[ONOS-5907] Implementing unit test on Security-Mode ONOS
Change-Id: I1bd8e1df60ad3e5115f0a46ff9f621ec8fd82c36
diff --git a/core/api/src/test/java/org/onosproject/security/AppGuardTest.java b/core/api/src/test/java/org/onosproject/security/AppGuardTest.java
new file mode 100755
index 0000000..c85802a
--- /dev/null
+++ b/core/api/src/test/java/org/onosproject/security/AppGuardTest.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import java.security.AccessControlException;
+
+import org.junit.Test;
+
+/**
+ * Test of AppGuard.
+ */
+public class AppGuardTest {
+
+ @Test(expected = AccessControlException.class)
+ public void testCheckPermission() throws Exception {
+ SecurityManager sm = new SecurityManager();
+ sm.checkPermission(new AppPermission((AppPermission.Type.APP_EVENT)));
+ }
+
+}
diff --git a/core/api/src/test/java/org/onosproject/security/AppPermissionTest.java b/core/api/src/test/java/org/onosproject/security/AppPermissionTest.java
new file mode 100755
index 0000000..9f2011c
--- /dev/null
+++ b/core/api/src/test/java/org/onosproject/security/AppPermissionTest.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.onosproject.security.AppPermission.Type;
+
+/**
+ * Test of AppPermission.
+ */
+public class AppPermissionTest {
+
+ @Test
+ public void testAppPermissionString() {
+ String name = "app_read".toUpperCase();
+ assertEquals(Type.APP_READ, Type.valueOf(name));
+ }
+
+ @Test
+ public void testAppPermissionStringString() {
+ String name = "app_read".toUpperCase();
+ assertEquals(Type.APP_READ, Type.valueOf(name));
+ }
+
+ @Test
+ public void testAppPermissionType() {
+ Type type = Type.APP_WRITE;
+ assertEquals(Type.APP_WRITE, type);
+ }
+
+ @Test
+ public void testGetType() {
+ AppPermission appPermission = new AppPermission(Type.APP_WRITE);
+ assertEquals(Type.APP_WRITE, appPermission.getType());
+ }
+
+}
diff --git a/core/api/src/test/java/org/onosproject/security/PermissionTest.java b/core/api/src/test/java/org/onosproject/security/PermissionTest.java
new file mode 100755
index 0000000..c47a058
--- /dev/null
+++ b/core/api/src/test/java/org/onosproject/security/PermissionTest.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertSame;
+
+import org.junit.Test;
+
+/**
+ * Test of Permission.
+ */
+public class PermissionTest {
+
+ @Test
+ public void testHashCode() {
+ Permission permission = new Permission("classname", "name", "actions");
+ assertEquals(0, permission.hashCode());
+ }
+
+ @Test
+ public void testPermissionStringStringString() {
+ Permission permission = new Permission("classname", "name", "actions");
+ assertEquals("classname", permission.getClassName());
+ assertEquals("name", permission.getName());
+ assertEquals("actions", permission.getActions());
+ }
+
+ @Test
+ public void testPermissionStringString() {
+ Permission permission = new Permission("classname", "name");
+ assertEquals("classname", permission.getClassName());
+ assertEquals("name", permission.getName());
+ assertEquals("", permission.getActions());
+ }
+
+ @Test
+ public void testGetClassName() {
+ Permission permission = new Permission("classname", "name");
+ assertEquals("classname", permission.getClassName());
+ }
+
+ @Test
+ public void testGetName() {
+ Permission permission = new Permission("classname", "name");
+ assertEquals("name", permission.getName());
+ }
+
+ @Test
+ public void testGetActions() {
+ Permission permission = new Permission("classname", "name", "actions");
+ assertEquals("actions", permission.getActions());
+ }
+
+ @Test
+ public void testEqualsObject() {
+ Permission permissionA = new Permission("classname", "name", "actions");
+ Permission permissionB = new Permission("classname", "name", "actions");
+ assertSame(permissionA, permissionA);
+ assertEquals(permissionA.getClassName(), permissionB.getClassName());
+ assertEquals(permissionA.getName(), permissionB.getName());
+ assertEquals(permissionA.getActions(), permissionB.getActions());
+ }
+
+ @Test
+ public void testToString() {
+ Permission permission = new Permission("classname", "name", "actions");
+ assertEquals("(classname, name, actions)", permission.toString());
+ }
+
+}
diff --git a/core/api/src/test/java/org/onosproject/security/SecurityAdminServiceAdapter.java b/core/api/src/test/java/org/onosproject/security/SecurityAdminServiceAdapter.java
new file mode 100755
index 0000000..9849e8d
--- /dev/null
+++ b/core/api/src/test/java/org/onosproject/security/SecurityAdminServiceAdapter.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import java.security.Permission;
+import java.util.List;
+import java.util.Map;
+
+import org.onosproject.core.ApplicationId;
+
+/**
+ * Test adapter for SecurityAdminService.
