2 // ========================LICENSE_START=================================
5 // Copyright (C) 2022: Nordix Foundation
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
18 // ========================LICENSE_END===================================
31 "oransc.org/nonrtric/capifcore/internal/common29122"
32 "oransc.org/nonrtric/capifcore/internal/keycloak"
33 "oransc.org/nonrtric/capifcore/internal/publishserviceapi"
34 "oransc.org/nonrtric/capifcore/internal/securityapi"
36 "oransc.org/nonrtric/capifcore/internal/invokermanagement"
37 "oransc.org/nonrtric/capifcore/internal/providermanagement"
38 "oransc.org/nonrtric/capifcore/internal/publishservice"
40 "github.com/labstack/echo/v4"
42 invokermocks "oransc.org/nonrtric/capifcore/internal/invokermanagement/mocks"
43 keycloackmocks "oransc.org/nonrtric/capifcore/internal/keycloak/mocks"
44 servicemocks "oransc.org/nonrtric/capifcore/internal/providermanagement/mocks"
45 publishmocks "oransc.org/nonrtric/capifcore/internal/publishservice/mocks"
47 "github.com/deepmap/oapi-codegen/pkg/middleware"
48 "github.com/deepmap/oapi-codegen/pkg/testutil"
49 echomiddleware "github.com/labstack/echo/v4/middleware"
50 "github.com/stretchr/testify/assert"
51 "github.com/stretchr/testify/mock"
54 func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
55 invokerRegisterMock := invokermocks.InvokerRegister{}
56 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
57 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
58 serviceRegisterMock := servicemocks.ServiceRegister{}
59 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
60 publishRegisterMock := publishmocks.PublishRegister{}
61 publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
63 jwt := keycloak.Jwttoken{
64 AccessToken: "eyJhbGNIn0.e3YTQ0xLjEifQ.FcqCwCy7iJiOmw",
66 Scope: "3gpp#aefIdpath",
68 accessMgmMock := keycloackmocks.AccessManagement{}
69 accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("map[string][]string")).Return(jwt, nil)
71 requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
75 clientSecret := "secret"
78 data.Set("client_id", clientId)
79 data.Set("client_secret", clientSecret)
80 data.Set("grant_type", "client_credentials")
81 data.Set("scope", "3gpp#"+aefId+":"+path)
83 encodedData := data.Encode()
85 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
87 assert.Equal(t, http.StatusCreated, result.Code())
88 var resultResponse securityapi.AccessTokenRsp
89 err := result.UnmarshalBodyToObject(&resultResponse)
90 assert.NoError(t, err, "error unmarshaling response")
91 assert.NotEmpty(t, resultResponse.AccessToken)
92 assert.Equal(t, securityapi.AccessTokenRspTokenTypeBearer, resultResponse.TokenType)
93 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
94 invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
95 serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
96 publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
97 accessMgmMock.AssertNumberOfCalls(t, "GetToken", 1)
100 func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
101 invokerRegisterMock := invokermocks.InvokerRegister{}
102 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
104 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
107 data.Set("client_id", "id")
108 data.Add("client_secret", "secret")
109 data.Add("grant_type", "client_credentials")
110 data.Add("scope", "3gpp#aefId:path")
111 encodedData := data.Encode()
113 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
115 assert.Equal(t, http.StatusBadRequest, result.Code())
116 var errDetails securityapi.AccessTokenErr
117 err := result.UnmarshalBodyToObject(&errDetails)
118 assert.NoError(t, err, "error unmarshaling response")
119 assert.Equal(t, securityapi.AccessTokenErrErrorInvalidClient, errDetails.Error)
120 errMsg := "Invoker not registered"
121 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
124 func TestPostSecurityIdTokenInvokerSecretNotValid(t *testing.T) {
125 invokerRegisterMock := invokermocks.InvokerRegister{}
126 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
127 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
129 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
132 data.Set("client_id", "id")
133 data.Add("client_secret", "secret")
134 data.Add("grant_type", "client_credentials")
135 data.Add("scope", "3gpp#aefId:path")
136 encodedData := data.Encode()
138 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
140 assert.Equal(t, http.StatusBadRequest, result.Code())
141 var errDetails securityapi.AccessTokenErr
