2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.policy.pdp.test;
23 import static org.junit.Assert.assertEquals;
24 import static org.junit.Assert.assertFalse;
25 import static org.junit.Assert.assertTrue;
26 import static org.junit.Assert.fail;
28 import java.util.ArrayList;
29 import java.util.List;
31 import javax.security.auth.x500.X500Principal;
33 import org.junit.Test;
35 import com.att.research.xacml.api.XACML3;
36 import com.att.research.xacml.std.datatypes.DataTypes;
37 import com.att.research.xacmlatt.pdp.policy.Bag;
38 import com.att.research.xacmlatt.pdp.policy.ExpressionResult;
39 import com.att.research.xacmlatt.pdp.policy.FunctionArgument;
40 import com.att.research.xacmlatt.pdp.policy.FunctionArgumentAttributeValue;
41 import com.att.research.xacmlatt.pdp.policy.FunctionArgumentBag;
42 import com.att.research.xacmlatt.pdp.std.StdFunctions;
43 import com.att.research.xacmlatt.pdp.std.functions.*;
46 * Test of PDP Functions (See XACML core spec section A.3)
49 * In Eclipse select this file or the enclosing directory, right-click and select Run As/JUnit Test
53 public class FunctionDefinitionSpecialMatchTest {
56 * variables useful in the following tests
58 List<FunctionArgument> arguments = new ArrayList<>();
61 public void testX500NameMatch() {
62 // assume that the contents of the name components are not significant and we can treat them as simple blocks of "<name>=<value>"
63 String A = "cn=Some person";
64 String B = "O=Medico Corp";
66 String D = "DNQUALIFIER=d string";
67 String E = "SURNAME=some name";
68 String F = "INITIALS=inits";
71 X500Principal abc = new X500Principal(A + "," + B + "," + C);
72 X500Principal dabc = new X500Principal(D + "," + A + "," + B + "," + C);
73 X500Principal abcd = new X500Principal(A + "," + B + "," + C + "," + D);
74 X500Principal adbc = new X500Principal(A + "," + D + "," + B + "," + C);
75 X500Principal dcab = new X500Principal(D + "," + C + "," + A + "," + B) ;
76 X500Principal def = new X500Principal(D + "," + E + "," + F) ;
79 FunctionArgumentAttributeValue attrABC = null;
80 FunctionArgumentAttributeValue attrDABC = null;
81 FunctionArgumentAttributeValue attrABCD = null;
82 FunctionArgumentAttributeValue attrADBC = null;
83 FunctionArgumentAttributeValue attrDCAB = null;
84 FunctionArgumentAttributeValue attrDEF = null;
86 FunctionArgumentAttributeValue attrBad = null;
87 FunctionArgumentBag attrBag = new FunctionArgumentBag(new Bag());
91 attrABC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(abc));
92 attrDABC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(dabc));
93 attrABCD = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(abcd));
94 attrADBC = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(adbc));
95 attrDCAB = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(dcab));
96 attrDEF = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(def));
98 attrBad = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(123));
99 } catch (Exception e) {
100 fail("creating attribute e="+ e);
103 FunctionDefinitionX500NameMatch fd = (FunctionDefinitionX500NameMatch) StdFunctions.FD_X500NAME_MATCH;
105 // check identity and type of the thing created
106 assertEquals(XACML3.ID_FUNCTION_X500NAME_MATCH, fd.getId());
107 assertEquals(DataTypes.DT_X500NAME.getId(), fd.getDataTypeArgs().getId());
108 assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
110 // just to be safe... If tests take too long these can probably be eliminated
111 assertFalse(fd.returnsBag());
112 assertEquals(new Integer(2), fd.getNumArgs());
115 // test normal, first exact match for second
117 arguments.add(attrABC);
118 arguments.add(attrABC);
119 ExpressionResult res = fd.evaluate(null, arguments);
120 assertTrue(res.isOk());
121 Boolean resValue = (Boolean)res.getValue().getValue();
122 assertTrue(resValue);
124 // test first is end of second
126 arguments.add(attrABC);
127 arguments.add(attrDABC);
128 res = fd.evaluate(null, arguments);
129 assertTrue(res.isOk());
130 resValue = (Boolean)res.getValue().getValue();
131 assertTrue(resValue);
133 // first exact match for sub-section but not end of second
135 arguments.add(attrABC);
136 arguments.add(attrABCD);
137 res = fd.evaluate(null, arguments);
138 assertTrue(res.isOk());