+ */
+public class SecurityAdminServiceAdapter implements SecurityAdminService {
+
+ @Override
+ public boolean isSecured(ApplicationId appId) {
+ return false;
+ }
+
+ @Override
+ public void review(ApplicationId appId) {
+ }
+
+ @Override
+ public void acceptPolicy(ApplicationId appId) {
+ }
+
+ @Override
+ public void register(ApplicationId appId) {
+ }
+
+ @Override
+ public Map<Integer, List<Permission>> getPrintableSpecifiedPermissions(ApplicationId appId) {
+ return null;
+ }
+
+ @Override
+ public Map<Integer, List<Permission>> getPrintableGrantedPermissions(ApplicationId appId) {
+ return null;
+ }
+
+ @Override
+ public Map<Integer, List<Permission>> getPrintableRequestedPermissions(ApplicationId appId) {
+ return null;
+ }
+
+}
diff --git a/core/api/src/test/java/org/onosproject/security/SecurityUtilTest.java b/core/api/src/test/java/org/onosproject/security/SecurityUtilTest.java
new file mode 100755
index 0000000..882e95b
--- /dev/null
+++ b/core/api/src/test/java/org/onosproject/security/SecurityUtilTest.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onosproject.core.DefaultApplicationId;
+
+/**
+ * Test of SecurityUtil.
+ */
+public class SecurityUtilTest {
+
+ private static SecurityAdminServiceAdapter service = new SecurityAdminServiceAdapter();
+ private DefaultApplicationId appId;
+
+ @Before
+ public void setUp() throws Exception {
+ appId = new DefaultApplicationId(1, "test");
+ }
+
+ @Test
+ public void testIsSecurityModeEnabled() {
+ assertNull(System.getSecurityManager());
+ assertNotNull(service);
+ }
+
+ @Test
+ public void testGetSecurityService() {
+ assertNull(System.getSecurityManager());
+ assertNotNull(service);
+ }
+
+ @Test
+ public void testIsAppSecured() {
+ assertFalse(service.isSecured(appId));
+ }
+
+ @Test
+ public void testRegister() {
+ service.register(appId);
+ }
+
+}
diff --git a/core/security/src/test/java/org/onosproject/security/impl/DefaultPolicyBuilderTest.java b/core/security/src/test/java/org/onosproject/security/impl/DefaultPolicyBuilderTest.java
new file mode 100755
index 0000000..9b09986
--- /dev/null
+++ b/core/security/src/test/java/org/onosproject/security/impl/DefaultPolicyBuilderTest.java
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.impl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.security.Permission;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onosproject.app.ApplicationAdminService;
+import org.onosproject.security.AppPermission;
+import org.onosproject.security.SecurityAdminService;
+import org.osgi.framework.AdaptPermission;
+import org.osgi.framework.AdminPermission;
+import org.osgi.framework.PackagePermission;
+import org.osgi.framework.ServicePermission;
+import org.osgi.service.cm.ConfigurationPermission;
+
+import com.google.common.collect.Lists;
+
+/**
+ * Unit Test on DefaultPolicyBuilder.