142 err := result.UnmarshalBodyToObject(&errDetails)
143 assert.NoError(t, err, "error unmarshaling response")
144 assert.Equal(t, securityapi.AccessTokenErrErrorUnauthorizedClient, errDetails.Error)
145 errMsg := "Invoker secret not valid"
146 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
149 func TestPostSecurityIdTokenFunctionNotRegistered(t *testing.T) {
150 invokerRegisterMock := invokermocks.InvokerRegister{}
151 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
152 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
153 serviceRegisterMock := servicemocks.ServiceRegister{}
154 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)
156 requestHandler, _ := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
159 data.Set("client_id", "id")
160 data.Add("client_secret", "secret")
161 data.Add("grant_type", "client_credentials")
162 data.Add("scope", "3gpp#aefId:path")
163 encodedData := data.Encode()
165 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
167 assert.Equal(t, http.StatusBadRequest, result.Code())
168 var errDetails securityapi.AccessTokenErr
169 err := result.UnmarshalBodyToObject(&errDetails)
170 assert.NoError(t, err, "error unmarshaling response")
171 assert.Equal(t, securityapi.AccessTokenErrErrorInvalidScope, errDetails.Error)
172 errMsg := "AEF Function not registered"
173 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
176 func TestPostSecurityIdTokenAPINotPublished(t *testing.T) {
177 invokerRegisterMock := invokermocks.InvokerRegister{}
178 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
179 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
180 serviceRegisterMock := servicemocks.ServiceRegister{}
181 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
182 publishRegisterMock := publishmocks.PublishRegister{}
183 publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
185 requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
188 data.Set("client_id", "id")
189 data.Add("client_secret", "secret")
190 data.Add("grant_type", "client_credentials")
191 data.Add("scope", "3gpp#aefId:path")
192 encodedData := data.Encode()
194 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
196 assert.Equal(t, http.StatusBadRequest, result.Code())
197 var errDetails securityapi.AccessTokenErr
198 err := result.UnmarshalBodyToObject(&errDetails)
199 assert.NoError(t, err, "error unmarshaling response")
200 assert.Equal(t, securityapi.AccessTokenErrErrorInvalidScope, errDetails.Error)
201 errMsg := "API not published"
202 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
205 func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
206 invokerRegisterMock := invokermocks.InvokerRegister{}
207 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
208 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
209 serviceRegisterMock := servicemocks.ServiceRegister{}
210 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
211 publishRegisterMock := publishmocks.PublishRegister{}
212 publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
214 jwt := keycloak.Jwttoken{}
215 accessMgmMock := keycloackmocks.AccessManagement{}
216 accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("map[string][]string")).Return(jwt, errors.New("invalid_credentials"))
218 requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
222 clientSecret := "secret"
225 data.Set("client_id", clientId)
226 data.Set("client_secret", clientSecret)
227 data.Set("grant_type", "client_credentials")
228 data.Set("scope", "3gpp#"+aefId+":"+path)
230 encodedData := data.Encode()
232 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
234 assert.Equal(t, http.StatusBadRequest, result.Code())
235 var resultResponse securityapi.AccessTokenErr
236 err := result.UnmarshalBodyToObject(&resultResponse)
237 assert.NoError(t, err, "error unmarshaling response")
238 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
239 invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
240 serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
241 publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
242 accessMgmMock.AssertNumberOfCalls(t, "GetToken", 1)
245 func TestPutTrustedInvokerSuccessfully(t *testing.T) {
246 invokerRegisterMock := invokermocks.InvokerRegister{}
247 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
249 aefProfile := getAefProfile(aefId)
250 aefProfile.SecurityMethods = &[]publishserviceapi.SecurityMethod{
251 publishserviceapi.SecurityMethodPKI,
253 aefProfiles := []publishserviceapi.AefProfile{
