access;
+
+ @Before
+ public void setup() {
+ access = new PropAccess(new PrintStream(new ByteArrayOutputStream()), new String[0]);
+ }
+
+ @Test
+ public void test() throws IOException {
+ DenialOfServiceTafResp resp = new DenialOfServiceTafResp(access, status, description);
+ assertThat(resp.isAuthenticated(), is(status));
+ assertThat(resp.authenticate(), is(status));
+ }
+
+}
Code Review / aaf / authz.git / commitdiff