2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
6 * Copyright (c) 2017-2019 European Software Marketing Ltd.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.aai.babel;
24 import static org.hamcrest.CoreMatchers.is;
25 import static org.junit.Assert.assertThat;
28 import java.io.FileWriter;
29 import java.io.IOException;
30 import java.util.concurrent.TimeUnit;
31 import org.json.JSONArray;
32 import org.json.JSONException;
33 import org.json.JSONObject;
34 import org.junit.Before;
35 import org.junit.Test;
36 import org.onap.aai.auth.AAIAuthException;
37 import org.onap.aai.auth.AAIMicroServiceAuth;
38 import org.onap.aai.auth.AAIMicroServiceAuthCore;
39 import org.onap.aai.babel.config.BabelAuthConfig;
40 import org.springframework.mock.web.MockHttpServletRequest;
43 * Tests @{link AAIMicroServiceAuth}.
46 public class MicroServiceAuthTest {
48 private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us";
49 private static final String authPolicyFile = "auth_policy.json";
53 System.setProperty("CONFIG_HOME", "src/test/resources");
57 * Test authorization of a request when authentication is disabled.
59 * @throws AAIAuthException
60 * if the test creates invalid Auth Policy roles
63 public void testAuthenticationDisabled() throws AAIAuthException {
64 BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
65 babelAuthConfig.setAuthenticationDisable(true);
66 AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelAuthConfig);
67 assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "any/uri"), is(true));
71 * Temporarily invalidate the default policy file and then try to initialize the authorization class using the name
72 * of a policy file that does not exist.
74 * @throws AAIAuthException
75 * if the Auth policy file cannot be loaded
77 @Test(expected = AAIAuthException.class)
78 public void missingPolicyFile() throws AAIAuthException {
79 String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName();
81 AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file");
82 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
83 babelServiceAuthConfig.setAuthPolicyFile("invalid.file.name");
84 new AAIMicroServiceAuth(babelServiceAuthConfig);
86 AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile);
91 * Temporarily invalidate the default policy file and then try to initialize the authorization class using a null
94 * @throws AAIAuthException
95 * if the Auth policy file cannot be loaded
97 @Test(expected = AAIAuthException.class)
98 public void testNullPolicyFile() throws AAIAuthException {
99 String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName();
101 AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file");
102 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
103 babelServiceAuthConfig.setAuthPolicyFile(null);
104 new AAIMicroServiceAuth(babelServiceAuthConfig);
106 AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile);
111 * Test loading of a temporary file created with the specified roles.
113 * @throws AAIAuthException
114 * if the test creates invalid Auth Policy roles
115 * @throws IOException
117 * @throws JSONException
118 * if this test creates an invalid JSON object
121 public void createLocalAuthFile() throws JSONException, AAIAuthException, IOException {
122 JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
123 createAuthService(roles);
124 assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false));
125 assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true));
129 * Test re-loading of users by changing the contents of a temporary file.
131 * @throws JSONException
132 * if this test creates an invalid JSON object
133 * @throws AAIAuthException
134 * if the test creates invalid Auth Policy roles
135 * @throws IOException
137 * @throws InterruptedException
138 * if interrupted while sleeping
141 public void createLocalAuthFileOnChange()
142 throws JSONException, AAIAuthException, IOException, InterruptedException {
143 JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
144 File file = createTempPolicyFile(roles);
146 BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
147 babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath());
148 new AAIMicroServiceAuth(babelAuthConfig);
150 // Make changes to the temp file
151 FileWriter fileWriter = new FileWriter(file);
152 fileWriter.write("");
156 // Wait for the file to be reloaded
157 TimeUnit.SECONDS.sleep(3);
159 AAIMicroServiceAuthCore.cleanup();
163 * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class.
165 * @throws AAIAuthException
166 * if the Auth Policy cannot be loaded
169 public void createAuthFromDefaultFile() throws AAIAuthException {
170 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
171 babelServiceAuthConfig.setAuthPolicyFile("non-existent-file");
172 AAIMicroServiceAuth auth = new AAIMicroServiceAuth(babelServiceAuthConfig);
173 // The default policy will have been loaded
174 assertAdminUserAuthorisation(auth, VALID_ADMIN_USER);
178 * Test that the default policy file is loaded when a non-existent file is passed to the authorisation class and
179 * CONFIG_HOME is not set.
