| /* |
| * Copyright 2017-present Open Networking Laboratory |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.onosproject.security.store; |
| |
| import static java.util.concurrent.Executors.newSingleThreadExecutor; |
| import static org.junit.Assert.assertEquals; |
| import static org.junit.Assert.assertNotNull; |
| import static org.junit.Assert.assertNull; |
| import static org.junit.Assert.assertTrue; |
| import static org.onlab.util.Tools.groupedThreads; |
| import static org.onosproject.security.store.SecurityModeState.*; |
| import static org.slf4j.LoggerFactory.getLogger; |
| |
| import java.util.ArrayList; |
| import java.util.HashSet; |
| import java.util.List; |
| import java.util.Optional; |
| import java.util.Set; |
| import java.util.concurrent.ConcurrentHashMap; |
| import java.util.concurrent.ExecutorService; |
| |
| import org.junit.Before; |
| import org.junit.Test; |
| import org.onosproject.core.ApplicationId; |
| import org.onosproject.core.ApplicationRole; |
| import org.onosproject.core.DefaultApplication; |
| import org.onosproject.core.DefaultApplicationId; |
| import org.onosproject.core.Version; |
| import org.onosproject.security.Permission; |
| import org.slf4j.Logger; |
| |
| import com.google.common.collect.ImmutableSet; |
| import com.google.common.collect.Sets; |
| |
| /** |
| * Unit Test on DistributedSecurityModeStore. |
| */ |
| public class DistributedSecurityModeStoreTest { |
| |
| private final Logger log = getLogger(getClass()); |
| |
| private DefaultApplicationId appId; |
| private DefaultApplication app; |
| |
| private Permission testPermission; |
| private Set<Permission> testPermissions; |
| private List<String> testFeatures; |
| private List<String> testRequiredApps; |
| private Set<String> testLocations; |
| private ConcurrentHashMap<String, Set<ApplicationId>> localBundleAppDirectory; |
| private ConcurrentHashMap<ApplicationId, Set<String>> localAppBundleDirectory; |
| private ConcurrentHashMap<ApplicationId, Set<Permission>> violations; |
| private SecurityInfo testSecInfo; |
| private ConcurrentHashMap<ApplicationId, SecurityInfo> states; |
| |
| private ExecutorService eventHandler; |
| |
| @Before |
| public void setUp() throws Exception { |
| appId = new DefaultApplicationId(1, "test"); |
| testPermissions = new HashSet<Permission>(); |
| testPermission = new Permission("testClass", "testName"); |
| testPermissions.add(testPermission); |
| testFeatures = new ArrayList<String>(); |
| testFeatures.add("testFeature"); |
| testRequiredApps = new ArrayList<String>(); |
| testRequiredApps.add("testRequiredApp"); |
| app = new DefaultApplication(appId, Version.version(1, 1, "patch", "build"), "testTitle", |
| "testDes", "testOri", "testCT", |
| "testurl", "test", null, |
| ApplicationRole.ADMIN, testPermissions, |
| Optional.ofNullable(null), testFeatures, testRequiredApps); |
| |
| testLocations = new HashSet<String>(); |
| testLocations.add("locationA"); |
| testLocations.add("locationB"); |
| |
| Set<ApplicationId> appIdSet = new HashSet<ApplicationId>(); |
| appIdSet.add(appId); |
| localBundleAppDirectory = new ConcurrentHashMap<>(); |
| localBundleAppDirectory.put("testLocation", appIdSet); |
| localAppBundleDirectory = new ConcurrentHashMap<>(); |
| localAppBundleDirectory.put(appId, testLocations); |
| |
| violations = new ConcurrentHashMap<ApplicationId, Set<Permission>>(); |
| violations.put(appId, testPermissions); |
| |
| testSecInfo = new SecurityInfo(testPermissions, SECURED); |
| states = new ConcurrentHashMap<ApplicationId, SecurityInfo>(); |
| states.put(appId, testSecInfo); |
| } |
| |
| @Test |
| public void testActivate() { |
| eventHandler = newSingleThreadExecutor(groupedThreads("onos/security/store", "event-handler", log)); |
| assertNotNull(eventHandler); |
| } |
| |
| @Test |
| public void testDeactivate() { |
| eventHandler = newSingleThreadExecutor(groupedThreads("onos/security/store", "event-handler", log)); |
