2 // ========================LICENSE_START=================================
5 // Copyright (C) 2022: Nordix Foundation
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
18 // ========================LICENSE_END===================================
31 "oransc.org/nonrtric/capifcore/internal/common29122"
32 "oransc.org/nonrtric/capifcore/internal/keycloak"
33 "oransc.org/nonrtric/capifcore/internal/publishserviceapi"
34 "oransc.org/nonrtric/capifcore/internal/securityapi"
36 "oransc.org/nonrtric/capifcore/internal/invokermanagement"
37 "oransc.org/nonrtric/capifcore/internal/providermanagement"
38 "oransc.org/nonrtric/capifcore/internal/publishservice"
40 "github.com/labstack/echo/v4"
42 invokermocks "oransc.org/nonrtric/capifcore/internal/invokermanagement/mocks"
43 keycloackmocks "oransc.org/nonrtric/capifcore/internal/keycloak/mocks"
44 servicemocks "oransc.org/nonrtric/capifcore/internal/providermanagement/mocks"
45 publishmocks "oransc.org/nonrtric/capifcore/internal/publishservice/mocks"
47 "github.com/deepmap/oapi-codegen/pkg/middleware"
48 "github.com/deepmap/oapi-codegen/pkg/testutil"
49 echomiddleware "github.com/labstack/echo/v4/middleware"
50 "github.com/stretchr/testify/assert"
51 "github.com/stretchr/testify/mock"
54 func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
55 invokerRegisterMock := invokermocks.InvokerRegister{}
56 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
57 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
58 serviceRegisterMock := servicemocks.ServiceRegister{}
59 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
60 publishRegisterMock := publishmocks.PublishRegister{}
61 publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
63 jwt := keycloak.Jwttoken{
64 AccessToken: "eyJhbGNIn0.e3YTQ0xLjEifQ.FcqCwCy7iJiOmw",
66 Scope: "3gpp#aefIdpath",
68 accessMgmMock := keycloackmocks.AccessManagement{}
69 accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("map[string][]string")).Return(jwt, nil)
71 requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
75 clientSecret := "secret"
78 data.Set("client_id", clientId)
79 data.Set("client_secret", clientSecret)
80 data.Set("grant_type", "client_credentials")
81 data.Set("scope", "3gpp#"+aefId+":"+path)
83 encodedData := data.Encode()
85 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
87 assert.Equal(t, http.StatusCreated, result.Code())
88 var resultResponse securityapi.AccessTokenRsp
89 err := result.UnmarshalBodyToObject(&resultResponse)
90 assert.NoError(t, err, "error unmarshaling response")
91 assert.NotEmpty(t, resultResponse.AccessToken)
92 assert.Equal(t, securityapi.AccessTokenRspTokenTypeBearer, resultResponse.TokenType)
93 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
94 invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
95 serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
96 publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
97 accessMgmMock.AssertNumberOfCalls(t, "GetToken", 1)
100 func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
101 invokerRegisterMock := invokermocks.InvokerRegister{}
102 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
104 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
107 data.Set("client_id", "id")
108 data.Add("client_secret", "secret")
109 data.Add("grant_type", "client_credentials")
110 data.Add("scope", "3gpp#aefId:path")
111 encodedData := data.Encode()
113 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
115 assert.Equal(t, http.StatusBadRequest, result.Code())
116 var errDetails securityapi.AccessTokenErr
117 err := result.UnmarshalBodyToObject(&errDetails)
118 assert.NoError(t, err, "error unmarshaling response")
119 assert.Equal(t, securityapi.AccessTokenErrErrorInvalidClient, errDetails.Error)
120 errMsg := "Invoker not registered"
121 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
124 func TestPostSecurityIdTokenInvokerSecretNotValid(t *testing.T) {
125 invokerRegisterMock := invokermocks.InvokerRegister{}
126 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
127 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
129 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
132 data.Set("client_id", "id")
133 data.Add("client_secret", "secret")
134 data.Add("grant_type", "client_credentials")
135 data.Add("scope", "3gpp#aefId:path")
136 encodedData := data.Encode()
138 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