+ */
+public class DefaultPolicyBuilderTest {
+
+ private List<Permission> defaultPermissions;
+ private List<Permission> adminServicePermissions;
+
+ private org.onosproject.security.Permission testPermission;
+ private Set<org.onosproject.security.Permission> testPermissions;
+
+ private Permission testJavaPerm;
+ private Set<Permission> testJavaPerms;
+
+ @Before
+ public void setUp() throws Exception {
+ List<Permission> permSet = Lists.newArrayList();
+ permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
+ permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
+ permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT));
+ permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
+ permSet.add(new AdminPermission("*", AdminPermission.METADATA));
+ defaultPermissions = permSet;
+
+ List<Permission> adminPermSet = Lists.newArrayList();
+ adminPermSet.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET));
+ adminServicePermissions = adminPermSet;
+
+ testPermission = new org.onosproject.security.Permission("testClass", "APP_READ", "testActions");
+ testPermissions = new HashSet<org.onosproject.security.Permission>();
+ testPermissions.add(testPermission);
+
+ testJavaPerm = new AppPermission("testName");
+ testJavaPerms = new HashSet<Permission>();
+ testJavaPerms.add(testJavaPerm);
+ }
+
+ @Test
+ public void testGetUserApplicationPermissions() {
+ List<Permission> perms = Lists.newArrayList();
+ perms.addAll(defaultPermissions);
+ assertEquals(5, defaultPermissions.size());
+ perms.addAll(testJavaPerms);
+ assertEquals(1, testJavaPerms.size());
+ assertEquals(6, perms.size());
+ assertTrue(perms.contains(testJavaPerm));
+ }
+
+ @Test
+ public void testGetAdminApplicationPermissions() {
+ List<Permission> perms = Lists.newArrayList();
+ perms.addAll(defaultPermissions);
+ perms.addAll(adminServicePermissions);
+ perms.addAll(testJavaPerms);
+ assertEquals(7, perms.size());
+ assertTrue(perms.contains(testJavaPerm));
+ }
+
+ @Test
+ public void testConvertToJavaPermissions() {
+ List<Permission> result = Lists.newArrayList();
+ for (org.onosproject.security.Permission perm : testPermissions) {
+ Permission javaPerm = new AppPermission(perm.getName());
+ if (javaPerm != null) {
+ if (javaPerm instanceof AppPermission) {
+ if (((AppPermission) javaPerm).getType() != null) {
+ AppPermission ap = (AppPermission) javaPerm;
+ result.add(ap);
+ }
+ } else if (javaPerm instanceof ServicePermission) {
+ if (!javaPerm.getName().contains(SecurityAdminService.class.getName())) {
+ result.add(javaPerm);
+ }
+ } else {
+ result.add(javaPerm);
+ }
+
+ }
+ }
+ assertTrue(!result.isEmpty());
+ assertEquals("APP_READ", result.get(0).getName());
+ }
+
+ @Test
+ public void testConvertToOnosPermissions() {
+ Permission testJavaPerm = new AppPermission("testName");
+
+ List<org.onosproject.security.Permission> result = Lists.newArrayList();
+ org.onosproject.security.Permission onosPerm =
+ new org.onosproject.security.Permission(AppPermission.class.getName(), testJavaPerm.getName(), "");
+ result.add(onosPerm);
+
+ assertTrue(!result.isEmpty());
+ assertEquals("TESTNAME", result.get(0).getName());
+ }
+
+ @Test
+ public void testGetDefaultPerms() {
+ List<Permission> permSet = Lists.newArrayList();
+ assertTrue(permSet.isEmpty());
+ permSet.add(new PackagePermission("*", PackagePermission.EXPORTONLY));
+ permSet.add(new PackagePermission("*", PackagePermission.IMPORT));