| eventHandler.shutdown(); |
| assertTrue(eventHandler.isShutdown()); |
| } |
| |
| @Test |
| public void testGetBundleLocations() { |
| Set<String> locations = localAppBundleDirectory.get(appId); |
| assertTrue(locations.contains("locationA")); |
| } |
| |
| @Test |
| public void testGetApplicationIds() { |
| Set<ApplicationId> appIds = localBundleAppDirectory.get("testLocation"); |
| assertTrue(appIds.contains(appId)); |
| } |
| |
| @Test |
| public void testGetRequestedPermissions() { |
| Set<Permission> permissions = violations.get(appId); |
| assertTrue(permissions.contains(testPermission)); |
| } |
| |
| @Test |
| public void testGetGrantedPermissions() { |
| Set<Permission> permissions = states.get(appId).getPermissions(); |
| assertTrue(permissions.contains(testPermission)); |
| } |
| |
| @Test |
| public void testRequestPermission() { |
| states.compute(appId, (id, securityInfo) -> new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED)); |
| assertEquals(POLICY_VIOLATED, states.get(appId).getState()); |
| Permission testPermissionB = new Permission("testClassB", "testNameB"); |
| violations.compute(appId, |
| (k, v) -> v == null ? Sets.newHashSet(testPermissionB) : addAndGet(v, testPermissionB)); |
| assertTrue(violations.get(appId).contains(testPermissionB)); |
| } |
| |
| private Set<Permission> addAndGet(Set<Permission> oldSet, Permission newPerm) { |
| oldSet.add(newPerm); |
| return oldSet; |
| } |
| |
| @Test |
| public void testIsSecured() { |
| SecurityInfo info = states.get(appId); |
| assertEquals(SECURED, info.getState()); |
| } |
| |
| @Test |
| public void testReviewPolicy() { |
| assertEquals(SECURED, states.get(appId).getState()); |
| states.computeIfPresent(appId, (applicationId, securityInfo) -> { |
| if (securityInfo.getState().equals(SECURED)) { |
| return new SecurityInfo(ImmutableSet.of(), REVIEWED); |
| } |
| return securityInfo; |
| }); |
| assertEquals(REVIEWED, states.get(appId).getState()); |
| } |
| |
| @Test |
| public void testAcceptPolicy() { |
| assertEquals(SECURED, states.get(appId).getState()); |
| states.compute(appId, |
| (id, securityInfo) -> { |
| switch (securityInfo.getState()) { |
| case POLICY_VIOLATED: |
| return new SecurityInfo(securityInfo.getPermissions(), SECURED); |
| case SECURED: |
| return new SecurityInfo(securityInfo.getPermissions(), POLICY_VIOLATED); |
| case INSTALLED: |
| return new SecurityInfo(securityInfo.getPermissions(), REVIEWED); |
| case REVIEWED: |
| return new SecurityInfo(securityInfo.getPermissions(), INSTALLED); |
| default: |
| return securityInfo; |
| } |
| }); |
| assertEquals(POLICY_VIOLATED, states.get(appId).getState()); |
| } |
| |
| @Test |
| public void testRegisterApplication() { |
| states.remove(appId); |
| assertNull(states.get(appId)); |
| |
| for (String location : localAppBundleDirectory.get(appId)) { |
| if (!localBundleAppDirectory.containsKey(location)) { |
| localBundleAppDirectory.put(location, new HashSet<>()); |
| } |
| if (!localBundleAppDirectory.get(location).contains(appId)) { |
| localBundleAppDirectory.get(location).add(appId); |
| } |
| } |
| states.put(appId, new SecurityInfo(Sets.newHashSet(), INSTALLED)); |
| assertNotNull(states.get(appId)); |
| assertEquals(INSTALLED, states.get(appId).getState()); |
| } |
| |
| @Test |
| public void testUnregisterApplication() { |
| if (localAppBundleDirectory.containsKey(appId)) { |
| for (String location : localAppBundleDirectory.get(appId)) { |
| if (localBundleAppDirectory.get(location) != null) { |
| if (localBundleAppDirectory.get(location).size() == 1) { |
| localBundleAppDirectory.remove(location); |
| } else { |
| localBundleAppDirectory.get(location).remove(appId); |
| } |
| } |
| } |
| localAppBundleDirectory.remove(appId); |
| } |
| assertNull(localAppBundleDirectory.get(appId)); |
| } |
| |
| @Test |
| public void testGetState() { |
| assertEquals(SECURED, states.get(appId).getState()); |
| } |
| |
| } |