1 /*******************************************************************************
2 * ============LICENSE_START==================================================
4 * * ===========================================================================
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * * ===========================================================================
7 * * Licensed under the Apache License, Version 2.0 (the "License");
8 * * you may not use this file except in compliance with the License.
9 * * You may obtain a copy of the License at
11 * * http://www.apache.org/licenses/LICENSE-2.0
13 * * Unless required by applicable law or agreed to in writing, software
14 * * distributed under the License is distributed on an "AS IS" BASIS,
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * * See the License for the specific language governing permissions and
17 * * limitations under the License.
18 * * ============LICENSE_END====================================================
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
22 ******************************************************************************/
23 package org.onap.dmaap.datarouter.provisioning;
25 import static org.mockito.ArgumentMatchers.anyString;
26 import static org.mockito.Mockito.contains;
27 import static org.mockito.Mockito.eq;
28 import static org.mockito.Mockito.mock;
29 import static org.mockito.Mockito.verify;
30 import static org.mockito.Mockito.when;
31 import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
33 import ch.qos.logback.classic.spi.ILoggingEvent;
34 import ch.qos.logback.core.read.ListAppender;
35 import java.util.HashSet;
37 import javax.persistence.EntityManager;
38 import javax.persistence.EntityManagerFactory;
39 import javax.persistence.Persistence;
40 import javax.servlet.ServletOutputStream;
41 import javax.servlet.http.HttpServletRequest;
42 import javax.servlet.http.HttpServletResponse;
43 import org.apache.commons.lang3.reflect.FieldUtils;
44 import org.jetbrains.annotations.NotNull;
45 import org.json.JSONArray;
46 import org.json.JSONObject;
47 import org.junit.AfterClass;
48 import org.junit.Before;
49 import org.junit.BeforeClass;
50 import org.junit.Test;
51 import org.junit.runner.RunWith;
52 import org.mockito.Mock;
53 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
54 import org.onap.dmaap.datarouter.authz.Authorizer;
55 import org.onap.dmaap.datarouter.provisioning.beans.Insertable;
56 import org.onap.dmaap.datarouter.provisioning.utils.Poker;
57 import org.powermock.core.classloader.annotations.PowerMockIgnore;
58 import org.powermock.modules.junit4.PowerMockRunner;
61 @RunWith(PowerMockRunner.class)
62 @PowerMockIgnore({"com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "org.w3c.*"})
63 public class DRFeedsServletTest extends DrServletTestBase {
65 private static DRFeedsServlet drfeedsServlet;
66 private static EntityManagerFactory emf;
67 private static EntityManager em;
70 private HttpServletRequest request;
72 private HttpServletResponse response;
74 private ListAppender<ILoggingEvent> listAppender;
77 public static void init() {
78 emf = Persistence.createEntityManagerFactory("dr-unit-tests");
79 em = emf.createEntityManager();
81 "org.onap.dmaap.datarouter.provserver.properties",
82 "src/test/resources/h2Database.properties");
86 public static void tearDownClass() {
93 public void setUp() throws Exception {
94 listAppender = setTestLogger(DRFeedsServlet.class);
95 drfeedsServlet = new DRFeedsServlet();
96 setAuthoriserToReturnRequestIsAuthorized();
97 setPokerToNotCreateTimersWhenDeleteFeedIsCalled();
98 setupValidAuthorisedRequest();
99 setUpValidSecurityOnHttpRequest();
100 setUpValidContentHeadersAndJSONOnHttpRequest();
104 public void Given_Request_Is_HTTP_DELETE_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
105 drfeedsServlet.doDelete(request, response);
106 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), anyString());
107 verifyEnteringExitCalled(listAppender);
111 public void Given_Request_Is_HTTP_GET_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
113 when(request.isSecure()).thenReturn(false);
114 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
115 drfeedsServlet.doGet(request, response);
116 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
117 verifyEnteringExitCalled(listAppender);
