influxlogger/src/test/java/org/oran/pmlog/oauth2/OAuthKafkaAuthenticateLoginCallbackHandlerTest.java

   1 package org.oran.pmlog.oauth2;
   2
   3 import static org.junit.jupiter.api.Assertions.assertFalse;
   4 import static org.junit.jupiter.api.Assertions.assertThrows;
   5 import static org.junit.jupiter.api.Assertions.assertTrue;
   6 import static org.mockito.ArgumentMatchers.any;
   7 import static org.mockito.Mockito.mock;
   8 import static org.mockito.Mockito.verify;
   9 import static org.mockito.Mockito.when;
  10
  11 import java.io.IOException;
  12 import java.util.Collections;
  13 import java.util.HashMap;
  14 import java.util.List;
  15 import javax.security.auth.callback.Callback;
  16 import javax.security.auth.callback.UnsupportedCallbackException;
  17 import javax.security.auth.login.AppConfigurationEntry;
  18 import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
  19 import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
  20 import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
  21 import org.junit.jupiter.api.BeforeEach;
  22 import org.junit.jupiter.api.Test;
  23 import org.mockito.Mockito;
  24
  25 class OAuthKafkaAuthenticateLoginCallbackHandlerTest {
  26
  27     private OAuthKafkaAuthenticateLoginCallbackHandler callbackHandler;
  28
  29     @BeforeEach
  30     void setUp() {
  31         callbackHandler = new OAuthKafkaAuthenticateLoginCallbackHandler();
  32     }
  33
  34     @Test
  35     void testConfigureWithValidSaslMechanismAndConfigEntry() {
  36         String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
  37         List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
  38
  39         callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
  40
  41         assertTrue(callbackHandler.isConfigured());
  42     }
  43
  44     @SuppressWarnings("java:S5778")
  45     @Test
  46     void testConfigureWithInvalidSaslMechanism() {
  47         String invalidSaslMechanism = "InvalidMechanism";
  48         List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
  49
  50         assertThrows(IllegalArgumentException.class, () -> callbackHandler.configure(new HashMap<>(), invalidSaslMechanism, jaasConfigEntries));
  51
  52         assertFalse(callbackHandler.isConfigured());
  53     }
  54
  55     @SuppressWarnings("java:S5778")
  56     @Test
  57     void testConfigureWithEmptyJaasConfigEntries() {
  58         String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
  59         List<AppConfigurationEntry> emptyJaasConfigEntries = Collections.emptyList();
  60
  61         assertThrows(IllegalArgumentException.class, () -> callbackHandler.configure(new HashMap<>(), saslMechanism, emptyJaasConfigEntries));
  62
  63         assertFalse(callbackHandler.isConfigured());
  64     }
  65
  66     @Test
  67     void testHandleSaslExtensionsCallback() throws IOException, UnsupportedCallbackException {
  68         String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
  69         List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
  70
  71         callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
  72         SaslExtensionsCallback callback = mock(SaslExtensionsCallback.class);
  73
  74         callbackHandler.handle(new Callback[]{callback});
  75         verify(callback).extensions(any());
  76     }
  77
  78     @Test
  79     void testHandleUnsupportedCallback() {
  80         Callback unsupportedCallback = mock(Callback.class);
  81         String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
  82         List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
  83
  84         callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
  85         assertThrows(UnsupportedCallbackException.class, () -> callbackHandler.handle(new Callback[]{unsupportedCallback}));
  86     }
  87
  88     @Test
  89     void testHandleOAuthBearerTokenCallback() throws IOException, UnsupportedCallbackException {
  90
  91         String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
  92         List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
  93         String validJwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
  94
  95         callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
  96
  97         OAuthBearerTokenCallback oauthBearerTokenCallback = Mockito.mock(OAuthBearerTokenCallback.class);
  98         SecurityContext securityContextMock = Mockito.mock(SecurityContext.class);
  99         when(oauthBearerTokenCallback.token()).thenReturn(null); // Ensure the callback has no token initially
 100         when(oauthBearerTokenCallback.token()).thenAnswer(invocation -> {
 101             return OAuthBearerTokenJwt.create(validJwt);
 102         });
 103
 104         when(securityContextMock.getBearerAuthToken()).thenReturn(validJwt);
 105         callbackHandler.handle(new Callback[]{oauthBearerTokenCallback});
 106         verify(oauthBearerTokenCallback).token();
 107     }
 108 }
 109