+ permSet.add(new AdaptPermission("*", AdaptPermission.ADAPT));
+ permSet.add(new ConfigurationPermission("*", ConfigurationPermission.CONFIGURE));
+ permSet.add(new AdminPermission("*", AdminPermission.METADATA));
+ assertEquals(5, permSet.size());
+ }
+
+ @Test
+ public void testGetNBServiceList() {
+ Set<String> permString = new HashSet<>();
+ permString.add(new ServicePermission(ApplicationAdminService.class.getName(), ServicePermission.GET).getName());
+ assertEquals(1, permString.size());
+ assertEquals("org.onosproject.app.ApplicationAdminService", permString.toArray()[0]);
+ }
+
+ @Test
+ public void testGetOnosPermission() {
+ org.onosproject.security.Permission result = null;
+ if (testJavaPerm instanceof AppPermission) {
+ result = new org.onosproject.security.Permission(AppPermission.class.getName(), testJavaPerm.getName(), "");
+ }
+ assertNotNull(result);
+ assertEquals("TESTNAME", result.getName());
+ }
+
+}
diff --git a/core/security/src/test/java/org/onosproject/security/impl/SecurityModeManagerTest.java b/core/security/src/test/java/org/onosproject/security/impl/SecurityModeManagerTest.java
new file mode 100755
index 0000000..633e283
--- /dev/null
+++ b/core/security/src/test/java/org/onosproject/security/impl/SecurityModeManagerTest.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.impl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.onosproject.security.store.SecurityModeState.POLICY_VIOLATED;
+import static org.onosproject.security.store.SecurityModeState.REVIEWED;
+import static org.onosproject.security.store.SecurityModeState.SECURED;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.ApplicationRole;
+import org.onosproject.core.DefaultApplication;
+import org.onosproject.core.DefaultApplicationId;
+import org.onosproject.core.Version;
+import org.onosproject.security.Permission;
+import org.onosproject.security.store.SecurityModeStoreAdapter;
+
+/**
+ * Unit Test on SecurityModeManager.
+ */
+public class SecurityModeManagerTest {
+
+ private SecurityModeStoreAdapter store;
+
+ private DefaultApplicationId appId;
+ private DefaultApplication app;
+
+ private Permission testPermission;
+ private Set<Permission> testPermissions;
+ private List<String> testFeatures;
+ private List<String> testRequiredApps;
+ private Set<String> testLocations;
+
+ @Before
+ public void setUp() throws Exception {
+ store = new SecurityModeStoreAdapter();
+
+ appId = new DefaultApplicationId(1, "test");
+ testPermissions = new HashSet<Permission>();
+ testPermission = new Permission("testClass", "testNameAdmin");
+ testPermissions.add(testPermission);
+ testFeatures = new ArrayList<String>();
+ testFeatures.add("testFeature");
+ testRequiredApps = new ArrayList<String>();
+ testRequiredApps.add("testRequiredApp");
+ app = new DefaultApplication(appId, Version.version(1, 1, "patch", "build"), "testTitle",
+ "testDes", "testOri", "testCT",
+ "testurl", "test", null,
+ ApplicationRole.ADMIN, testPermissions,
+ Optional.ofNullable(null), testFeatures, testRequiredApps);
+
+ store.registerApplication(appId);
+ }
+
+// @Test
+// public void testActivate() {
+// fail("Not yet implemented");
+// }
+//
+// @Test
+// public void testDeactivate() {
+// fail("Not yet implemented");
+// }
+
+ @Test
+ public void testIsSecured() {
+ assertTrue(store.isSecured(appId));
+ }
+
+ @Test
+ public void testReview() {