181 * @throws AAIAuthException
182 * if the Auth Policy cannot be loaded
185 public void createAuthFromDefaultFileAppHome() throws AAIAuthException {
186 System.clearProperty("CONFIG_HOME");
187 System.setProperty("APP_HOME", "src/test/resources");
188 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
189 babelServiceAuthConfig.setAuthPolicyFile("non-existent-file");
190 new AAIMicroServiceAuth(babelServiceAuthConfig);
191 // The default policy will have been loaded from APP_HOME/appconfig
195 * Test loading of the policy file relative to CONFIG_HOME.
197 * @throws AAIAuthException
198 * if the Auth Policy cannot be loaded
201 public void createAuth() throws AAIAuthException {
202 AAIMicroServiceAuth auth = createStandardAuth();
203 assertAdminUserAuthorisation(auth, VALID_ADMIN_USER);
207 public void testAuthUser() throws AAIAuthException {
208 createStandardAuth();
209 assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true));
210 assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false));
214 public void testValidateRequest() throws AAIAuthException {
215 AAIMicroServiceAuth auth = createStandardAuth();
216 assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/babel"), is(false));
219 private AAIMicroServiceAuth createStandardAuth() throws AAIAuthException {
220 BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
221 babelServiceAuthConfig.setAuthPolicyFile(authPolicyFile);
222 return new AAIMicroServiceAuth(babelServiceAuthConfig);
226 * Create a test Auth policy JSON file and pass this to the Auth Service.
229 * the Auth policy JSON content
230 * @return a new Auth Service configured with the supplied roles
231 * @throws IOException
233 * @throws AAIAuthException
234 * if the auth policy file cannot be loaded
236 private AAIMicroServiceAuth createAuthService(JSONObject roles) throws AAIAuthException, IOException {
237 File file = createTempPolicyFile(roles);
238 BabelAuthConfig babelAuthConfig = new BabelAuthConfig();
239 babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath());
240 return new AAIMicroServiceAuth(babelAuthConfig);
244 * Create a temporary JSON file using the supplied roles.
247 * the roles to use to populate the new file
248 * @return the new temporary file
249 * @throws IOException
252 private File createTempPolicyFile(JSONObject roles) throws IOException {
253 File file = File.createTempFile("auth-policy", "json");
255 FileWriter fileWriter = new FileWriter(file);
256 fileWriter.write(roles.toString());
263 * Assert authorisation results for an admin user based on the test policy file.
266 * the Auth Service to test
269 * @throws AAIAuthException
270 * if the Auth Service is not initialized
272 private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException {
273 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true));
274 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true));
275 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true));
276 assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true));
279 private JSONArray createFunctionObject(String functionName) throws JSONException {
280 JSONArray functionsArray = new JSONArray();
281 JSONObject func = new JSONObject();
282 func.put("name", functionName);
283 func.put("methods", createMethodObject("method"));
284 functionsArray.put(func);
285 return functionsArray;
288 private JSONArray createMethodObject(String methodName) throws JSONException {
289 JSONArray methodsArray = new JSONArray();
290 JSONObject method = new JSONObject();
291 method.put("name", methodName);
292 methodsArray.put(method);
296 private JSONArray createUserObject(String username) throws JSONException {
297 JSONArray usersArray = new JSONArray();
298 JSONObject user = new JSONObject();
299 user.put("username", username);
300 usersArray.put(user);
304 private JSONObject createRoleObject(String roleName, JSONArray usersArray, JSONArray functionsArray)
305 throws JSONException {
306 JSONObject role = new JSONObject();
307 role.put("name", roleName);
308 role.put("functions", functionsArray);
309 role.put("users", usersArray);
311 JSONArray rolesArray = new JSONArray();
312 rolesArray.put(role);
314 JSONObject roles = new JSONObject();
315 roles.put("roles", rolesArray);