Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 1 | /* |
Brian O'Connor | a09fe5b | 2017-08-03 21:12:30 -0700 | [diff] [blame] | 2 | * Copyright 2015-present Open Networking Foundation |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
Ray Milkey | 2d572dd | 2017-04-14 10:01:24 -0700 | [diff] [blame] | 15 | * |
| 16 | * Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China |
| 17 | * Advisers: Keqiu Li and Heng Qi |
| 18 | * This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002) |
| 19 | * and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute. |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 20 | */ |
| 21 | |
Thomas Vachuska | 9bb3235 | 2015-09-25 11:31:22 -0700 | [diff] [blame] | 22 | package org.onosproject.acl; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 23 | |
Jian Li | 9d61649 | 2016-03-09 10:52:49 -0800 | [diff] [blame] | 24 | import org.glassfish.jersey.server.ResourceConfig; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 25 | import org.junit.After; |
| 26 | import org.junit.Before; |
| 27 | import org.junit.Test; |
Ray Milkey | 094a135 | 2018-01-22 14:03:54 -0800 | [diff] [blame] | 28 | import org.onlab.junit.TestUtils; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 29 | import org.onlab.osgi.ServiceDirectory; |
Thomas Vachuska | 9bb3235 | 2015-09-25 11:31:22 -0700 | [diff] [blame] | 30 | import org.onlab.osgi.TestServiceDirectory; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 31 | import org.onlab.rest.BaseResource; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 32 | import org.onosproject.core.IdGenerator; |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 33 | import org.onosproject.rest.resources.ResourceTest; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 34 | |
Jian Li | 9d61649 | 2016-03-09 10:52:49 -0800 | [diff] [blame] | 35 | import javax.ws.rs.client.Entity; |
| 36 | import javax.ws.rs.client.WebTarget; |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 37 | import javax.ws.rs.core.MediaType; |
| 38 | import javax.ws.rs.core.Response; |
| 39 | import java.io.InputStream; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 40 | import java.util.ArrayList; |
| 41 | import java.util.List; |
| 42 | import java.util.concurrent.atomic.AtomicLong; |
| 43 | |
Thomas Vachuska | 2048c1f | 2017-05-10 19:32:22 -0700 | [diff] [blame] | 44 | import static org.easymock.EasyMock.*; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 45 | import static org.hamcrest.Matchers.containsString; |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 46 | import static org.junit.Assert.assertEquals; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 47 | import static org.junit.Assert.assertThat; |
| 48 | |
| 49 | /** |
| 50 | * Test class for ACL application REST resource. |
| 51 | */ |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 52 | public class AclWebResourceTest extends ResourceTest { |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 53 | |
| 54 | final AclService mockAclService = createMock(AclService.class); |
| 55 | final AclStore mockAclStore = createMock(AclStore.class); |
| 56 | final List<AclRule> rules = new ArrayList<>(); |
| 57 | |
Jian Li | 9d61649 | 2016-03-09 10:52:49 -0800 | [diff] [blame] | 58 | /** |
| 59 | * Constructs a control metrics collector resource test instance. |
| 60 | */ |
| 61 | public AclWebResourceTest() { |
| 62 | super(ResourceConfig.forApplicationClass(AclWebApplication.class)); |
| 63 | } |
| 64 | |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 65 | @Before |
Jian Li | 9d61649 | 2016-03-09 10:52:49 -0800 | [diff] [blame] | 66 | public void setUpMock() { |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 67 | expect(mockAclService.getAclRules()).andReturn(rules).anyTimes(); |
Jian Li | 9d61649 | 2016-03-09 10:52:49 -0800 | [diff] [blame] | 68 | ServiceDirectory testDirectory = new TestServiceDirectory() |
| 69 | .add(AclService.class, mockAclService) |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 70 | .add(AclStore.class, mockAclStore); |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 71 | setServiceDirectory(testDirectory); |
Ray Milkey | 094a135 | 2018-01-22 14:03:54 -0800 | [diff] [blame] | 72 | TestUtils.setField(BaseResource.class, "services", testDirectory); |
Ray Milkey | 06297ed | 2018-01-22 17:13:41 -0800 | [diff] [blame] | 73 | AclRule.idGenerator = new MockIdGenerator(); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 74 | } |
| 75 | |
| 76 | @After |
| 77 | public void tearDown() { |
| 78 | verify(mockAclService); |
| 79 | } |
| 80 | |
| 81 | /** |
| 82 | * Mock id generator for testing. |
| 83 | */ |
| 84 | private class MockIdGenerator implements IdGenerator { |
| 85 | private AtomicLong nextId = new AtomicLong(0); |
| 86 | |
| 87 | @Override |
| 88 | public long getNewId() { |
| 89 | return nextId.getAndIncrement(); |
| 90 | } |
| 91 | } |
| 92 | |
| 93 | @Test |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 94 | public void addInvalidRule() { |