140 assert.Equal(t, http.StatusBadRequest, result.Code())
141 var errDetails securityapi.AccessTokenErr
142 err := result.UnmarshalBodyToObject(&errDetails)
143 assert.NoError(t, err, "error unmarshaling response")
144 assert.Equal(t, securityapi.AccessTokenErrErrorUnauthorizedClient, errDetails.Error)
145 errMsg := "Invoker secret not valid"
146 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
149 func TestPostSecurityIdTokenFunctionNotRegistered(t *testing.T) {
150 invokerRegisterMock := invokermocks.InvokerRegister{}
151 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
152 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
153 serviceRegisterMock := servicemocks.ServiceRegister{}
154 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)
156 requestHandler, _ := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
159 data.Set("client_id", "id")
160 data.Add("client_secret", "secret")
161 data.Add("grant_type", "client_credentials")
162 data.Add("scope", "3gpp#aefId:path")
163 encodedData := data.Encode()
165 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
167 assert.Equal(t, http.StatusBadRequest, result.Code())
168 var errDetails securityapi.AccessTokenErr
169 err := result.UnmarshalBodyToObject(&errDetails)
170 assert.NoError(t, err, "error unmarshaling response")
171 assert.Equal(t, securityapi.AccessTokenErrErrorInvalidScope, errDetails.Error)
172 errMsg := "AEF Function not registered"
173 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
176 func TestPostSecurityIdTokenAPINotPublished(t *testing.T) {
177 invokerRegisterMock := invokermocks.InvokerRegister{}
178 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
179 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
180 serviceRegisterMock := servicemocks.ServiceRegister{}
181 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
182 publishRegisterMock := publishmocks.PublishRegister{}
183 publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
185 requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
188 data.Set("client_id", "id")
189 data.Add("client_secret", "secret")
190 data.Add("grant_type", "client_credentials")
191 data.Add("scope", "3gpp#aefId:path")
192 encodedData := data.Encode()
194 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
196 assert.Equal(t, http.StatusBadRequest, result.Code())
197 var errDetails securityapi.AccessTokenErr
198 err := result.UnmarshalBodyToObject(&errDetails)
199 assert.NoError(t, err, "error unmarshaling response")
200 assert.Equal(t, securityapi.AccessTokenErrErrorInvalidScope, errDetails.Error)
201 errMsg := "API not published"
202 assert.Equal(t, &errMsg, errDetails.ErrorDescription)
205 func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
206 invokerRegisterMock := invokermocks.InvokerRegister{}
207 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
208 invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
209 serviceRegisterMock := servicemocks.ServiceRegister{}
210 serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
211 publishRegisterMock := publishmocks.PublishRegister{}
212 publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
214 jwt := keycloak.Jwttoken{}
215 accessMgmMock := keycloackmocks.AccessManagement{}
216 accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("map[string][]string")).Return(jwt, errors.New("invalid_credentials"))
218 requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
222 clientSecret := "secret"
225 data.Set("client_id", clientId)
226 data.Set("client_secret", clientSecret)
227 data.Set("grant_type", "client_credentials")
228 data.Set("scope", "3gpp#"+aefId+":"+path)
230 encodedData := data.Encode()
232 result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
234 assert.Equal(t, http.StatusBadRequest, result.Code())
235 var resultResponse securityapi.AccessTokenErr
236 err := result.UnmarshalBodyToObject(&resultResponse)
237 assert.NoError(t, err, "error unmarshaling response")
238 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
239 invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
240 serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
241 publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
242 accessMgmMock.AssertNumberOfCalls(t, "GetToken", 1)
245 func TestPutTrustedInvokerSuccessfully(t *testing.T) {
246 invokerRegisterMock := invokermocks.InvokerRegister{}
247 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
249 aefProfile := getAefProfile(aefId)
