From e63b03f3d7e4851e008e4bb4d184982c2c0bd229 Mon Sep 17 00:00:00 2001 From: WuKong Date: Tue, 24 May 2016 17:13:17 +0200 Subject: odl/aaa clone Change-Id: I2b72c16aa3245e02d985a2c6189aacee7caad36e Signed-off-by: WuKong --- .../java/org/opendaylight/aaa/sts/RestFixture.java | 34 +++++ .../org/opendaylight/aaa/sts/TokenAuthTest.java | 94 ++++++++++++ .../opendaylight/aaa/sts/TokenEndpointTest.java | 164 +++++++++++++++++++++ 3 files changed, 292 insertions(+) create mode 100644 odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java create mode 100644 odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java create mode 100644 odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java (limited to 'odl-aaa-moon/aaa-authn-sts/src/test') diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java new file mode 100644 index 00000000..0f806d91 --- /dev/null +++ b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/RestFixture.java @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.sts; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; + +/** + * Fixture for testing RESTful stuff. + * + * @author liemmn + * + */ +@Path("test") +public class RestFixture { + + @Context + private HttpServletRequest httpRequest; + + @GET + @Produces("text/plain") + public String msg() { + return "ok"; + } +} diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java new file mode 100644 index 00000000..7f888455 --- /dev/null +++ b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenAuthTest.java @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.sts; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; +import static org.mockito.Matchers.anyMap; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import com.sun.jersey.api.client.ClientResponse; +import com.sun.jersey.api.client.UniformInterfaceException; +import com.sun.jersey.test.framework.JerseyTest; +import com.sun.jersey.test.framework.WebAppDescriptor; +import org.junit.BeforeClass; +import org.junit.Test; +import org.opendaylight.aaa.AuthenticationBuilder; +import org.opendaylight.aaa.ClaimBuilder; +import org.opendaylight.aaa.api.Authentication; +import org.opendaylight.aaa.api.AuthenticationService; +import org.opendaylight.aaa.api.TokenAuth; +import org.opendaylight.aaa.api.TokenStore; +import org.opendaylight.aaa.sts.TokenAuthFilter.UnauthorizedException; + +public class TokenAuthTest extends JerseyTest { + + private static final String RS_PACKAGES = "org.opendaylight.aaa.sts"; + private static final String JERSEY_FILTERS = "com.sun.jersey.spi.container.ContainerRequestFilters"; + private static final String AUTH_FILTERS = TokenAuthFilter.class.getName(); + + private static Authentication auth = new AuthenticationBuilder(new ClaimBuilder().setUserId( + "1234").setUser("Bob").addRole("admin").addRole("user").setDomain("tenantX").build()).setExpiration( + System.currentTimeMillis() + 1000).build(); + + private static final String GOOD_TOKEN = "9b01b7cf-8a49-346d-8c47-6a61193e2b60"; + private static final String BAD_TOKEN = "9b01b7cf-8a49-346d-8c47-6a611badbeef"; + + public TokenAuthTest() throws Exception { + super(new WebAppDescriptor.Builder(RS_PACKAGES).initParam(JERSEY_FILTERS, AUTH_FILTERS) + .build()); + } + + @BeforeClass + public static void init() { + ServiceLocator.getInstance().setAuthenticationService(mock(AuthenticationService.class)); + ServiceLocator.getInstance().setTokenStore(mock(TokenStore.class)); + when(ServiceLocator.getInstance().getTokenStore().get(GOOD_TOKEN)).thenReturn(auth); + when(ServiceLocator.getInstance().getTokenStore().get(BAD_TOKEN)).thenReturn(null); + when(ServiceLocator.getInstance().getAuthenticationService().isAuthEnabled()).thenReturn( + Boolean.TRUE); + } + + @Test() + public void testGetUnauthorized() { + try { + resource().path("test").get(String.class); + fail("Shoulda failed with 401!"); + } catch (UniformInterfaceException e) { + ClientResponse resp = e.getResponse(); + assertEquals(401, resp.getStatus()); + assertTrue(resp.getHeaders().get(UnauthorizedException.WWW_AUTHENTICATE) + .contains(UnauthorizedException.OPENDAYLIGHT)); + } + } + + @Test + public void testGet() { + String resp = resource().path("test").header("Authorization", "Bearer " + GOOD_TOKEN) + .get(String.class); + assertEquals("ok", resp); + } + + @SuppressWarnings("unchecked") + @Test + public void testGetWithValidator() { + try { + // Mock a laxed tokenauth... + TokenAuth ta = mock(TokenAuth.class); + when(ta.validate(anyMap())).thenReturn(auth); + ServiceLocator.getInstance().getTokenAuthCollection().add(ta); + testGet(); + } finally { + ServiceLocator.getInstance().getTokenAuthCollection().clear(); + } + } + +} diff --git a/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java new file mode 100644 index 00000000..06dd6302 --- /dev/null +++ b/odl-aaa-moon/aaa-authn-sts/src/test/java/org/opendaylight/aaa/sts/TokenEndpointTest.java @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2014, 2015 Hewlett-Packard Development Company, L.P. and others. All rights reserved. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v1.0 which accompanies this distribution, + * and is available at http://www.eclipse.org/legal/epl-v10.html + */ + +package org.opendaylight.aaa.sts; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.Matchers.any; +import static org.mockito.Matchers.