139 resValue = (Boolean)res.getValue().getValue();
140 assertFalse(resValue);
142 // components of first match components in second but not contiguous
144 arguments.add(attrABC);
145 arguments.add(attrADBC);
146 res = fd.evaluate(null, arguments);
147 assertTrue(res.isOk());
148 resValue = (Boolean)res.getValue().getValue();
149 assertFalse(resValue);
151 // components of first match components in second but not in order
153 arguments.add(attrABC);
154 arguments.add(attrDCAB);
155 res = fd.evaluate(null, arguments);
156 assertTrue(res.isOk());
157 resValue = (Boolean)res.getValue().getValue();
158 assertFalse(resValue);
160 // first does not match second at all
162 arguments.add(attrABC);
163 arguments.add(attrDEF);
164 res = fd.evaluate(null, arguments);
165 assertTrue(res.isOk());
166 resValue = (Boolean)res.getValue().getValue();
167 assertFalse(resValue);
169 // first arg larger than 2nd arg
171 arguments.add(attrABCD);
172 arguments.add(attrABC);
173 res = fd.evaluate(null, arguments);
174 assertTrue(res.isOk());
175 resValue = (Boolean)res.getValue().getValue();
176 assertFalse(resValue);
180 arguments.add(attrABC);
181 arguments.add(attrBad);
182 res = fd.evaluate(null, arguments);
183 assertFalse(res.getStatus().isOk());
184 assertEquals( "function:x500Name-match Expected data type 'x500Name' saw 'integer' at arg index 1", res.getStatus().getStatusMessage());
185 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
189 arguments.add(attrABC);
190 arguments.add(attrABC);
191 arguments.add(attrABC);
192 res = fd.evaluate(null, arguments);
193 assertFalse(res.getStatus().isOk());
194 assertEquals( "function:x500Name-match Expected 2 arguments, got 3", res.getStatus().getStatusMessage());
195 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
199 arguments.add(attrABC);
200 res = fd.evaluate(null, arguments);
201 assertFalse(res.getStatus().isOk());
202 assertEquals( "function:x500Name-match Expected 2 arguments, got 1", res.getStatus().getStatusMessage());
203 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
206 res = fd.evaluate(null, arguments);
207 assertFalse(res.getStatus().isOk());
208 assertEquals( "function:x500Name-match Expected 2 arguments, got 0", res.getStatus().getStatusMessage());
209 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
213 arguments.add(attrABC);
214 arguments.add(attrBag);
215 res = fd.evaluate(null, arguments);
216 assertFalse(res.getStatus().isOk());
217 assertEquals( "function:x500Name-match Expected a simple value, saw a bag at arg index 1", res.getStatus().getStatusMessage());
218 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
223 arguments.add(attrBag);
224 res = fd.evaluate(null, arguments);
225 assertFalse(res.getStatus().isOk());
226 assertEquals( "function:x500Name-match Got null argument at arg index 0", res.getStatus().getStatusMessage());
227 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
233 public void testRfc822NameMatch() {
238 FunctionArgumentAttributeValue attrStringabcxyz = null;
239 FunctionArgumentAttributeValue attrStringABCxyz = null;
240 FunctionArgumentAttributeValue attrStringabcXYZ = null;
241 FunctionArgumentAttributeValue attrStringcx = null;
242 FunctionArgumentAttributeValue attrStringwholedomainpart = null;
243 FunctionArgumentAttributeValue attrStringWholeDomainPart = null;
244 FunctionArgumentAttributeValue attrStringWholeDomain = null;
245 FunctionArgumentAttributeValue attrStringdomainpart = null;
246 FunctionArgumentAttributeValue attrStringDomainPart = null;
247 FunctionArgumentAttributeValue attrStringdotWholeDomain = null;
248 FunctionArgumentAttributeValue attrStringdomain = null;
250 FunctionArgumentAttributeValue attrStringNoMatch = null;
251 FunctionArgumentAttributeValue attrStringMultipleAt = null;
252 FunctionArgumentAttributeValue attrStringMissingLocal = null;
253 FunctionArgumentAttributeValue attrStringMissingDomain = null;
256 FunctionArgumentAttributeValue attrRfcabcxyz = null;
257 FunctionArgumentAttributeValue attrRfcwholedomainpart = null;
258 FunctionArgumentAttributeValue attrRfcWholeDomainPart = null;
260 FunctionArgumentBag attrBag = new FunctionArgumentBag(new Bag());
263 attrStringabcxyz = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("abc@xyz"));