121 public void Given_Request_Is_HTTP_GET_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
123 setBehalfHeader(null);
124 drfeedsServlet.doGet(request, response);
125 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
130 public void Given_Request_Is_HTTP_GET_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
132 when(request.getRequestURI()).thenReturn("/123");
133 drfeedsServlet.doGet(request, response);
134 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), anyString());
139 public void Given_Request_Is_HTTP_GET_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
141 setAuthoriserToReturnRequestNotAuthorized();
142 drfeedsServlet.doGet(request, response);
143 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
147 public void Given_Request_Is_HTTP_GET_And_Request_Fails_With_Valid_Name_And_Version() throws Exception {
148 when(request.getParameter("name")).thenReturn("stub_name");
149 when(request.getParameter("version")).thenReturn("stub_version");
150 drfeedsServlet.doGet(request, response);
151 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
155 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds_With_Valid_Name_And_Version() throws Exception {
156 ServletOutputStream outStream = mock(ServletOutputStream.class);
157 when(response.getOutputStream()).thenReturn(outStream);
158 when(request.getParameter("name")).thenReturn("Feed1");
159 when(request.getParameter("version")).thenReturn("v0.1");
160 drfeedsServlet.doGet(request, response);
161 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
162 verify(response).setContentType(BaseServlet.FEEDFULL_CONTENT_TYPE);
163 verifyEnteringExitCalled(listAppender);
168 public void Given_Request_Is_HTTP_GET_And_Request_Succeeds_With_Invalid_Name_And_Version() throws Exception {
169 ServletOutputStream outStream = mock(ServletOutputStream.class);
170 when(response.getOutputStream()).thenReturn(outStream);
171 drfeedsServlet.doGet(request, response);
172 verify(response).setStatus(eq(HttpServletResponse.SC_OK));
177 public void Given_Request_Is_HTTP_PUT_SC_METHOD_NOT_ALLOWED_Response_Is_Generated() throws Exception {
178 drfeedsServlet.doPut(request, response);
179 verify(response).sendError(eq(HttpServletResponse.SC_METHOD_NOT_ALLOWED), anyString());
180 verifyEnteringExitCalled(listAppender);
185 public void Given_Request_Is_HTTP_POST_And_Is_Not_Secure_When_HTTPS_Is_Required_Then_Forbidden_Response_Is_Generated()
187 when(request.isSecure()).thenReturn(false);
188 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isAddressAuthEnabled", "true", true);
189 drfeedsServlet.doPost(request, response);
190 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
191 verifyEnteringExitCalled(listAppender);
195 public void Given_Request_Is_HTTP_POST_And_BEHALF_HEADER_Is_Not_Set_In_Request_Then_Bad_Request_Response_Is_Generated()
197 setBehalfHeader(null);
198 drfeedsServlet.doPost(request, response);
199 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
204 public void Given_Request_Is_HTTP_POST_And_URL_Path_Not_Valid_Then_Bad_Request_Response_Is_Generated()
206 when(request.getRequestURI()).thenReturn("/123");
207 drfeedsServlet.doPost(request, response);
208 verify(response).sendError(eq(HttpServletResponse.SC_NOT_FOUND), anyString());
213 public void Given_Request_Is_HTTP_POST_And_Content_Header_Is_Not_Supported_Type_Then_Unsupported_Media_Type_Response_Is_Generated()
215 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.1");
216 when(request.getContentType()).thenReturn("stub_contentType");
217 drfeedsServlet.doPost(request, response);
219 .sendError(eq(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE), anyString());
223 public void Given_Request_Is_HTTP_POST_And_CadiEnabled_Is_True_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
225 setAuthoriserToReturnRequestNotAuthorized();
226 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
227 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
228 JSONObject JSObject = buildRequestJsonObject();
229 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
230 public JSONObject getJSONfromInput(HttpServletRequest req) {
231 JSONObject jo = new JSONObject();
232 jo.put("name", "not_stub_name");
233 jo.put("version", "1.0");
234 jo.put("authorization", JSObject);
235 jo.put("aaf_instance", "legacy");
239 drfeedsServlet.doPost(request, response);
240 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