+ assertEquals(SECURED, store.getState(appId));
+ store.reviewPolicy(appId);
+ assertEquals(REVIEWED, store.getState(appId));
+ }
+
+ @Test
+ public void testAcceptPolicy() {
+ assertEquals(SECURED, store.getState(appId));
+ store.acceptPolicy(appId, getMaximumPermissions(appId));
+ assertEquals(POLICY_VIOLATED, store.getState(appId));
+ }
+
+ @Test
+ public void testRegister() {
+ assertTrue(store.registerApplication(appId));
+ }
+
+ @Test
+ public void testGetPrintableSpecifiedPermissions() {
+ Map<Integer, List<Permission>> result = getPrintablePermissionMap(getMaximumPermissions(appId));
+ assertNotNull(result.get(1).get(0));
+ assertTrue(result.get(1).size() > 0);
+ assertEquals("testNameAdmin", result.get(1).get(0).getName());
+ }
+
+ @Test
+ public void testGetPrintableGrantedPermissions() {
+ Map<Integer, List<Permission>> result = getPrintablePermissionMap(store.getGrantedPermissions(appId));
+ assertNotNull(result.get(2).get(0));
+ assertTrue(result.get(2).size() > 0);
+ assertEquals("testName", result.get(2).get(0).getName());
+ }
+
+ @Test
+ public void testGetPrintableRequestedPermissions() {
+ DefaultApplicationId appIdViolation;
+ appIdViolation = new DefaultApplicationId(2, "violation");
+ Map<Integer, List<Permission>> result =
+ getPrintablePermissionMap(store.getRequestedPermissions(appIdViolation));
+ assertNotNull(result.get(2).get(0));
+ assertTrue(result.get(2).size() > 0);
+ assertEquals("testNameViolation", result.get(2).get(0).getName());
+ }
+
+
+ private Map<Integer, List<Permission>> getPrintablePermissionMap(Set<Permission> perms) {
+ ConcurrentHashMap<Integer, List<Permission>> sortedMap = new ConcurrentHashMap<>();
+ sortedMap.put(0, new ArrayList());
+ sortedMap.put(1, new ArrayList());
+ sortedMap.put(2, new ArrayList());
+ sortedMap.put(3, new ArrayList());
+ sortedMap.put(4, new ArrayList());
+ for (Permission perm : perms) {
+ if (perm.getName().contains("Admin")) {
+ sortedMap.get(1).add(perm);
+ } else {
+ sortedMap.get(2).add(perm);
+ }
+ }
+ return sortedMap;
+ }
+
+ private Set<Permission> getMaximumPermissions(ApplicationId appId) {
+ if (app == null) {
+ return null;
+ }
+ Set<Permission> appPerms;
+ switch (app.role()) {
+ case ADMIN:
+ appPerms = app.permissions();
+ break;
+ case USER:
+ appPerms = app.permissions();
+ break;
+ case UNSPECIFIED:
+ default:
+ appPerms = new HashSet<Permission>();
+ break;
+ }
+
+ return appPerms;
+ }
+}
diff --git a/core/security/src/test/java/org/onosproject/security/store/DistributedSecurityModeStoreTest.java b/core/security/src/test/java/org/onosproject/security/store/DistributedSecurityModeStoreTest.java
new file mode 100755
index 0000000..b4247aa
--- /dev/null
+++ b/core/security/src/test/java/org/onosproject/security/store/DistributedSecurityModeStoreTest.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.security.store.SecurityModeState.*;
+import static org.slf4j.LoggerFactory.getLogger;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ExecutorService;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.ApplicationRole;
+import org.onosproject.core.DefaultApplication;
+import org.onosproject.core.DefaultApplicationId;
+import org.onosproject.core.Version;
+import org.onosproject.security.Permission;
+import org.slf4j.Logger;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Sets;
+
+/**
+ * Unit Test on DistributedSecurityModeStore.