250 aefProfile.SecurityMethods = &[]publishserviceapi.SecurityMethod{
251 publishserviceapi.SecurityMethodPKI,
253 aefProfiles := []publishserviceapi.AefProfile{
257 publishedServices := []publishserviceapi.ServiceAPIDescription{
260 AefProfiles: &aefProfiles,
263 publishRegisterMock := publishmocks.PublishRegister{}
264 publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
266 requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
268 invokerId := "invokerId"
269 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
270 serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
272 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
274 assert.Equal(t, http.StatusCreated, result.Code())
275 var resultResponse securityapi.ServiceSecurity
276 err := result.UnmarshalBodyToObject(&resultResponse)
277 assert.NoError(t, err, "error unmarshaling response")
278 assert.NotEmpty(t, resultResponse.NotificationDestination)
280 for _, security := range resultResponse.SecurityInfo {
281 assert.Equal(t, *security.ApiId, apiId)
282 assert.Equal(t, *security.SelSecurityMethod, publishserviceapi.SecurityMethodPKI)
284 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
287 func TestPutTrustedInkoverNotRegistered(t *testing.T) {
288 invokerRegisterMock := invokermocks.InvokerRegister{}
289 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
291 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
293 invokerId := "invokerId"
294 serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
296 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
298 badRequest := http.StatusBadRequest
299 assert.Equal(t, badRequest, result.Code())
300 var problemDetails common29122.ProblemDetails
301 err := result.UnmarshalBodyToObject(&problemDetails)
302 assert.NoError(t, err, "error unmarshaling response")
303 assert.Equal(t, &badRequest, problemDetails.Status)
304 assert.Contains(t, *problemDetails.Cause, "Invoker not registered")
305 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
308 func TestPutTrustedInkoverInvalidInputServiceSecurity(t *testing.T) {
309 invokerRegisterMock := invokermocks.InvokerRegister{}
310 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
312 requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
314 invokerId := "invokerId"
315 notificationUrl := "url"
316 serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
317 serviceSecurityUnderTest.NotificationDestination = common29122.Uri(notificationUrl)
319 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
321 badRequest := http.StatusBadRequest
322 assert.Equal(t, badRequest, result.Code())
323 var problemDetails common29122.ProblemDetails
324 err := result.UnmarshalBodyToObject(&problemDetails)
325 assert.NoError(t, err, "error unmarshaling response")
326 assert.Equal(t, &badRequest, problemDetails.Status)
327 assert.Contains(t, *problemDetails.Cause, "ServiceSecurity has invalid notificationDestination")
328 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
331 func TestPutTrustedInvokerInterfaceDetailsNotNil(t *testing.T) {
332 invokerRegisterMock := invokermocks.InvokerRegister{}
333 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
335 aefProfile := getAefProfile(aefId)
336 aefProfile.SecurityMethods = &[]publishserviceapi.SecurityMethod{
337 publishserviceapi.SecurityMethodPKI,
339 aefProfiles := []publishserviceapi.AefProfile{
343 publishedServices := []publishserviceapi.ServiceAPIDescription{
346 AefProfiles: &aefProfiles,
349 publishRegisterMock := publishmocks.PublishRegister{}
350 publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
352 requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
354 invokerId := "invokerId"
355 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
356 serviceSecurityUnderTest.SecurityInfo[0] = securityapi.SecurityInformation{
358 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
359 publishserviceapi.SecurityMethodOAUTH,
361 InterfaceDetails: &publishserviceapi.InterfaceDescription{
362 SecurityMethods: &[]publishserviceapi.SecurityMethod{
363 publishserviceapi.SecurityMethodPSK,
368 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
370 assert.Equal(t, http.StatusCreated, result.Code())
371 var resultResponse securityapi.ServiceSecurity
372 err := result.UnmarshalBodyToObject(&resultResponse)
373 assert.NoError(t, err, "error unmarshaling response")
374 assert.NotEmpty(t, resultResponse.NotificationDestination)
