aboutsummaryrefslogtreecommitdiffstats
path: root/odl-aaa-moon/aaa-authn-sts/src/test/java
diff options
context:
space:
mode:
Diffstat (limited to 'odl-aaa-moon/aaa-authn-sts/src/test/java')
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java34
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java94
-rw-r--r--odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java164
3 files changed, 292 insertions, 0 deletions
diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java
new file mode 100644
index 00000000..0f806d91
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.sts;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+
+/**
+ * Fixture for testing RESTful stuff.
+ *
+ * @author liemmn
+ *
+ */
+@Path("test")
+public class RestFixture {
+
+ @Context
+ private HttpServletRequest httpRequest;
+
+ @GET
+ @Produces("text/plain")
+ public String msg() {
+ return "ok";
+ }
+}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java
new file mode 100644
index 00000000..7f888455
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.sts;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.Matchers.anyMap;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.UniformInterfaceException;
+import com.sun.jersey.test.framework.JerseyTest;
+import com.sun.jersey.test.framework.WebAppDescriptor;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.opendaylight.aaa.AuthenticationBuilder;
+import org.opendaylight.aaa.ClaimBuilder;
+import org.opendaylight.aaa.api.Authentication;
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.opendaylight.aaa.api.TokenAuth;
+import org.opendaylight.aaa.api.TokenStore;
+import org.opendaylight.aaa.sts.TokenAuthFilter.UnauthorizedException;
+
+public class TokenAuthTest extends JerseyTest {
+
+ private static final String RS_PACKAGES = "org.opendaylight.aaa.sts";
+ private static final String JERSEY_FILTERS = "com.sun.jersey.spi.container.ContainerRequestFilters";
+ private static final String AUTH_FILTERS = TokenAuthFilter.class.getName();
+
+ private static Authentication auth = new AuthenticationBuilder(new ClaimBuilder().setUserId(
+ "1234").setUser("Bob").addRole("admin").addRole("user").setDomain("tenantX").build()).setExpiration(
+ System.currentTimeMillis() + 1000).build();
+
+ private static final String GOOD_TOKEN = "9b01b7cf-8a49-346d-8c47-6a61193e2b60";
+ private static final String BAD_TOKEN = "9b01b7cf-8a49-346d-8c47-6a611badbeef";
+
+ public TokenAuthTest() throws Exception {
+ super(new WebAppDescriptor.Builder(RS_PACKAGES).initParam(JERSEY_FILTERS, AUTH_FILTERS)
+ .build());
+ }
+
+ @BeforeClass
+ public static void init() {
+ ServiceLocator.getInstance().setAuthenticationService(mock(AuthenticationService.class));
+ ServiceLocator.getInstance().setTokenStore(mock(TokenStore.class));
+ when(ServiceLocator.getInstance().getTokenStore().get(GOOD_TOKEN)).thenReturn(auth);
+ when(ServiceLocator.getInstance().getTokenStore().get(BAD_TOKEN)).thenReturn(null);
+ when(ServiceLocator.getInstance().getAuthenticationService().isAuthEnabled()).thenReturn(
+ Boolean.TRUE);
+ }
+
+ @Test()
+ public void testGetUnauthorized() {
+ try {
+ resource().path("test").get(String.class);
+ fail("Shoulda failed with 401!");
+ } catch (UniformInterfaceException e) {
+ ClientResponse resp = e.getResponse();
+ assertEquals(401, resp.getStatus());
+ assertTrue(resp.getHeaders().get(UnauthorizedException.WWW_AUTHENTICATE)
+ .contains(UnauthorizedException.OPENDAYLIGHT));
+ }
+ }
+
+ @Test
+ public void testGet() {
+ String resp = resource().path("test").header("Authorization", "Bearer " + GOOD_TOKEN)
+ .get(String.class);
+ assertEquals("ok", resp);
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
+ public void testGetWithValidator() {
+ try {
+ // Mock a laxed tokenauth...
+ TokenAuth ta = mock(TokenAuth.class);
+ when(ta.validate(anyMap())).thenReturn(auth);
+ ServiceLocator.getInstance().getTokenAuthCollection().add(ta);
+ testGet();
+ } finally {
+ ServiceLocator.getInstance().getTokenAuthCollection().clear();
+ }
+ }
+
+}
diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java
new file mode 100644
index 00000000..06dd6302
--- /dev/null
+++ b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.aaa.sts;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.Arrays;
+import org.eclipse.jetty.testing.HttpTester;
+import org.eclipse.jetty.testing.ServletTester;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.opendaylight.aaa.AuthenticationBuilder;
+import org.opendaylight.aaa.ClaimBuilder;
+import org.opendaylight.aaa.api.AuthenticationService;
+import org.opendaylight.aaa.api.Claim;
+import org.opendaylight.aaa.api.ClientService;
+import org.opendaylight.aaa.api.CredentialAuth;
+import org.opendaylight.aaa.api.IdMService;
+import org.opendaylight.aaa.api.PasswordCredentials;
+import org.opendaylight.aaa.api.TokenAuth;
+import org.opendaylight.aaa.api.TokenStore;
+
+/**
+ * A unit test for token endpoint.