244 public void Given_Request_Is_HTTP_POST_And_CadiEnabled_Is_False_And_Request_Is_Not_Authorized_Then_Forbidden_Response_Is_Generated()
246 setAuthoriserToReturnRequestNotAuthorized();
247 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "false", true);
248 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
249 JSONObject JSObject = buildRequestJsonObject();
250 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
251 public JSONObject getJSONfromInput(HttpServletRequest req) {
252 JSONObject jo = new JSONObject();
253 jo.put("name", "not_stub_name");
254 jo.put("version", "1.0");
255 jo.put("authorization", JSObject);
256 jo.put("aaf_instance", "legacy");
260 drfeedsServlet.doPost(request, response);
261 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), anyString());
265 public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_True_Then_Forbidden_Response_Is_Generated() throws Exception {
266 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
267 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
268 JSONObject JSObject = buildRequestJsonObject();
269 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
270 public JSONObject getJSONfromInput(HttpServletRequest req) {
271 JSONObject jo = new JSONObject();
272 jo.put("name", "not_stub_name");
273 jo.put("version", "1.0");
274 jo.put("authorization", JSObject);
275 jo.put("aaf_instance", "https://aaf-onap-test.osaaf.org:8095");
279 drfeedsServlet.doPost(request, response);
280 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("Invalid request exclude_AAF"));
284 public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_False_Without_Permissions_Then_Forbidden_Response_Is_Generated() throws Exception {
285 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
286 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
287 JSONObject JSObject = buildRequestJsonObject();
288 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
289 public JSONObject getJSONfromInput(HttpServletRequest req) {
290 JSONObject jo = new JSONObject();
291 jo.put("name", "not_stub_name");
292 jo.put("version", "1.0");
293 jo.put("authorization", JSObject);
294 jo.put("aaf_instance", "*");
298 drfeedsServlet.doPost(request, response);
299 verify(response).sendError(eq(HttpServletResponse.SC_FORBIDDEN), contains("AAF disallows access to permission"));
303 public void Given_Request_Is_HTTP_POST_And_AAF_DRFeed_And_Exclude_AAF_Is_False_With_Permissions_Then_Created_OK_Response_Is_Generated() throws Exception {
304 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "isCadiEnabled", "true", true);
305 ServletOutputStream outStream = mock(ServletOutputStream.class);
306 when(response.getOutputStream()).thenReturn(outStream);
307 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
308 JSONObject JSObject = buildRequestJsonObject();
309 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|create")).thenReturn(true);
310 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
311 public JSONObject getJSONfromInput(HttpServletRequest req) {
312 JSONObject jo = new JSONObject();
313 jo.put("name", "not_stub_name");
314 jo.put("version", "1.0");
315 jo.put("authorization", JSObject);
316 jo.put("aaf_instance", "*");
321 protected boolean doInsert(Insertable bean) {
325 drfeedsServlet.doPost(request, response);
326 verify(response).setStatus(eq(HttpServletResponse.SC_CREATED));
327 verifyEnteringExitCalled(listAppender);
331 public void Given_Request_Is_HTTP_POST_And_Request_Contains_Badly_Formed_JSON_Then_Bad_Request_Response_Is_Generated()
333 drfeedsServlet.doPost(request, response);
334 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
338 public void Given_Request_Is_HTTP_POST_And_Active_Feeds_Equals_Max_Feeds_Then_Bad_Request_Response_Is_Generated()
340 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 0, true);
341 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
342 public JSONObject getJSONfromInput(HttpServletRequest req) {
343 return new JSONObject();
346 drfeedsServlet.doPost(request, response);
347 verify(response).sendError(eq(HttpServletResponse.SC_CONFLICT), anyString());
351 public void Given_Request_Is_HTTP_POST_And_Feed_Is_Not_Valid_Object_Bad_Request_Response_Is_Generated()
353 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
354 public JSONObject getJSONfromInput(HttpServletRequest req) {