257 publishedServices := []publishserviceapi.ServiceAPIDescription{
260 AefProfiles: &aefProfiles,
263 publishRegisterMock := publishmocks.PublishRegister{}
264 publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
266 accessMgmMock := keycloackmocks.AccessManagement{}
267 accessMgmMock.On("AddClient", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(nil)
269 requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
271 invokerId := "invokerId"
272 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
273 serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
275 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
277 assert.Equal(t, http.StatusCreated, result.Code())
278 var resultResponse securityapi.ServiceSecurity
279 err := result.UnmarshalBodyToObject(&resultResponse)
280 assert.NoError(t, err, "error unmarshaling response")
281 assert.NotEmpty(t, resultResponse.NotificationDestination)
283 for _, security := range resultResponse.SecurityInfo {
284 assert.Equal(t, *security.ApiId, apiId)
285 assert.Equal(t, *security.SelSecurityMethod, publishserviceapi.SecurityMethodPKI)
287 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
288 accessMgmMock.AssertCalled(t, "AddClient", invokerId, "invokerrealm")
292 func TestPutTrustedInkoverNotRegistered(t *testing.T) {
293 invokerRegisterMock := invokermocks.InvokerRegister{}
294 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
296 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
298 invokerId := "invokerId"
299 serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
301 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
303 badRequest := http.StatusBadRequest
304 assert.Equal(t, badRequest, result.Code())
305 var problemDetails common29122.ProblemDetails
306 err := result.UnmarshalBodyToObject(&problemDetails)
307 assert.NoError(t, err, "error unmarshaling response")
308 assert.Equal(t, &badRequest, problemDetails.Status)
309 assert.Contains(t, *problemDetails.Cause, "Invoker not registered")
310 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
313 func TestPutTrustedInkoverInvalidInputServiceSecurity(t *testing.T) {
314 invokerRegisterMock := invokermocks.InvokerRegister{}
315 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
317 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
319 invokerId := "invokerId"
320 notificationUrl := "url"
321 serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
322 serviceSecurityUnderTest.NotificationDestination = common29122.Uri(notificationUrl)
324 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
326 badRequest := http.StatusBadRequest
327 assert.Equal(t, badRequest, result.Code())
328 var problemDetails common29122.ProblemDetails
329 err := result.UnmarshalBodyToObject(&problemDetails)
330 assert.NoError(t, err, "error unmarshaling response")
331 assert.Equal(t, &badRequest, problemDetails.Status)
332 assert.Contains(t, *problemDetails.Cause, "ServiceSecurity has invalid notificationDestination")
333 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
336 func TestPutTrustedInvokerInterfaceDetailsNotNil(t *testing.T) {
337 invokerRegisterMock := invokermocks.InvokerRegister{}
338 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
340 aefProfile := getAefProfile(aefId)
341 aefProfile.SecurityMethods = &[]publishserviceapi.SecurityMethod{
342 publishserviceapi.SecurityMethodPKI,
344 aefProfiles := []publishserviceapi.AefProfile{
348 publishedServices := []publishserviceapi.ServiceAPIDescription{
351 AefProfiles: &aefProfiles,
354 publishRegisterMock := publishmocks.PublishRegister{}
355 publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
357 accessMgmMock := keycloackmocks.AccessManagement{}
358 accessMgmMock.On("AddClient", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(nil)
360 requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
362 invokerId := "invokerId"
363 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
364 serviceSecurityUnderTest.SecurityInfo[0] = securityapi.SecurityInformation{
366 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
367 publishserviceapi.SecurityMethodOAUTH,
369 InterfaceDetails: &publishserviceapi.InterfaceDescription{
370 SecurityMethods: &[]publishserviceapi.SecurityMethod{
371 publishserviceapi.SecurityMethodPSK,
376 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
378 assert.Equal(t, http.StatusCreated, result.Code())
379 var resultResponse securityapi.ServiceSecurity
380 err := result.UnmarshalBodyToObject(&resultResponse)
381 assert.NoError(t, err, "error unmarshaling response")