376 for _, security := range resultResponse.SecurityInfo {
377 assert.Equal(t, apiId, *security.ApiId)
378 assert.Equal(t, publishserviceapi.SecurityMethodPSK, *security.SelSecurityMethod)
380 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
383 func TestPutTrustedInvokerNotFoundSecurityMethod(t *testing.T) {
384 invokerRegisterMock := invokermocks.InvokerRegister{}
385 invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
387 aefProfiles := []publishserviceapi.AefProfile{
388 getAefProfile("aefId"),
391 publishedServices := []publishserviceapi.ServiceAPIDescription{
394 AefProfiles: &aefProfiles,
397 publishRegisterMock := publishmocks.PublishRegister{}
398 publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
400 accessMgmMock := keycloackmocks.AccessManagement{}
401 accessMgmMock.On("AddClient", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(nil)
403 requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
405 invokerId := "invokerId"
406 serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
408 result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
410 badRequest := http.StatusBadRequest
411 assert.Equal(t, badRequest, result.Code())
412 var problemDetails common29122.ProblemDetails
413 err := result.UnmarshalBodyToObject(&problemDetails)
414 assert.NoError(t, err, "error unmarshaling response")
415 assert.Equal(t, &badRequest, problemDetails.Status)
416 assert.Contains(t, *problemDetails.Cause, "not found")
417 assert.Contains(t, *problemDetails.Cause, "security method")
418 invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
421 func TestDeleteSecurityContext(t *testing.T) {
423 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
427 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
428 serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
430 invokerId := "invokerId"
431 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
433 // Delete the security context
434 result := testutil.NewRequest().Delete("/trustedInvokers/"+invokerId).Go(t, requestHandler)
436 assert.Equal(t, http.StatusNoContent, result.Code())
437 _, ok := securityUnderTest.trustedInvokers[invokerId]
441 func TestGetSecurityContextByInvokerId(t *testing.T) {
443 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
447 authenticationInfo := "authenticationInfo"
448 authorizationInfo := "authorizationInfo"
449 serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
450 serviceSecurityUnderTest.SecurityInfo[0].AuthenticationInfo = &authenticationInfo
451 serviceSecurityUnderTest.SecurityInfo[0].AuthorizationInfo = &authorizationInfo
453 invokerId := "invokerId"
454 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
456 // Get security context
457 result := testutil.NewRequest().Get("/trustedInvokers/"+invokerId).Go(t, requestHandler)
459 assert.Equal(t, http.StatusOK, result.Code())
460 var resultService securityapi.ServiceSecurity
461 err := result.UnmarshalBodyToObject(&resultService)
462 assert.NoError(t, err, "error unmarshaling response")
464 for _, secInfo := range resultService.SecurityInfo {
465 assert.Equal(t, apiId, *secInfo.ApiId)
466 assert.Equal(t, aefId, *secInfo.AefId)
467 assert.Equal(t, "", *secInfo.AuthenticationInfo)
468 assert.Equal(t, "", *secInfo.AuthorizationInfo)
471 result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=false").Go(t, requestHandler)
472 assert.Equal(t, http.StatusOK, result.Code())
473 err = result.UnmarshalBodyToObject(&resultService)
474 assert.NoError(t, err, "error unmarshaling response")
476 for _, secInfo := range resultService.SecurityInfo {
477 assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
478 assert.Equal(t, "", *secInfo.AuthorizationInfo)
481 result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=true").Go(t, requestHandler)
482 assert.Equal(t, http.StatusOK, result.Code())
483 err = result.UnmarshalBodyToObject(&resultService)
484 assert.NoError(t, err, "error unmarshaling response")
486 for _, secInfo := range resultService.SecurityInfo {
487 assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
488 assert.Equal(t, authorizationInfo, *secInfo.AuthorizationInfo)
492 func TestUpdateTrustedInvoker(t *testing.T) {
494 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
498 invokerId := "invokerId"
499 serviceSecurityTest := getServiceSecurity(aefId, apiId)
500 serviceSecurityTest.SecurityInfo[0].ApiId = &apiId
501 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityTest
503 // Update the service security with valid invoker, should return 200 with updated service security
504 newNotifURL := "http://golang.org/"
505 serviceSecurityTest.NotificationDestination = common29122.Uri(newNotifURL)
506 result := testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/update").WithJsonBody(serviceSecurityTest).Go(t, requestHandler)
508 var resultResponse securityapi.ServiceSecurity
509 assert.Equal(t, http.StatusOK, result.Code())
510 err := result.UnmarshalBodyToObject(&resultResponse)
511 assert.NoError(t, err, "error unmarshaling response")
512 assert.Equal(t, newNotifURL, string(resultResponse.NotificationDestination))
514 // Update with a service security missing required NotificationDestination, should get 400 with problem details
515 invalidServiceSecurity := securityapi.ServiceSecurity{
516 SecurityInfo: []securityapi.SecurityInformation{
520 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
521 publishserviceapi.SecurityMethodOAUTH,
527 result = testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/update").WithJsonBody(invalidServiceSecurity).Go(t, requestHandler)
529 assert.Equal(t, http.StatusBadRequest, result.Code())
530 var problemDetails common29122.ProblemDetails
531 err = result.UnmarshalBodyToObject(&problemDetails)
532 assert.NoError(t, err, "error unmarshaling response")
533 assert.Equal(t, http.StatusBadRequest, *problemDetails.Status)
534 assert.Contains(t, *problemDetails.Cause, "missing")
535 assert.Contains(t, *problemDetails.Cause, "notificationDestination")
537 // Update a service security that has not been registered, should get 404 with problem details
539 result = testutil.NewRequest().Post("/trustedInvokers/"+missingId+"/update").WithJsonBody(serviceSecurityTest).Go(t, requestHandler)
541 assert.Equal(t, http.StatusNotFound, result.Code())
542 err = result.UnmarshalBodyToObject(&problemDetails)
543 assert.NoError(t, err, "error unmarshaling response")
544 assert.Equal(t, http.StatusNotFound, *problemDetails.Status)
545 assert.Contains(t, *problemDetails.Cause, "not register")
546 assert.Contains(t, *problemDetails.Cause, "trusted invoker")
549 func TestRevokeAuthorizationToInvoker(t *testing.T) {
552 invokerId := "invokerId"
554 notification := securityapi.SecurityNotification{
556 ApiInvokerId: invokerId,
557 ApiIds: []string{apiId},
558 Cause: securityapi.CauseUNEXPECTEDREASON,
561 requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
563 serviceSecurityTest := getServiceSecurity(aefId, apiId)
564 serviceSecurityTest.SecurityInfo[0].ApiId = &apiId
566 apiIdTwo := "apiIdTwo"
567 secInfo := securityapi.SecurityInformation{
570 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
571 publishserviceapi.SecurityMethodPKI,
575 serviceSecurityTest.SecurityInfo = append(serviceSecurityTest.SecurityInfo, secInfo)
577 securityUnderTest.trustedInvokers[invokerId] = serviceSecurityTest
580 result := testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/delete").WithJsonBody(notification).Go(t, requestHandler)
582 assert.Equal(t, http.StatusNoContent, result.Code())
583 assert.Equal(t, 1, len(securityUnderTest.trustedInvokers[invokerId].SecurityInfo))
585 notification.ApiIds = []string{apiIdTwo}
587 result = testutil.NewRequest().Post("/trustedInvokers/"+invokerId+"/delete").WithJsonBody(notification).Go(t, requestHandler)
589 assert.Equal(t, http.StatusNoContent, result.Code())
590 _, ok := securityUnderTest.trustedInvokers[invokerId]
594 func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) (*echo.Echo, *Security) {
595 swagger, err := securityapi.GetSwagger()
597 fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
601 swagger.Servers = nil
603 s := NewSecurity(serviceRegister, publishRegister, invokerRegister, keycloakMgm)
606 e.Use(echomiddleware.Logger())
607 e.Use(middleware.OapiRequestValidator(swagger))
609 securityapi.RegisterHandlers(e, s)
613 func getServiceSecurity(aefId string, apiId string) securityapi.ServiceSecurity {
614 return securityapi.ServiceSecurity{
615 NotificationDestination: common29122.Uri("http://golang.cafe/"),
616 SecurityInfo: []securityapi.SecurityInformation{
620 PrefSecurityMethods: []publishserviceapi.SecurityMethod{
621 publishserviceapi.SecurityMethodOAUTH,
628 func getAefProfile(aefId string) publishserviceapi.AefProfile {
629 return publishserviceapi.AefProfile{
631 Versions: []publishserviceapi.Version{
633 Resources: &[]publishserviceapi.Resource{
635 CommType: "REQUEST_RESPONSE",