355 return new JSONObject();
359 drfeedsServlet.doPost(request, response);
360 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), anyString());
364 public void Given_Request_Is_HTTP_POST_And_Feed_Already_Exists_Bad_Request_Response_Is_Generated()
366 when(request.getParameter("name")).thenReturn("AafFeed");
367 when(request.getParameter("version")).thenReturn("v0.1");
368 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("false");
369 when(request.isUserInRole("org.onap.dmaap-dr.feed|*|create")).thenReturn(true);
370 JSONObject JSObject = buildRequestJsonObject();
371 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
372 public JSONObject getJSONfromInput(HttpServletRequest req) {
373 JSONObject jo = new JSONObject();
374 jo.put("name", "AafFeed");
375 jo.put("version", "v0.1");
376 jo.put("authorization", JSObject);
377 jo.put("aaf_instance", "*");
381 drfeedsServlet.doPost(request, response);
382 verify(response).sendError(eq(HttpServletResponse.SC_BAD_REQUEST), contains("This feed already exists in the database"));
386 public void Given_Request_Is_HTTP_POST_And_POST_Fails_Bad_Request_Response_Is_Generated() throws Exception {
387 JSONObject JSObject = buildRequestJsonObject();
388 when(request.getHeader(DRFeedsServlet.EXCLUDE_AAF_HEADER)).thenReturn("true");
389 DRFeedsServlet drfeedsServlet = new DRFeedsServlet() {
390 public JSONObject getJSONfromInput(HttpServletRequest req) {
391 JSONObject jo = new JSONObject();
392 jo.put("name", "stub_name");
393 jo.put("version", "2.0");
394 jo.put("authorization", JSObject);
395 jo.put("aaf_instance", "legacy");
400 protected boolean doInsert(Insertable bean) {
404 drfeedsServlet.doPost(request, response);
406 .sendError(eq(HttpServletResponse.SC_INTERNAL_SERVER_ERROR), anyString());
410 private JSONObject buildRequestJsonObject() {
411 JSONObject JSObject = new JSONObject();
412 JSONArray endpointIDs = new JSONArray();
413 JSONObject JOEndpointIDs = new JSONObject();
414 JOEndpointIDs.put("id", "stub_endpoint_id");
415 JOEndpointIDs.put("password", "stub_endpoint_password");
416 endpointIDs.put(JOEndpointIDs);
418 JSONArray endpointAddresses = new JSONArray();
419 endpointAddresses.put("127.0.0.1");
421 JSObject.put("classification", "stub_classification");
422 JSObject.put("endpoint_ids", endpointIDs);
423 JSObject.put("endpoint_addrs", endpointAddresses);
427 private void setUpValidSecurityOnHttpRequest() throws Exception {
428 when(request.isSecure()).thenReturn(true);
429 Set<String> authAddressesAndNetworks = new HashSet<>();
430 authAddressesAndNetworks.add(("127.0.0.1"));
432 .writeDeclaredStaticField(BaseServlet.class, "authorizedAddressesAndNetworks", authAddressesAndNetworks,
434 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "requireCert", false, true);
435 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "maxFeeds", 100, true);
438 private void setBehalfHeader(String headerValue) {
439 when(request.getHeader(BEHALF_HEADER)).thenReturn(headerValue);
442 private void setAuthoriserToReturnRequestNotAuthorized() throws IllegalAccessException {
443 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
444 Authorizer authorizer = mock(Authorizer.class);
445 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
446 when(authorizer.decide(request)).thenReturn(authResponse);
447 when(authResponse.isAuthorized()).thenReturn(false);
450 private void setAuthoriserToReturnRequestIsAuthorized() throws IllegalAccessException {
451 AuthorizationResponse authResponse = mock(AuthorizationResponse.class);
452 Authorizer authorizer = mock(Authorizer.class);
453 FieldUtils.writeDeclaredStaticField(BaseServlet.class, "authz", authorizer, true);
454 when(authorizer.decide(request)).thenReturn(authResponse);
455 when(authResponse.isAuthorized()).thenReturn(true);
458 private void setPokerToNotCreateTimersWhenDeleteFeedIsCalled() throws Exception {
459 Poker poker = mock(Poker.class);
460 FieldUtils.writeDeclaredStaticField(Poker.class, "poker", poker, true);
463 private void setupValidAuthorisedRequest() throws Exception {
464 setUpValidSecurityOnHttpRequest();
465 setBehalfHeader("Stub_Value");
468 private void setUpValidContentHeadersAndJSONOnHttpRequest() throws IllegalAccessException {
469 when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.feed; version=1.0");
470 when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");