+ */
+public class DistributedSecurityModeStoreTest {
+
+ private final Logger log = getLogger(getClass());
+
+ private DefaultApplicationId appId;
+ private DefaultApplication app;
+
+ private Permission testPermission;
+ private Set<Permission> testPermissions;
+ private List<String> testFeatures;
+ private List<String> testRequiredApps;
+ private Set<String> testLocations;
+ private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory;
+ private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory;
+ private ConcurrentHashMap<ApplicationId, Set<Permission>> violations;
+ private SecurityInfo testSecInfo;
+ private ConcurrentHashMap<ApplicationId, SecurityInfo> states;
+
+ private ExecutorService eventHandler;
+
+ @Before
+ public void setUp() throws Exception {
+ appId = new DefaultApplicationId(1, "test");
+ testPermissions = new HashSet<Permission>();
+ testPermission = new Permission("testClass", "testName");
+ testPermissions.add(testPermission);
+ testFeatures = new ArrayList<String>();
+ testFeatures.add("testFeature");
+ testRequiredApps = new ArrayList<String>();
+ testRequiredApps.add("testRequiredApp");
+ app = new DefaultApplication(appId, Version.version(1, 1, "patch", "build"), "testTitle",
+ "testDes", "testOri", "testCT",
+ "testurl", "test", null,
+ ApplicationRole.ADMIN, testPermissions,
+ Optional.ofNullable(null), testFeatures, testRequiredApps);
+
+ testLocations = new HashSet<String>();
+ testLocations.add("locationA");
+ testLocations.add("locationB");
+
+ Set<ApplicationId> appIdSet = new HashSet<ApplicationId>();
+ appIdSet.add(appId);
+ localBundleAppDirectory = new ConcurrentHashMap<>();
+ localBundleAppDirectory.put("testLocation", appIdSet);
+ localAppBundleDirectory = new ConcurrentHashMap<>();
+ localAppBundleDirectory.put(appId, testLocations);
+
+ violations = new ConcurrentHashMap<ApplicationId, Set<Permission>>();
+ violations.put(appId, testPermissions);
+
+ testSecInfo = new SecurityInfo(testPermissions, SECURED);
+ states = new ConcurrentHashMap<ApplicationId, SecurityInfo>();
+ states.put(appId, testSecInfo);
+ }
+
+ @Test
+ public void testActivate() {
+ eventHandler = newSingleThreadExecutor(groupedThreads("onos/security/store", "event-handler", log));
+ assertNotNull(eventHandler);
+ }
+
+ @Test
+ public void testDeactivate() {
+ eventHandler = newSingleThreadExecutor(groupedThreads("onos/security/store", "event-handler", log));
+ eventHandler.shutdown();
+ assertTrue(eventHandler.isShutdown());
+ }
+
+ @Test
+ public void testGetBundleLocations() {
+ Set<String> locations = localAppBundleDirectory.get(appId);
+ assertTrue(locations.contains("locationA"));
+ }
+
+ @Test
+ public void testGetApplicationIds() {
+ Set<ApplicationId> appIds = localBundleAppDirectory.get("testLocation");
+ assertTrue(appIds.contains(appId));
+ }
+
+ @Test
+ public void testGetRequestedPermissions() {
+ Set<Permission> permissions = violations.get(appId);
+ assertTrue(permissions.contains(testPermission));
+ }
+
+ @Test
+ public void testGetGrantedPermissions() {
+ Set<Permission> permissions = states.get(appId).getPermissions();
+ assertTrue(permissions.contains(testPermission));
+ }
+
+ @Test
+ public void testRequestPermission() {
+ states.compute(appId, (id, securityInfo) -> new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED));
+ assertEquals(POLICY_VIOLATED, states.get(appId).getState());
+ Permission testPermissionB = new Permission("testClassB", "testNameB");
+ violations.compute(appId,
+ (k, v) -> v == null ? Sets.newHashSet(testPermissionB) : addAndGet(v, testPermissionB));