382 assert.NotEmpty(t, resultResponse.NotificationDestination)
384 for _, security := range resultResponse.SecurityInfo {
385 assert.Equal(t, apiId, *security.ApiId)
386 assert.Equal(t, publishserviceapi.SecurityMethodPSK, *security.SelSecurityMethod)
388 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
389 accessMgmMock.AssertCalled(t, "AddClient", invokerId, "invokerrealm")
392 func TestPutTrustedInvokerNotFoundSecurityMethod(t *testing.T) {
393 invokerRegisterMock := invokermocks.InvokerRegister{}
394 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
396 aefProfiles := []publishserviceapi.AefProfile{
397 getAefProfile("aefId"),
400 publishedServices := []publishserviceapi.ServiceAPIDescription{
403 AefProfiles: &aefProfiles,
406 publishRegisterMock := publishmocks.PublishRegister{}
407 publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
409 accessMgmMock := keycloackmocks.AccessManagement{}
410 accessMgmMock.On("AddClient", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(nil)
412 requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
414 invokerId := "invokerId"
415 serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
417 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
419 badRequest := http.StatusBadRequest
420 assert.Equal(t, badRequest, result.Code())
421 var problemDetails common29122.ProblemDetails
422 err := result.UnmarshalBodyToObject(&problemDetails)
423 assert.NoError(t, err, "error unmarshaling response")
424 assert.Equal(t, &badRequest, problemDetails.Status)
425 assert.Contains(t, *problemDetails.Cause, "not found")
426 assert.Contains(t, *problemDetails.Cause, "security method")
427 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
430 func TestDeleteSecurityContext(t *testing.T) {
432 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
436 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
437 serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
439 invokerId := "invokerId"
440 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
442 // Delete the security context
443 result := testutil.NewRequest().Delete("/trustedInvokers/"+invokerId).Go(t, requestHandler)
445 assert.Equal(t, http.StatusNoContent, result.Code())
446 _, ok := securityUnderTest.trustedInvokers[invokerId]
450 func TestGetSecurityContextByInvokerId(t *testing.T) {
452 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
456 authenticationInfo := "authenticationInfo"
457 authorizationInfo := "authorizationInfo"
458 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
459 serviceSecurityUnderTest.SecurityInfo[0].AuthenticationInfo = &authenticationInfo
460 serviceSecurityUnderTest.SecurityInfo[0].AuthorizationInfo = &authorizationInfo
462 invokerId := "invokerId"
463 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
465 // Get security context
466 result := testutil.NewRequest().Get("/trustedInvokers/"+invokerId).Go(t, requestHandler)
468 assert.Equal(t, http.StatusOK, result.Code())
469 var resultService securityapi.ServiceSecurity
470 err := result.UnmarshalBodyToObject(&resultService)
471 assert.NoError(t, err, "error unmarshaling response")
473 for _, secInfo := range resultService.SecurityInfo {
474 assert.Equal(t, apiId, *secInfo.ApiId)
475 assert.Equal(t, aefId, *secInfo.AefId)
476 assert.Equal(t, "", *secInfo.AuthenticationInfo)
477 assert.Equal(t, "", *secInfo.AuthorizationInfo)
480 result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=false").Go(t, requestHandler)
481 assert.Equal(t, http.StatusOK, result.Code())
482 err = result.UnmarshalBodyToObject(&resultService)
483 assert.NoError(t, err, "error unmarshaling response")
485 for _, secInfo := range resultService.SecurityInfo {
486 assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
487 assert.Equal(t, "", *secInfo.AuthorizationInfo)
490 result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=true").Go(t, requestHandler)
491 assert.Equal(t, http.StatusOK, result.Code())
492 err = result.UnmarshalBodyToObject(&resultService)
493 assert.NoError(t, err, "error unmarshaling response")
495 for _, secInfo := range resultService.SecurityInfo {
496 assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
497 assert.Equal(t, authorizationInfo, *secInfo.AuthorizationInfo)
501 func TestUpdateTrustedInvoker(t *testing.T) {
503 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
507 invokerId := "invokerId"
508 serviceSecurityTest := getServiceSecurity(aefId, apiId)
509 serviceSecurityTest.SecurityInfo[0].ApiId = &apiId
