Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2015 Open Networking Laboratory |
| 3 | * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China |
| 4 | * Advisers: Keqiu Li and Heng Qi |
| 5 | * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002) |
| 6 | * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute. |
| 7 | * |
| 8 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 9 | * you may not use this file except in compliance with the License. |
| 10 | * You may obtain a copy of the License at |
| 11 | * |
| 12 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 13 | * |
| 14 | * Unless required by applicable law or agreed to in writing, software |
| 15 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 17 | * See the License for the specific language governing permissions and |
| 18 | * limitations under the License. |
| 19 | */ |
| 20 | |
| 21 | package org.onos.acl.web; |
| 22 | |
| 23 | import com.sun.jersey.api.client.WebResource; |
| 24 | import org.onos.acl.AclService; |
| 25 | import org.onos.acl.AclStore; |
| 26 | import org.junit.After; |
| 27 | import org.junit.Before; |
| 28 | import org.junit.Test; |
| 29 | import org.onlab.osgi.ServiceDirectory; |
| 30 | import org.onlab.rest.BaseResource; |
| 31 | import org.onos.acl.AclRule; |
| 32 | import org.onosproject.core.IdGenerator; |
| 33 | |
| 34 | import java.io.IOException; |
| 35 | import java.util.ArrayList; |
| 36 | import java.util.List; |
| 37 | import java.util.concurrent.atomic.AtomicLong; |
| 38 | |
| 39 | import static org.easymock.EasyMock.*; |
| 40 | import static org.hamcrest.Matchers.containsString; |
| 41 | import static org.junit.Assert.assertThat; |
| 42 | |
| 43 | /** |
| 44 | * Test class for ACL application REST resource. |
| 45 | */ |
| 46 | public class AclWebResourceTest extends ResourceTest { |
| 47 | |
| 48 | final AclService mockAclService = createMock(AclService.class); |
| 49 | final AclStore mockAclStore = createMock(AclStore.class); |
| 50 | final List<AclRule> rules = new ArrayList<>(); |
| 51 | |
| 52 | @Before |
| 53 | public void setUp() { |
| 54 | expect(mockAclService.getAclRules()).andReturn(rules).anyTimes(); |
| 55 | ServiceDirectory testDirectory = new TestServiceDirectory().add(AclService.class, mockAclService) |
| 56 | .add(AclStore.class, mockAclStore); |
| 57 | BaseResource.setServiceDirectory(testDirectory); |
| 58 | } |
| 59 | |
| 60 | @After |
| 61 | public void tearDown() { |
| 62 | verify(mockAclService); |
| 63 | } |
| 64 | |
| 65 | /** |
| 66 | * Mock id generator for testing. |
| 67 | */ |
| 68 | private class MockIdGenerator implements IdGenerator { |
| 69 | private AtomicLong nextId = new AtomicLong(0); |
| 70 | |
| 71 | @Override |
| 72 | public long getNewId() { |
| 73 | return nextId.getAndIncrement(); |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | @Test |
| 78 | public void testaddRule() throws IOException { |
| 79 | WebResource rs = resource(); |
| 80 | String response; |
| 81 | String json; |
| 82 | IdGenerator idGenerator = new MockIdGenerator(); |
| 83 | AclRule.bindIdGenerator(idGenerator); |
| 84 | |
| 85 | replay(mockAclService); |
| 86 | |
| 87 | // input a invalid JSON string that contains neither nw_src and nw_dst |
| 88 | json = "{\"ipProto\":\"TCP\",\"dstTpPort\":\"80\"}"; |
| 89 | response = rs.path("add").post(String.class, json); |
| 90 | assertThat(response, containsString("Failed! Either srcIp or dstIp must be assigned.")); |
| 91 | |
| 92 | // input a invalid JSON string that doesn't contain CIDR mask bits |
| 93 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}"; |
| 94 | response = rs.path("add").post(String.class, json); |
| 95 | assertThat(response, containsString("Malformed IPv4 prefix string: 10.0.0.1. " + |
| 96 | "Address must take form \"x.x.x.x/y\"")); |
| 97 | |
| 98 | // input a invalid JSON string that contains a invalid IP address |
| 99 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.256/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}"; |
| 100 | response = rs.path("add").post(String.class, json); |
| 101 | assertThat(response, containsString("Invalid IP address string: 10.0.0.256")); |
| 102 | |
| 103 | // input a invalid JSON string that contains a invalid IP address |
| 104 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.01/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}"; |
| 105 | response = rs.path("add").post(String.class, json); |
| 106 | assertThat(response, containsString("Invalid IP address string: 10.0.01")); |
| 107 | |
| 108 | // input a invalid JSON string that contains a invalid CIDR mask bits |
| 109 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/a\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}"; |
| 110 | response = rs.path("add").post(String.class, json); |
| 111 | assertThat(response, containsString("Failed! For input string: \"a\"")); |
| 112 | |
| 113 | // input a invalid JSON string that contains a invalid CIDR mask bits |
| 114 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/33\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}"; |
| 115 | response = rs.path("add").post(String.class, json); |
| 116 | assertThat(response, containsString("Invalid prefix length 33. The value must be in the interval [0, 32]")); |
| 117 | |
| 118 | // input a invalid JSON string that contains a invalid ipProto value |
| 119 | json = "{\"ipProto\":\"ARP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}"; |
| 120 | response = rs.path("add").post(String.class, json); |
| 121 | assertThat(response, containsString("ipProto must be assigned to TCP, UDP, or ICMP.")); |
| 122 | |
| 123 | // input a invalid JSON string that contains a invalid dstTpPort value |
| 124 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"a\",\"action\":\"DENY\"}"; |
| 125 | response = rs.path("add").post(String.class, json); |
| 126 | assertThat(response, containsString("dstTpPort must be assigned to a numerical value.")); |
| 127 | |
| 128 | // input a invalid JSON string that contains a invalid action value |
| 129 | json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"PERMIT\"}"; |
| 130 | response = rs.path("add").post(String.class, json); |
| 131 | assertThat(response, containsString("action must be assigned to ALLOW or DENY.")); |
| 132 | } |
| 133 | } |