2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
6 * Copyright (c) 2017-2019 European Software Marketing Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.aai.babel;
24 import static org.hamcrest.CoreMatchers.is;
25 import static org.junit.Assert.assertThat;
28 import java.io.FileWriter;
29 import java.io.IOException;
30 import org.json.JSONArray;
31 import org.json.JSONException;
32 import org.json.JSONObject;
33 import org.junit.Test;
34 import org.onap.aai.auth.AAIAuthException;
35 import org.onap.aai.auth.AAIMicroServiceAuth;
36 import org.onap.aai.auth.AAIMicroServiceAuthCore;
37 import org.onap.aai.babel.config.BabelAuthConfig;
38 import org.springframework.mock.web.MockHttpServletRequest;
41 * Tests @{link AAIMicroServiceAuth}.
44 public class MicroServiceAuthTest {
46 private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us";
47 private static final String authPolicyFile = "auth_policy.json";
50 System.setProperty("CONFIG_HOME", "src/test/resources");
54 * Temporarily invalidate the default policy file and then try to initialize the authorization class using the name
55 * of a policy file that does not exist.
57 * @throws AAIAuthException
58 * if the Auth policy file cannot be loaded
60 @Test(expected = AAIAuthException.class)
61 public void missingPolicyFile() throws AAIAuthException {
62 String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName();
64 AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file");
65 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
66 babelServiceAuthConfig.setAuthPolicyFile("invalid.file.name");
67 new AAIMicroServiceAuth(babelServiceAuthConfig);
69 AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile);
74 * Test loading of a temporary file created with the specified roles.
76 * @throws AAIAuthException
77 * if the test creates invalid Auth Policy roles
80 * @throws JSONException
81 * if this test creates an invalid JSON object
84 public void createLocalAuthFile() throws JSONException, AAIAuthException, IOException {
85 JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
86 createAuthService(roles);
87 assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false));
88 assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true));
92 * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class.
94 * @throws AAIAuthException
95 * if the Auth Policy cannot be loaded
98 public void createAuthFromDefaultFile() throws AAIAuthException {
99 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
100 babelServiceAuthConfig.setAuthPolicyFile("non-existent-file");
101 AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelServiceAuthConfig);
102 // The default policy will have been loaded
103 assertAdminUserAuthorisation(auth, VALID_ADMIN_USER);
107 * Test loading of the policy file relative to CONFIG_HOME.
109 * @throws AAIAuthException
110 * if the Auth Policy cannot be loaded
113 public void createAuth() throws AAIAuthException {
114 AAIMicroServiceAuth auth = createStandardAuth();
115 assertAdminUserAuthorisation(auth, VALID_ADMIN_USER);
119 public void testAuthUser() throws AAIAuthException {
120 createStandardAuth();
121 assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true));
122 assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false));
126 public void testValidateRequest() throws AAIAuthException {
127 AAIMicroServiceAuth auth = createStandardAuth();
128 assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/babel"), is(false));
131 private AAIMicroServiceAuth createStandardAuth() throws AAIAuthException {
132 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
133 babelServiceAuthConfig.setAuthPolicyFile(authPolicyFile);
134 return new AAIMicroServiceAuth(babelServiceAuthConfig);
138 * Create a test Auth policy JSON file and pass this to the Auth Service.
141 * the Auth policy JSON content
142 * @return a new Auth Service configured with the supplied roles
143 * @throws IOException
145 * @throws AAIAuthException
146 * if the auth policy file cannot be loaded
148 private AAIMicroServiceAuth createAuthService(JSONObject roles) throws AAIAuthException, IOException {
149 File file = File.createTempFile("auth-policy", "json");
151 FileWriter fileWriter = new FileWriter(file);
152 fileWriter.write(roles.toString());
156 BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
157 babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath());
158 return new AAIMicroServiceAuth(babelAuthConfig);
162 * Assert authorisation results for an admin user based on the test policy file.
165 * the Auth Service to test
168 * @throws AAIAuthException
169 * if the Auth Service is not initialized
171 private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException {
172 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true));
173 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true));
174 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true));
175 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true));
178 private JSONArray createFunctionObject(String functionName) throws JSONException {
179 JSONArray functionsArray = new JSONArray();
180 JSONObject func = new JSONObject();
181 func.put("name", functionName);
182 func.put("methods", createMethodObject("method"));
183 functionsArray.put(func);
184 return functionsArray;
187 private JSONArray createMethodObject(String methodName) throws JSONException {
188 JSONArray methodsArray = new JSONArray();
189 JSONObject method = new JSONObject();
190 method.put("name", methodName);
191 methodsArray.put(method);
195 private JSONArray createUserObject(String username) throws JSONException {
196 JSONArray usersArray = new JSONArray();
197 JSONObject user = new JSONObject();
198 user.put("username", username);
199 usersArray.put(user);
203 private JSONObject createRoleObject(String roleName, JSONArray usersArray, JSONArray functionsArray)
204 throws JSONException {
205 JSONObject role = new JSONObject();
206 role.put("name", roleName);
207 role.put("functions", functionsArray);
208 role.put("users", usersArray);
210 JSONArray rolesArray = new JSONArray();
211 rolesArray.put(role);
213 JSONObject roles = new JSONObject();
214 roles.put("roles", rolesArray);