510 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityTest
512 // Update the service security with valid invoker, should return 200 with updated service security
513 newNotifURL := "http://golang.org/"
514 serviceSecurityTest.NotificationDestination = common29122.Uri(newNotifURL)
515 result := testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/update").WithJsonBody(serviceSecurityTest).Go(t, requestHandler)
517 var resultResponse securityapi.ServiceSecurity
518 assert.Equal(t, http.StatusOK, result.Code())
519 err := result.UnmarshalBodyToObject(&resultResponse)
520 assert.NoError(t, err, "error unmarshaling response")
521 assert.Equal(t, newNotifURL, string(resultResponse.NotificationDestination))
523 // Update with a service security missing required NotificationDestination, should get 400 with problem details
524 invalidServiceSecurity := securityapi.ServiceSecurity{
525 SecurityInfo: []securityapi.SecurityInformation{
529 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
530 publishserviceapi.SecurityMethodOAUTH,
536 result = testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/update").WithJsonBody(invalidServiceSecurity).Go(t, requestHandler)
538 assert.Equal(t, http.StatusBadRequest, result.Code())
539 var problemDetails common29122.ProblemDetails
540 err = result.UnmarshalBodyToObject(&problemDetails)
541 assert.NoError(t, err, "error unmarshaling response")
542 assert.Equal(t, http.StatusBadRequest, *problemDetails.Status)
543 assert.Contains(t, *problemDetails.Cause, "missing")
544 assert.Contains(t, *problemDetails.Cause, "notificationDestination")
546 // Update a service security that has not been registered, should get 404 with problem details
548 result = testutil.NewRequest().Post("/trustedInvokers/"+missingId+"/update").WithJsonBody(serviceSecurityTest).Go(t, requestHandler)
550 assert.Equal(t, http.StatusNotFound, result.Code())
551 err = result.UnmarshalBodyToObject(&problemDetails)
552 assert.NoError(t, err, "error unmarshaling response")
553 assert.Equal(t, http.StatusNotFound, *problemDetails.Status)
554 assert.Contains(t, *problemDetails.Cause, "not register")
555 assert.Contains(t, *problemDetails.Cause, "trusted invoker")
558 func TestRevokeAuthorizationToInvoker(t *testing.T) {
561 invokerId := "invokerId"
563 notification := securityapi.SecurityNotification{
565 ApiInvokerId: invokerId,
566 ApiIds: []string{apiId},
567 Cause: securityapi.CauseUNEXPECTEDREASON,
570 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
572 serviceSecurityTest := getServiceSecurity(aefId, apiId)
573 serviceSecurityTest.SecurityInfo[0].ApiId = &apiId
575 apiIdTwo := "apiIdTwo"
576 secInfo := securityapi.SecurityInformation{
579 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
580 publishserviceapi.SecurityMethodPKI,
584 serviceSecurityTest.SecurityInfo = append(serviceSecurityTest.SecurityInfo, secInfo)
586 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityTest
589 result := testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/delete").WithJsonBody(notification).Go(t, requestHandler)
591 assert.Equal(t, http.StatusNoContent, result.Code())
592 assert.Equal(t, 1, len(securityUnderTest.trustedInvokers[invokerId].SecurityInfo))
594 notification.ApiIds = []string{apiIdTwo}
596 result = testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/delete").WithJsonBody(notification).Go(t, requestHandler)
598 assert.Equal(t, http.StatusNoContent, result.Code())
599 _, ok := securityUnderTest.trustedInvokers[invokerId]
603 func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) (*echo.Echo, *Security) {
604 swagger, err := securityapi.GetSwagger()
606 fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
610 swagger.Servers = nil
612 s := NewSecurity(serviceRegister, publishRegister, invokerRegister, keycloakMgm)
615 e.Use(echomiddleware.Logger())
616 e.Use(middleware.OapiRequestValidator(swagger))
618 securityapi.RegisterHandlers(e, s)
622 func getServiceSecurity(aefId string, apiId string) securityapi.ServiceSecurity {
623 return securityapi.ServiceSecurity{
624 NotificationDestination: common29122.Uri("http://golang.cafe/"),
625 SecurityInfo: []securityapi.SecurityInformation{
629 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
630 publishserviceapi.SecurityMethodOAUTH,
637 func getAefProfile(aefId string) publishserviceapi.AefProfile {
638 return publishserviceapi.AefProfile{
640 Versions: []publishserviceapi.Version{
642 Resources: &[]publishserviceapi.Resource{
644 CommType: "REQUEST_RESPONSE",