264 attrStringABCxyz = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("ABC@xyz"));
265 attrStringabcXYZ = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("abc@XYZ"));
266 attrStringcx = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("c@x"));
267 attrStringwholedomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("whole.domain.part"));
268 attrStringWholeDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("Whole.Domain.Part"));
269 attrStringWholeDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("Whole.Domain"));
270 attrStringdomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".domain.part"));
271 attrStringDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".Domain.Part"));
272 attrStringdotWholeDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".Whole.Domain"));
273 attrStringdomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(".domain."));
275 attrStringNoMatch = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("no match to any legal name"));
276 attrStringMultipleAt = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("name@with@multipleAts"));
277 attrStringMissingLocal = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("@multipleAts"));
278 attrStringMissingDomain = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue("localpart@"));
280 attrRfcabcxyz = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@xyz"));
281 attrRfcwholedomainpart = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@whole.domain.part"));
282 attrRfcWholeDomainPart = new FunctionArgumentAttributeValue(DataTypes.DT_RFC822NAME.createAttributeValue("abc@Whole.Domain.Part"));
283 } catch (Exception e) {
284 fail("creating attribute e="+ e);
287 FunctionDefinitionRFC822NameMatch fd = (FunctionDefinitionRFC822NameMatch) StdFunctions.FD_RFC822NAME_MATCH;
289 // check identity and type of the thing created
290 assertEquals(XACML3.ID_FUNCTION_RFC822NAME_MATCH, fd.getId());
291 assertEquals(DataTypes.DT_RFC822NAME.getId(), fd.getDataTypeArgs().getId());
292 assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
294 // just to be safe... If tests take too long these can probably be eliminated
295 assertFalse(fd.returnsBag());
298 // string identical to name - exact match on whole search term
300 arguments.add(attrStringabcxyz);
301 arguments.add(attrRfcabcxyz);
302 ExpressionResult res = fd.evaluate(null, arguments);
303 assertTrue(res.getStatus().isOk());
304 Boolean resValue = (Boolean)res.getValue().getValue();
305 assertTrue(resValue);
307 // no match local case different
309 arguments.add(attrStringABCxyz);
310 arguments.add(attrRfcabcxyz);
311 res = fd.evaluate(null, arguments);
312 assertTrue(res.getStatus().isOk());
313 resValue = (Boolean)res.getValue().getValue();
314 assertFalse(resValue);
316 // match domain case different
318 arguments.add(attrStringabcXYZ);
319 arguments.add(attrRfcabcxyz);
320 res = fd.evaluate(null, arguments);
321 assertTrue(res.getStatus().isOk());
322 resValue = (Boolean)res.getValue().getValue();
323 assertTrue(resValue);
326 // partial local + partial domain
328 arguments.add(attrStringcx);
329 arguments.add(attrRfcabcxyz);
330 res = fd.evaluate(null, arguments);
331 assertTrue(res.getStatus().isOk());
332 resValue = (Boolean)res.getValue().getValue();
333 assertFalse(resValue);
337 arguments.add(attrStringwholedomainpart);
338 arguments.add(attrRfcwholedomainpart);
339 res = fd.evaluate(null, arguments);
340 assertTrue(res.getStatus().isOk());
341 resValue = (Boolean)res.getValue().getValue();
342 assertTrue(resValue);
344 // whole domain different case
346 arguments.add(attrStringWholeDomainPart);
347 arguments.add(attrRfcwholedomainpart);
348 res = fd.evaluate(null, arguments);
349 assertTrue(res.getStatus().isOk());
350 resValue = (Boolean)res.getValue().getValue();
351 assertTrue(resValue);
354 arguments.add(attrStringwholedomainpart);
355 arguments.add(attrRfcWholeDomainPart);
356 res = fd.evaluate(null, arguments);
357 assertTrue(res.getStatus().isOk());
358 resValue = (Boolean)res.getValue().getValue();
359 assertTrue(resValue);
363 arguments.add(attrStringWholeDomain);
364 arguments.add(attrRfcWholeDomainPart);
365 res = fd.evaluate(null, arguments);
366 assertTrue(res.getStatus().isOk());
