Code Review / dmaap / datarouter.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Removing passwordencryption key
[dmaap/datarouter.git] / datarouter-prov / src / test / java / org / onap / dmaap / datarouter / provisioning / BaseServletTest.java
1 /*******************************************************************************
2  * ============LICENSE_START==================================================
3  * * org.onap.dmaap
4  * * ===========================================================================
5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6  * * ===========================================================================
7  * * Licensed under the Apache License, Version 2.0 (the "License");
8  * * you may not use this file except in compliance with the License.
9  * * You may obtain a copy of the License at
10  * *
11  *  *      http://www.apache.org/licenses/LICENSE-2.0
12  * *
13  *  * Unless required by applicable law or agreed to in writing, software
14  * * distributed under the License is distributed on an "AS IS" BASIS,
15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * * See the License for the specific language governing permissions and
17  * * limitations under the License.
18  * * ============LICENSE_END====================================================
19  * *
20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
21  * *
22  ******************************************************************************/
23
24 package org.onap.dmaap.datarouter.provisioning;
25
26 import static org.hamcrest.Matchers.is;
27 import static org.hamcrest.Matchers.nullValue;
28 import static org.junit.Assert.assertEquals;
29 import static org.junit.Assert.assertNotEquals;
30 import static org.junit.Assert.assertNull;
31 import static org.junit.Assert.assertThat;
32 import static org.mockito.Matchers.anyInt;
33 import static org.mockito.Mockito.mock;
34 import static org.mockito.Mockito.when;
35 import static org.powermock.api.mockito.PowerMockito.mockStatic;
36
37 import java.util.HashSet;
38 import java.util.Set;
39 import java.util.UUID;
40 import javax.crypto.SecretKeyFactory;
41 import javax.servlet.http.HttpServletRequest;
42 import org.apache.commons.lang3.reflect.FieldUtils;
43 import org.json.JSONObject;
44 import org.junit.Assert;
45 import org.junit.Before;
46 import org.junit.Test;
47 import org.junit.runner.RunWith;
48 import org.mockito.Mock;
49 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
50 import org.onap.dmaap.datarouter.provisioning.beans.FeedAuthorization;
51 import org.onap.dmaap.datarouter.provisioning.beans.Group;
52 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
53 import org.powermock.api.mockito.PowerMockito;
54 import org.powermock.core.classloader.annotations.PowerMockIgnore;
55 import org.powermock.core.classloader.annotations.PrepareForTest;
56 import org.powermock.core.classloader.annotations.SuppressStaticInitializationFor;
57 import org.powermock.modules.junit4.PowerMockRunner;
58 import org.slf4j.MDC;
59
60 @RunWith(PowerMockRunner.class)
61 @SuppressStaticInitializationFor({"org.onap.dmaap.datarouter.provisioning.beans.Feed",
62         "org.onap.dmaap.datarouter.provisioning.beans.Subscription",
63         "org.onap.dmaap.datarouter.provisioning.beans.Group"})
64 @PowerMockIgnore({"javax.crypto.*"})
65 @PrepareForTest({UUID.class, SecretKeyFactory.class})
66 public class BaseServletTest extends DrServletTestBase {
67
68     private BaseServlet baseServlet;
69
70     @Mock
71     private HttpServletRequest request;
72
73     @Before
74     public void setUp() throws Exception {
75         super.setUp();
76         baseServlet = new BaseServlet();
77     }
78
79
80     @Test
81     public void Given_Request_Path_Info_Is_Valid_Then_Id_Is_Extracted_Correctly() {
82         when(request.getPathInfo()).thenReturn("/123");
83         assertThat(BaseServlet.getIdFromPath(request), is(123));
84     }
85
86     @Test
87     public void Given_Request_Path_Info_Is_Not_Valid_Then_Minus_One_Is_Returned() {
88         when(request.getPathInfo()).thenReturn("/abc");
89         assertThat(BaseServlet.getIdFromPath(request), is(-1));
90         when(request.getPathInfo()).thenReturn("/");
91         assertThat(BaseServlet.getIdFromPath(request), is(-1));
92     }
93
94     @Test
95     public void Given_Remote_Address_Is_Known_And_RequireCerts_Is_True() throws Exception {
96         when(request.isSecure()).thenReturn(true);
97         Set<String> authAddressesAndNetworks = new HashSet<>();
98         authAddressesAndNetworks.add(("127.0.0.1"));
99         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks, true);
100         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", true, true);
101         assertNull(baseServlet.isAuthorizedForProvisioning(request));
102     }
103
104     @Test
105     public void Given_Request_Is_GetFeedOwner_And_Feed_Exists() {