Jian Li | 9d61649 | 2016-03-09 10:52:49 -0800 | [diff] [blame] | 95 | WebTarget wt = target(); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 96 | String response; |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 97 | InputStream jsonStream; |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 98 | |
| 99 | replay(mockAclService); |
| 100 | |
| 101 | // input a invalid JSON string that contains neither nw_src and nw_dst |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 102 | jsonStream = AclWebResourceTest.class |
| 103 | .getResourceAsStream("post-invalid-acl.json"); |
| 104 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 105 | .post(Entity.json(jsonStream), String.class); |
| 106 | assertThat(response.toString(), containsString("Either srcIp or dstIp must be assigned.")); |
| 107 | |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 108 | |
| 109 | // input a invalid JSON string that doesn't contain CIDR mask bits |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 110 | jsonStream = AclWebResourceTest.class |
| 111 | .getResourceAsStream("post-invalid-ip-1.json"); |
| 112 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 113 | .post(Entity.json(jsonStream), String.class); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 114 | assertThat(response, containsString("Malformed IPv4 prefix string: 10.0.0.1. " + |
| 115 | "Address must take form \"x.x.x.x/y\"")); |
| 116 | |
| 117 | // input a invalid JSON string that contains a invalid IP address |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 118 | jsonStream = AclWebResourceTest.class |
| 119 | .getResourceAsStream("post-invalid-ip-2.json"); |
| 120 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 121 | .post(Entity.json(jsonStream), String.class); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 122 | assertThat(response, containsString("Invalid IP address string: 10.0.0.256")); |
| 123 | |
| 124 | // input a invalid JSON string that contains a invalid IP address |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 125 | |
| 126 | jsonStream = AclWebResourceTest.class |
| 127 | .getResourceAsStream("post-invalid-ip-3.json"); |
| 128 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 129 | .post(Entity.json(jsonStream), String.class); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 130 | assertThat(response, containsString("Invalid IP address string: 10.0.01")); |
| 131 | |
| 132 | // input a invalid JSON string that contains a invalid CIDR mask bits |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 133 | jsonStream = AclWebResourceTest.class |
| 134 | .getResourceAsStream("post-invalid-cidr-1.json"); |
| 135 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 136 | .post(Entity.json(jsonStream), String.class); |
| 137 | assertThat(response, containsString("For input string: \"a\"")); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 138 | |
| 139 | // input a invalid JSON string that contains a invalid CIDR mask bits |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 140 | jsonStream = AclWebResourceTest.class |
| 141 | .getResourceAsStream("post-invalid-cidr-2.json"); |
| 142 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 143 | .post(Entity.json(jsonStream), String.class); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 144 | assertThat(response, containsString("Invalid prefix length 33. The value must be in the interval [0, 32]")); |
| 145 | |
| 146 | // input a invalid JSON string that contains a invalid ipProto value |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 147 | jsonStream = AclWebResourceTest.class |
| 148 | .getResourceAsStream("post-invalid-proto.json"); |
| 149 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 150 | .post(Entity.json(jsonStream), String.class); |
| 151 | assertThat(response, containsString("ipProto must be assigned to TCP, UDP, or ICMP")); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 152 | |
| 153 | // input a invalid JSON string that contains a invalid action value |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 154 | jsonStream = AclWebResourceTest.class |
| 155 | .getResourceAsStream("post-invalid-action.json"); |
| 156 | response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 157 | .post(Entity.json(jsonStream), String.class); |
| 158 | assertThat(response, containsString("action must be ALLOW or DENY")); |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 159 | } |
debmaiti | f609198 | 2019-04-12 14:51:57 +0530 | [diff] [blame^] | 160 | |
| 161 | @Test |
| 162 | public void addRule() { |
| 163 | mockAclService.addAclRule(anyObject()); |
| 164 | expectLastCall().andReturn(true).anyTimes(); |
| 165 | replay(mockAclService); |
| 166 | |
| 167 | WebTarget wt = target(); |
| 168 | InputStream jsonStream; |
| 169 | |
| 170 | jsonStream = AclWebResourceTest.class |
| 171 | .getResourceAsStream("post-valid-acl.json"); |
| 172 | Response response = wt.path("rules").request(MediaType.APPLICATION_JSON_TYPE) |
| 173 | .post(Entity.json(jsonStream)); |
| 174 | assertEquals(response.getLocation().getPath(), "/0x0"); |
| 175 | |
| 176 | } |
| 177 | |
| 178 | |
Pengfei Lu | e0c02e2 | 2015-07-07 15:41:31 +0800 | [diff] [blame] | 179 | } |