367 resValue = (Boolean)res.getValue().getValue();
368 assertFalse(resValue);
370 // partial domain match
372 arguments.add(attrStringDomainPart);
373 arguments.add(attrRfcWholeDomainPart);
374 res = fd.evaluate(null, arguments);
375 assertTrue(res.getStatus().isOk());
376 resValue = (Boolean)res.getValue().getValue();
377 assertTrue(resValue);
379 // partial domain different case
381 arguments.add(attrStringdomainpart);
382 arguments.add(attrRfcWholeDomainPart);
383 res = fd.evaluate(null, arguments);
384 assertTrue(res.getStatus().isOk());
385 resValue = (Boolean)res.getValue().getValue();
386 assertTrue(resValue);
388 // partial domain fail
390 arguments.add(attrStringdotWholeDomain);
391 arguments.add(attrRfcWholeDomainPart);
392 res = fd.evaluate(null, arguments);
393 assertTrue(res.getStatus().isOk());
394 resValue = (Boolean)res.getValue().getValue();
395 assertFalse(resValue);
398 arguments.add(attrStringdomain);
399 arguments.add(attrRfcWholeDomainPart);
400 res = fd.evaluate(null, arguments);
401 assertTrue(res.getStatus().isOk());
402 resValue = (Boolean)res.getValue().getValue();
403 assertFalse(resValue);
405 // search term contains more than 1 @
407 arguments.add(attrStringMultipleAt);
408 arguments.add(attrRfcabcxyz);
409 res = fd.evaluate(null, arguments);
410 assertFalse(res.getStatus().isOk());
411 assertEquals( "function:rfc822Name-match String contained more than 1 '@' in 'name@with@multipleAts'", res.getStatus().getStatusMessage());
412 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
414 // search term missing local part
416 arguments.add(attrStringMissingLocal);
417 arguments.add(attrRfcabcxyz);
418 res = fd.evaluate(null, arguments);
419 assertFalse(res.getStatus().isOk());
420 assertEquals( "function:rfc822Name-match String missing local part in '@multipleAts'", res.getStatus().getStatusMessage());
421 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
423 // search term missing domain part
425 arguments.add(attrStringMissingDomain);
426 arguments.add(attrRfcabcxyz);
427 res = fd.evaluate(null, arguments);
428 assertFalse(res.getStatus().isOk());
429 assertEquals( "function:rfc822Name-match String missing domain part in 'localpart@'", res.getStatus().getStatusMessage());
430 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
434 arguments.add(attrRfcabcxyz);
435 arguments.add(attrStringNoMatch);
436 res = fd.evaluate(null, arguments);
437 assertFalse(res.getStatus().isOk());
438 assertEquals( "function:rfc822Name-match Expected data type 'string' saw 'rfc822Name' at arg index 0", res.getStatus().getStatusMessage());
439 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
443 arguments.add(attrStringNoMatch);
444 arguments.add(attrStringNoMatch);
445 arguments.add(attrStringNoMatch);
446 res = fd.evaluate(null, arguments);
447 assertFalse(res.getStatus().isOk());
448 assertEquals( "function:rfc822Name-match Expected 2 arguments, got 3", res.getStatus().getStatusMessage());
449 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
453 arguments.add(attrStringNoMatch);
454 res = fd.evaluate(null, arguments);
455 assertFalse(res.getStatus().isOk());
456 assertEquals( "function:rfc822Name-match Expected 2 arguments, got 1", res.getStatus().getStatusMessage());
457 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
460 res = fd.evaluate(null, arguments);
461 assertFalse(res.getStatus().isOk());
462 assertEquals( "function:rfc822Name-match Expected 2 arguments, got 0", res.getStatus().getStatusMessage());
463 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
467 arguments.add(attrStringNoMatch);
468 arguments.add(attrBag);
469 res = fd.evaluate(null, arguments);
470 assertFalse(res.getStatus().isOk());
471 assertEquals( "function:rfc822Name-match Expected a simple value, saw a bag at arg index 1", res.getStatus().getStatusMessage());
472 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());
477 arguments.add(attrStringNoMatch);
478 res = fd.evaluate(null, arguments);
479 assertFalse(res.getStatus().isOk());
480 assertEquals( "function:rfc822Name-match Got null argument at arg index 0", res.getStatus().getStatusMessage());
481 assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode().getStatusCodeValue().stringValue());