106         PowerMockito.mockStatic(Feed.class);
107         Feed feed = mock(Feed.class);
108         PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(feed);
109         when(feed.getPublisher()).thenReturn("stub_publisher");
110         assertThat(baseServlet.getFeedOwner("3"), is("stub_publisher"));
111     }
112
113     @Test
114     public void Given_Request_Is_GetFeedOwner_And_Feed_Does_Not_Exist(){
115         PowerMockito.mockStatic(Feed.class);
116         PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(null);
117         assertThat(baseServlet.getFeedOwner("3"), is(nullValue()));
118     }
119
120     @Test
121     public void Given_Request_Is_GetFeedClassification_And_Feed_Exists(){
122         PowerMockito.mockStatic(Feed.class);
123         Feed feed = mock(Feed.class);
124         PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(feed);
125         FeedAuthorization fAuth = mock(FeedAuthorization.class);
126         when(feed.getAuthorization()).thenReturn(fAuth);
127         when(fAuth.getClassification()).thenReturn("stub_classification");
128         assertThat(baseServlet.getFeedClassification("3"), is("stub_classification"));
129     }
130
131     @Test
132     public void Given_Request_Is_GetFeedClassification_And_Feed_Does_Not_Exist() {
133         PowerMockito.mockStatic(Feed.class);
134         PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(null);
135         assertThat(baseServlet.getFeedClassification("3"), is(nullValue()));
136     }
137
138     @Test
139     public void Given_Request_Is_GetSubscriptionOwner_And_Subscription_Exists() {
140         PowerMockito.mockStatic(Subscription.class);
141         Subscription subscription = mock(Subscription.class);
142         PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(subscription);
143         when(subscription.getSubscriber()).thenReturn("stub_subscriber");
144         assertThat(baseServlet.getSubscriptionOwner("3"), is("stub_subscriber"));
145     }
146
147     @Test
148     public void Given_Request_Is_GetSubscriptionOwner_And_Subscription_Does_Not_Exist() {
149         PowerMockito.mockStatic(Subscription.class);
150         PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(null);
151         assertThat(baseServlet.getSubscriptionOwner("3"), is(nullValue()));
152     }
153
154     @Test
155     public void Given_Request_Is_GetGroupByFeedGroupId_And_User_Is_A_Member_Of_Group() {
156         PowerMockito.mockStatic(Feed.class);
157         Feed feed = mock(Feed.class);
158         PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(feed);
159         when(feed.getGroupid()).thenReturn(3);
160         PowerMockito.mockStatic(Group.class);
161         Group group = mock(Group.class);
162         when(group.getMembers()).thenReturn("{id: stub_user}");
163         PowerMockito.when(Group.getGroupById(anyInt())).thenReturn(group);
164         when(group.getAuthid()).thenReturn("stub_authID");
165         assertThat(baseServlet.getGroupByFeedGroupId("stub_user", "3"), is("stub_authID"));
166     }
167
168     @Test
169     public void Given_Request_Is_GetGroupByFeedGroupId_And_User_Is_Not_A_Member_Of_Group() {
170         PowerMockito.mockStatic(Feed.class);
171         Feed feed = mock(Feed.class);
172         PowerMockito.when(Feed.getFeedById(anyInt())).thenReturn(feed);
173         when(feed.getGroupid()).thenReturn(3);
174         PowerMockito.mockStatic(Group.class);
175         Group group = mock(Group.class);
176         when(group.getMembers()).thenReturn("{id: stub_otherUser}");
177         PowerMockito.when(Group.getGroupById(anyInt())).thenReturn(group);
178         when(group.getAuthid()).thenReturn("stub_authID");
179         assertThat(baseServlet.getGroupByFeedGroupId("stub_user", "3"), is(nullValue()));
180     }
181
182     @Test
183     public void Given_Request_Is_GetGroupBySubGroupId_And_User_Is_A_Member_Of_Group() {
184         PowerMockito.mockStatic(Subscription.class);
185         Subscription subscription = mock(Subscription.class);
186         PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(subscription);
187         when(subscription.getGroupid()).thenReturn(3);
188         PowerMockito.mockStatic(Group.class);
189         Group group = mock(Group.class);
190         when(group.getMembers()).thenReturn("{id: stub_user}");
191         PowerMockito.when(Group.getGroupById(anyInt())).thenReturn(group);
192         when(group.getAuthid()).thenReturn("stub_authID");
193         assertThat(baseServlet.getGroupBySubGroupId("stub_user", "3"), is("stub_authID"));
194     }
195
196     @Test
197     public void Given_Request_Is_GetGroupBySubGroupId_And_User_Is_Not_A_Member_Of_Group() {
198         PowerMockito.mockStatic(Subscription.class);
199         Subscription subscription = mock(Subscription.class);
200         PowerMockito.when(Subscription.getSubscriptionById(anyInt())).thenReturn(subscription);
201         when(subscription.getGroupid()).thenReturn(3);