+ *
+ * @author liemmn
+ *
+ */
+public class TokenEndpointTest {
+ private static final long TOKEN_TIMEOUT_SECS = 10;
+ private static final String CONTEXT = "/oauth2";
+ private static final String DIRECT_AUTH = "grant_type=password&username=admin&password=admin&scope=pepsi&client_id=dlux&client_secret=secrete";
+ private static final String REFRESH_TOKEN = "grant_type=refresh_token&refresh_token=whateverisgood&scope=pepsi";
+
+ private static final Claim claim = new ClaimBuilder().setUser("bob").setUserId("1234")
+ .addRole("admin").build();
+ private final static ServletTester server = new ServletTester();
+
+ @BeforeClass
+ public static void init() throws Exception {
+ // Set up server
+ server.setContextPath(CONTEXT);
+
+ // Add our servlet under test
+ server.addServlet(TokenEndpoint.class, "/revoke");
+ server.addServlet(TokenEndpoint.class, "/token");
+
+ // Let's do dis
+ server.start();
+ }
+
+ @AfterClass
+ public static void shutdown() throws Exception {
+ server.stop();
+ }
+
+ @Before
+ public void setup() {
+ mockServiceLocator();
+ when(ServiceLocator.getInstance().getTokenStore().tokenExpiration()).thenReturn(
+ TOKEN_TIMEOUT_SECS);
+ }
+
+ @After
+ public void teardown() {
+ ServiceLocator.getInstance().getTokenAuthCollection().clear();
+ }
+
+ @Test
+ public void testCreateToken401() throws Exception {
+ HttpTester req = new HttpTester();
+ req.setMethod("POST");
+ req.setHeader("Content-Type", "application/x-www-form-urlencoded");
+ req.setContent(DIRECT_AUTH);
+ req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT);
+ req.setVersion("HTTP/1.0");
+
+ HttpTester resp = new HttpTester();
+ resp.parse(server.getResponses(req.generate()));
+ assertEquals(401, resp.getStatus());
+ }
+
+ @Test
+ public void testCreateTokenWithPassword() throws Exception {
+ when(
+ ServiceLocator.getInstance().getCredentialAuth()
+ .authenticate(any(PasswordCredentials.class))).thenReturn(claim);
+
+ HttpTester req = new HttpTester();
+ req.setMethod("POST");
+ req.setHeader("Content-Type", "application/x-www-form-urlencoded");
+ req.setContent(DIRECT_AUTH);
+ req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT);
+ req.setVersion("HTTP/1.0");
+
+ HttpTester resp = new HttpTester();
+ resp.parse(server.getResponses(req.generate()));
+ assertEquals(201, resp.getStatus());
+ assertTrue(resp.getContent().contains("expires_in\":10"));
+ assertTrue(resp.getContent().contains("Bearer"));
+ }
+
+ @Test
+ public void testCreateTokenWithRefreshToken() throws Exception {
+ when(ServiceLocator.getInstance().getTokenStore().get(anyString())).thenReturn(
+ new AuthenticationBuilder(claim).build());
+ when(ServiceLocator.getInstance().getIdmService().listRoles(anyString(), anyString())).thenReturn(
+ Arrays.asList("admin", "user"));
+
+ HttpTester req = new HttpTester();
+ req.setMethod("POST");
+ req.setHeader("Content-Type", "application/x-www-form-urlencoded");
+ req.setContent(REFRESH_TOKEN);
+ req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT);
+ req.setVersion("HTTP/1.0");
+
+ HttpTester resp = new HttpTester();
+ resp.parse(server.getResponses(req.generate()));
+ assertEquals(201, resp.getStatus());
+ assertTrue(resp.getContent().contains("expires_in\":10"));
+ assertTrue(resp.getContent().contains("Bearer"));
+ }
+
+ @Test
+ public void testDeleteToken() throws Exception {
+ when(ServiceLocator.getInstance().getTokenStore().delete("token_to_be_deleted")).thenReturn(
+ true);
+
+ HttpTester req = new HttpTester();
+ req.setMethod("POST");
+ req.setHeader("Content-Type", "application/x-www-form-urlencoded");
+ req.setContent("token_to_be_deleted");
+ req.setURI(CONTEXT + TokenEndpoint.TOKEN_REVOKE_ENDPOINT);
+ req.setVersion("HTTP/1.0");
+
+ HttpTester resp = new HttpTester();
+ resp.parse(server.getResponses(req.generate()));
+ assertEquals(204, resp.getStatus());
+ }
+
+ @SuppressWarnings("unchecked")
+ private static void mockServiceLocator() {
+ ServiceLocator.getInstance().setClientService(mock(ClientService.class));
+ ServiceLocator.getInstance().setIdmService(mock(IdMService.class));
+ ServiceLocator.getInstance().setAuthenticationService(mock(AuthenticationService.class));
+ ServiceLocator.getInstance().setTokenStore(mock(TokenStore.class));
+ ServiceLocator.getInstance().setCredentialAuth(mock(CredentialAuth.class));
+ ServiceLocator.getInstance().getTokenAuthCollection().add(mock(TokenAuth.class));
+ }
+}