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.util.Arrays; +import org.eclipse.jetty.testing.HttpTester; +import org.eclipse.jetty.testing.ServletTester; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.opendaylight.aaa.AuthenticationBuilder; +import org.opendaylight.aaa.ClaimBuilder; +import org.opendaylight.aaa.api.AuthenticationService; +import org.opendaylight.aaa.api.Claim; +import org.opendaylight.aaa.api.ClientService; +import org.opendaylight.aaa.api.CredentialAuth; +import org.opendaylight.aaa.api.IdMService; +import org.opendaylight.aaa.api.PasswordCredentials; +import org.opendaylight.aaa.api.TokenAuth; +import org.opendaylight.aaa.api.TokenStore; + +/** + * A unit test for token endpoint. + * + * @author liemmn + * + */ +public class TokenEndpointTest { + private static final long TOKEN_TIMEOUT_SECS = 10; + private static final String CONTEXT = "/oauth2"; + private static final String DIRECT_AUTH = "grant_type=password&username=admin&password=admin&scope=pepsi&client_id=dlux&client_secret=secrete"; + private static final String REFRESH_TOKEN = "grant_type=refresh_token&refresh_token=whateverisgood&scope=pepsi"; + + private static final Claim claim = new ClaimBuilder().setUser("bob").setUserId("1234") + .addRole("admin").build(); + private final static ServletTester server = new ServletTester(); + + @BeforeClass + public static void init() throws Exception { + // Set up server + server.setContextPath(CONTEXT); + + // Add our servlet under test + server.addServlet(TokenEndpoint.class, "/revoke"); + server.addServlet(TokenEndpoint.class, "/token"); + + // Let's do dis + server.start(); + } + + @AfterClass + public static void shutdown() throws Exception { + server.stop(); + } + + @Before + public void setup() { + mockServiceLocator(); + when(ServiceLocator.getInstance().getTokenStore().tokenExpiration()).thenReturn( + TOKEN_TIMEOUT_SECS); + } + + @After + public void teardown() { + ServiceLocator.getInstance().getTokenAuthCollection().clear(); + } + + @Test + public void testCreateToken401() throws Exception { + HttpTester req = new HttpTester(); + req.setMethod("POST"); + req.setHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setContent(DIRECT_AUTH); + req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT); + req.setVersion("HTTP/1.0"); + + HttpTester resp = new HttpTester(); + resp.parse(server.getResponses(req.generate())); + assertEquals(401, resp.getStatus()); + } + + @Test + public void testCreateTokenWithPassword() throws Exception { + when( + ServiceLocator.getInstance().getCredentialAuth() + .authenticate(any(PasswordCredentials.class))).thenReturn(claim); + + HttpTester req = new HttpTester(); + req.setMethod("POST"); + req.setHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setContent(DIRECT_AUTH); + req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT); + req.setVersion("HTTP/1.0"); + + HttpTester resp = new HttpTester(); + resp.parse(server.getResponses(req.generate())); + assertEquals(201, resp.getStatus()); + assertTrue(resp.getContent().contains("expires_in\":10")); + assertTrue(resp.getContent().contains("Bearer")); + } + + @Test + public void testCreateTokenWithRefreshToken() throws Exception { + when(ServiceLocator.getInstance().getTokenStore().get(anyString())).thenReturn( + new AuthenticationBuilder(claim).build()); + when(ServiceLocator.getInstance().getIdmService().listRoles(anyString(), anyString())).thenReturn( + Arrays.asList("admin", "user")); + + HttpTester req = new HttpTester(); + req.setMethod("POST"); + req.setHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setContent(REFRESH_TOKEN); + req.setURI(CONTEXT + TokenEndpoint.TOKEN_GRANT_ENDPOINT); + req.setVersion("HTTP/1.0"); + + HttpTester resp = new HttpTester(); + resp.parse(server.getResponses(req.generate())); + assertEquals(201, resp.getStatus()); + assertTrue(resp.getContent().contains("expires_in\":10")); + assertTrue(resp.getContent().contains("Bearer")); + } + + @Test + public void testDeleteToken() throws Exception { + when(ServiceLocator.getInstance().getTokenStore().delete("token_to_be_deleted")).thenReturn( + true); + + HttpTester req = new HttpTester(); + req.setMethod("POST"); + req.setHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setContent("token_to_be_deleted"); + req.setURI(CONTEXT + TokenEndpoint.TOKEN_REVOKE_ENDPOINT); + req.setVersion("HTTP/1.0"); + + HttpTester resp = new HttpTester(); + resp.parse(server.getResponses(req.generate())); + assertEquals(204, resp.getStatus()); + } + + @SuppressWarnings("unchecked") + private static void mockServiceLocator() { + ServiceLocator.getInstance().setClientService(mock(ClientService.class)); + ServiceLocator.getInstance().setIdmService(mock(IdMService.class)); + ServiceLocator.getInstance().setAuthenticationService(mock(AuthenticationService.class)); + ServiceLocator.getInstance().setTokenStore(mock(TokenStore.class)); + ServiceLocator.getInstance().setCredentialAuth(mock(CredentialAuth.class)); + ServiceLocator.getInstance().getTokenAuthCollection().add(mock(TokenAuth.class)); + } +} -- cgit 1.2.3-korg