+ assertTrue(violations.get(appId).contains(testPermissionB));
+ }
+
+ private Set<Permission> addAndGet(Set<Permission> oldSet, Permission newPerm) {
+ oldSet.add(newPerm);
+ return oldSet;
+ }
+
+ @Test
+ public void testIsSecured() {
+ SecurityInfo info = states.get(appId);
+ assertEquals(SECURED, info.getState());
+ }
+
+ @Test
+ public void testReviewPolicy() {
+ assertEquals(SECURED, states.get(appId).getState());
+ states.computeIfPresent(appId, (applicationId, securityInfo) -> {
+ if (securityInfo.getState().equals(SECURED)) {
+ return new SecurityInfo(ImmutableSet.of(), REVIEWED);
+ }
+ return securityInfo;
+ });
+ assertEquals(REVIEWED, states.get(appId).getState());
+ }
+
+ @Test
+ public void testAcceptPolicy() {
+ assertEquals(SECURED, states.get(appId).getState());
+ states.compute(appId,
+ (id, securityInfo) -> {
+ switch (securityInfo.getState()) {
+ case POLICY_VIOLATED:
+ return new SecurityInfo(securityInfo.getPermissions(), SECURED);
+ case SECURED:
+ return new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED);
+ case INSTALLED:
+ return new SecurityInfo(securityInfo.getPermissions(), REVIEWED);
+ case REVIEWED:
+ return new SecurityInfo(securityInfo.getPermissions(), INSTALLED);
+ default:
+ return securityInfo;
+ }
+ });
+ assertEquals(POLICY_VIOLATED, states.get(appId).getState());
+ }
+
+ @Test
+ public void testRegisterApplication() {
+ states.remove(appId);
+ assertNull(states.get(appId));
+
+ for (String location : localAppBundleDirectory.get(appId)) {
+ if (!localBundleAppDirectory.containsKey(location)) {
+ localBundleAppDirectory.put(location, new HashSet<>());
+ }
+ if (!localBundleAppDirectory.get(location).contains(appId)) {
+ localBundleAppDirectory.get(location).add(appId);
+ }
+ }
+ states.put(appId, new SecurityInfo(Sets.newHashSet(), INSTALLED));
+ assertNotNull(states.get(appId));
+ assertEquals(INSTALLED, states.get(appId).getState());
+ }
+
+ @Test
+ public void testUnregisterApplication() {
+ if (localAppBundleDirectory.containsKey(appId)) {
+ for (String location : localAppBundleDirectory.get(appId)) {
+ if (localBundleAppDirectory.get(location) != null) {
+ if (localBundleAppDirectory.get(location).size() == 1) {
+ localBundleAppDirectory.remove(location);
+ } else {
+ localBundleAppDirectory.get(location).remove(appId);
+ }
+ }
+ }
+ localAppBundleDirectory.remove(appId);
+ }
+ assertNull(localAppBundleDirectory.get(appId));
+ }
+
+ @Test
+ public void testGetState() {
+ assertEquals(SECURED, states.get(appId).getState());
+ }
+
+}
diff --git a/core/security/src/test/java/org/onosproject/security/store/SecurityModeStoreAdapter.java b/core/security/src/test/java/org/onosproject/security/store/SecurityModeStoreAdapter.java
new file mode 100755
index 0000000..497de6f
--- /dev/null
+++ b/core/security/src/test/java/org/onosproject/security/store/SecurityModeStoreAdapter.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2017-present Open Networking Laboratory
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onosproject.security.store;
+
+import static org.onosproject.security.store.SecurityModeState.INSTALLED;
+import static org.onosproject.security.store.SecurityModeState.POLICY_VIOLATED;
+import static org.onosproject.security.store.SecurityModeState.REVIEWED;
+import static org.onosproject.security.store.SecurityModeState.SECURED;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.DefaultApplicationId;
+import org.onosproject.security.Permission;
+
+import com.google.common.collect.ImmutableSet;
+
+/**
+ * Test adapter for SecurityModeStore.