202         PowerMockito.mockStatic(Group.class);
203         Group group = mock(Group.class);
204         when(group.getMembers()).thenReturn("{id: stub_otherUser}");
205         PowerMockito.when(Group.getGroupById(anyInt())).thenReturn(group);
206         when(group.getAuthid()).thenReturn("stub_authID");
207         assertThat(baseServlet.getGroupBySubGroupId("stub_user", "3"), is(nullValue()));
208     }
209
210     @Test
211     public void Given_Request_Has_Empty_RequestId_And_InvocationId_Headers_Generate_MDC_Values() {
212         when(request.getHeader("X-ONAP-RequestID")).thenReturn("");
213         when(request.getHeader("X-InvocationID")).thenReturn("");
214         mockStatic(UUID.class);
215         when(UUID.randomUUID().toString()).thenReturn("123", "456");
216         baseServlet.setIpFqdnRequestIDandInvocationIDForEelf("doDelete", request);
217         Assert.assertNotEquals("123", MDC.get("RequestId"));
218         Assert.assertNotEquals("456", MDC.get("InvocationId"));
219     }
220
221     @Test
222     public void Given_Request_Has_RequestId_And_InvocationId_Headers_Set_MDC_Values() {
223         when(request.getHeader("X-ONAP-RequestID")).thenReturn("123");
224         when(request.getHeader("X-InvocationID")).thenReturn("456");
225         baseServlet.setIpFqdnRequestIDandInvocationIDForEelf("doDelete", request);
226         Assert.assertEquals("123", MDC.get("RequestId"));
227         Assert.assertEquals("456", MDC.get("InvocationId"));
228     }
229
230     public JSONObject getFeedJsonObject() {
231         return new JSONObject("{\"authorization\": {\n" + "    \"endpoint_addrs\": [\n" + "    ],\n"
232                                       + "    \"classification\": \"unclassified\",\n"
233                                       + "    \"endpoint_ids\": [\n" + "      {\n"
234                                       + "        \"password\": \"dradmin\",\n"
235                                       + "        \"id\": \"dradmin\"\n" + "      },\n" + "      {\n"
236                                       + "        \"password\": \"demo123456!\",\n"
237                                       + "        \"id\": \"onap\"\n" + "      }\n" + "    ]\n" + "  }}");
238     }
239
240     public JSONObject getSubJsonObject() {
241         return new JSONObject("{\"delivery\": {\"url\": \"http://172.18.0.3:7070/\", \"user\": "
242             + "\"LOGIN\", \"password\": \"PASSWORD\", \"use100\": true}, \"metadataOnly\": false, "
243             + "\"suspend\": false, \"groupid\": 29, \"subscriber\": \"sg481n\"}");
244     }
245
246     @Test
247     public void Given_Debug_Is_Enabled_Hash_Feed_Passwords_Successful() {
248         JSONObject hashed_feed_pass = BaseServlet.hashPasswords(getFeedJsonObject());
249         assertNotEquals(hashed_feed_pass.getJSONObject("authorization").getJSONArray("endpoint_ids")
250             .getJSONObject(0).get("password").toString(), "demo123456!");
251
252     }
253
254     @Test
255     public void Given_Debug_Is_Enabled_Hash_Sub_Passwords_Successful() {
256         JSONObject hashed_sub_pass = BaseServlet.hashPasswords(getSubJsonObject());
257         assertNotEquals(hashed_sub_pass.getJSONObject("delivery").get("password").toString(), "PASSWORD");
258
259     }
260
261     @Test
262     public void Given_BaseServlet_Verify_Cadi_Feed_Permission() {
263         assertEquals("org.onap.dmaap-dr.feed|legacy|publish", baseServlet.getFeedPermission("legacy", "publish"));
264         assertEquals("org.onap.dmaap-dr.feed|legacy|suspend", baseServlet.getFeedPermission("legacy", "suspend"));
265         assertEquals("org.onap.dmaap-dr.feed|legacy|restore", baseServlet.getFeedPermission("legacy", "restore"));
266         assertEquals("org.onap.dmaap-dr.feed|org.onap.dmaap-dr.NoInstanceDefined|restore", baseServlet.getFeedPermission(null, "restore"));
267         assertEquals("org.onap.dmaap-dr.feed|legacy|*", baseServlet.getFeedPermission("legacy", "default"));
268     }
269
270     @Test
271     public void Given_BaseServlet_Verify_Cadi_Sub_Permission() {
272         assertEquals("org.onap.dmaap-dr.feed|legacy|subscribe", baseServlet.getSubscriberPermission("legacy", "subscribe"));
273         assertEquals("org.onap.dmaap-dr.sub|legacy|suspend", baseServlet.getSubscriberPermission("legacy", "suspend"));
274         assertEquals("org.onap.dmaap-dr.sub|legacy|restore", baseServlet.getSubscriberPermission("legacy", "restore"));
275         assertEquals("org.onap.dmaap-dr.sub|legacy|publish", baseServlet.getSubscriberPermission("legacy", "publish"));
276         assertEquals("org.onap.dmaap-dr.sub|org.onap.dmaap-dr.NoInstanceDefined|restore", baseServlet.getSubscriberPermission(null, "restore"));
277         assertEquals("org.onap.dmaap-dr.sub|legacy|*", baseServlet.getSubscriberPermission("legacy", "default"));
278     }
279
280 }
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API