/** * ============LICENSE_START======================================================= * org.onap.aai * ================================================================================ * Copyright © 2017 AT&T Intellectual Property. All rights reserved. * Copyright © 2017 European Software Marketing Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= * * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ package org.onap.aai.babel; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertThat; import java.io.File; import java.io.FileWriter; import java.io.IOException; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; import org.junit.Test; import org.onap.aai.auth.AAIAuthException; import org.onap.aai.auth.AAIMicroServiceAuth; import org.onap.aai.auth.AAIMicroServiceAuthCore; import org.onap.aai.babel.config.BabelAuthConfig; import org.springframework.mock.web.MockHttpServletRequest; /** * Tests @{link AAIMicroServiceAuth} */ public class MicroServiceAuthTest { private static final String VALID_ADMIN_USER = "cn=common-name, ou=org-unit, o=org, l=location, st=state, c=us"; private static final String authPolicyFile = "auth_policy.json"; static { System.setProperty("CONFIG_HOME", System.getProperty("user.dir") + File.separator + "src/test/resources"); } /** * Temporarily invalidate the default policy file and then try to initialise the authorisation class using the name * of a policy file that does not exist. * * @throws AAIAuthException * @throws IOException */ @Test(expected = AAIAuthException.class) public void missingPolicyFile() throws AAIAuthException, IOException { String defaultFile = AAIMicroServiceAuthCore.getDefaultAuthFileName(); try { AAIMicroServiceAuthCore.setDefaultAuthFileName("invalid.default.file"); BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig(); gapServiceAuthConfig.setAuthPolicyFile("invalid.file.name"); new AAIMicroServiceAuth(gapServiceAuthConfig); } finally { AAIMicroServiceAuthCore.setDefaultAuthFileName(defaultFile); } } /** * Test loading of a temporary file created with the specified roles * * @throws AAIAuthException * @throws IOException * @throws JSONException */ @Test public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException { JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func")); AAIMicroServiceAuth auth = createAuthService(roles); assertThat(auth.authorize("nosuchuser", "method:func"), is(false)); assertThat(auth.authorize("user", "method:func"), is(true)); } /** * Test that the default policy file is loaded when a non-existent file is passed to the authorisation clas. * * @throws AAIAuthException */ @Test public void createAuthFromDefaultFile() throws AAIAuthException { BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig(); gapServiceAuthConfig.setAuthPolicyFile("non-existent-file"); AAIMicroServiceAuth auth = new AAIMicroServiceAuth(gapServiceAuthConfig); // The default policy will have been loaded assertAdminUserAuthorisation(auth, VALID_ADMIN_USER); } /** * Test loading of the policy file relative to CONFIG_HOME * * @throws AAIAuthException */ @Test public void createAuth() throws AAIAuthException { AAIMicroServiceAuth auth = createStandardAuth(); assertAdminUserAuthorisation(auth, VALID_ADMIN_USER); } @Test public void testAuthUser() throws AAIAuthException { AAIMicroServiceAuth auth = createStandardAuth(); assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK"))); assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101"))); } @Test public void testValidateRequest() throws AAIAuthException { AAIMicroServiceAuth auth = createStandardAuth(); assertThat(auth.validateRequest(null, new MockHttpServletRequest(), null, "app/v1/gap"), is(false)); } private AAIMicroServiceAuth createStandardAuth() throws AAIAuthException { BabelAuthConfig gapServiceAuthConfig = new BabelAuthConfig(); gapServiceAuthConfig.setAuthPolicyFile(authPolicyFile); return new AAIMicroServiceAuth(gapServiceAuthConfig); } /** * @param rolesJson * @return * @throws IOException * @throws AAIAuthException */ private AAIMicroServiceAuth createAuthService(JSONObject roles) throws IOException, AAIAuthException { BabelAuthConfig babelAuthConfig = new BabelAuthConfig(); File file = File.createTempFile("auth-policy", "json"); file.deleteOnExit(); FileWriter fileWriter = new FileWriter(file); fileWriter.write(roles.toString()); fileWriter.flush(); fileWriter.close(); babelAuthConfig.setAuthPolicyFile(file.getAbsolutePath()); return new AAIMicroServiceAuth(babelAuthConfig); } /** * Assert authorisation results for an admin user based on the test policy file * * @param auth * @param adminUser * @throws AAIAuthException */ private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException { assertThat(auth.authorize(adminUser, "GET:actions"), is(true)); assertThat(auth.authorize(adminUser, "POST:actions"), is(true)); assertThat(auth.authorize(adminUser, "PUT:actions"), is(true)); assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true)); } private JSONArray createFunctionObject(String functionName) throws JSONException { JSONArray functionsArray = new JSONArray(); JSONObject func = new JSONObject(); func.put("name", functionName); func.put("methods", createMethodObject("method")); functionsArray.put(func); return functionsArray; } private JSONArray createMethodObject(String methodName) throws JSONException { JSONArray methodsArray = new JSONArray(); JSONObject method = new JSONObject(); method.put("name", methodName); methodsArray.put(method); return methodsArray; } private JSONArray createUserObject(String username) throws JSONException { JSONArray usersArray = new JSONArray(); JSONObject user = new JSONObject(); user.put("username", username); usersArray.put(user); return usersArray; } private JSONObject createRoleObject(String roleName, JSONArray usersArray, JSONArray functionsArray) throws JSONException { JSONObject roles = new JSONObject(); JSONObject role = new JSONObject(); role.put("name", roleName); role.put("functions", functionsArray); role.put("users", usersArray); JSONArray rolesArray = new JSONArray(); rolesArray.put(role); roles.put("roles", rolesArray); return roles; } }