+ */
+public class SecurityModeStoreAdapter implements SecurityModeStore {
+
+ private DefaultApplicationId appId;
+ private ConcurrentHashMap<ApplicationId, SecurityInfo> states;
+ private ConcurrentHashMap<ApplicationId, Set<Permission>> violations;
+ private SecurityInfo testSecInfo;
+ private Permission testPermission;
+ private Set<Permission> testPermissions;
+
+ public SecurityModeStoreAdapter() {
+ states = new ConcurrentHashMap<ApplicationId, SecurityInfo>();
+ testPermissions = new HashSet<Permission>();
+ testPermission = new Permission("testClass", "testName");
+ testPermissions.add(testPermission);
+
+ testSecInfo = new SecurityInfo(testPermissions, SECURED);
+
+ appId = new DefaultApplicationId(2, "violation");
+ testPermissions = new HashSet<Permission>();
+ testPermission = new Permission("testClass", "testNameViolation");
+ testPermissions.add(testPermission);
+ violations = new ConcurrentHashMap<ApplicationId, Set<Permission>>();
+ violations.put(appId, testPermissions);
+ }
+
+ @Override
+ public void setDelegate(SecurityModeStoreDelegate delegate) {
+ }
+
+ @Override
+ public void unsetDelegate(SecurityModeStoreDelegate delegate) {
+ }
+
+ @Override
+ public boolean hasDelegate() {
+ return false;
+ }
+
+ @Override
+ public boolean registerApplication(ApplicationId appId) {
+ states.put(appId, testSecInfo);
+ return true;
+ }
+
+ @Override
+ public void unregisterApplication(ApplicationId appId) {
+ states.remove(appId);
+ }
+
+ @Override
+ public SecurityModeState getState(ApplicationId appId) {
+ return states.get(appId).getState();
+ }
+
+ @Override
+ public Set<String> getBundleLocations(ApplicationId appId) {
+ return null;
+ }
+
+ @Override
+ public Set<ApplicationId> getApplicationIds(String location) {
+ return null;
+ }
+
+ @Override
+ public Set<Permission> getRequestedPermissions(ApplicationId appId) {
+ Set<Permission> permissions = violations.get(appId);
+ return permissions != null ? permissions : ImmutableSet.of();
+ }
+
+ @Override
+ public Set<Permission> getGrantedPermissions(ApplicationId appId) {
+ return states.get(appId).getPermissions();
+ }
+
+ @Override
+ public void requestPermission(ApplicationId appId, Permission permission) {
+ }
+
+ @Override
+ public boolean isSecured(ApplicationId appId) {
+ SecurityInfo info = states.get(appId);
+ return info == null ? false : info.getState().equals(SECURED);
+ }
+
+ @Override
+ public void reviewPolicy(ApplicationId appId) {
+ states.computeIfPresent(appId, (applicationId, securityInfo) -> {
+ if (securityInfo.getState().equals(SECURED)) {
+ return new SecurityInfo(ImmutableSet.of(), REVIEWED);
+ }
+ return securityInfo;
+ });
+ }
+
+ @Override
+ public void acceptPolicy(ApplicationId appId, Set<Permission> permissionSet) {
+ states.compute(appId,
+ (id, securityInfo) -> {
+ switch (securityInfo.getState()) {
+ case POLICY_VIOLATED:
+ return new SecurityInfo(securityInfo.getPermissions(), SECURED);
+ case SECURED:
+ return new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED);
+ case INSTALLED:
+ return new SecurityInfo(securityInfo.getPermissions(), REVIEWED);
+ case REVIEWED:
+ return new SecurityInfo(securityInfo.getPermissions(), INSTALLED);
+ default:
+ return securityInfo;
+ }
+ });
+ }
+
+}