1 package org.oran.pmlog.oauth2;
3 import static org.junit.jupiter.api.Assertions.assertFalse;
4 import static org.junit.jupiter.api.Assertions.assertThrows;
5 import static org.junit.jupiter.api.Assertions.assertTrue;
6 import static org.mockito.ArgumentMatchers.any;
7 import static org.mockito.Mockito.mock;
8 import static org.mockito.Mockito.verify;
9 import static org.mockito.Mockito.when;
11 import java.io.IOException;
12 import java.util.Collections;
13 import java.util.HashMap;
14 import java.util.List;
15 import javax.security.auth.callback.Callback;
16 import javax.security.auth.callback.UnsupportedCallbackException;
17 import javax.security.auth.login.AppConfigurationEntry;
18 import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
19 import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
20 import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
21 import org.junit.jupiter.api.BeforeEach;
22 import org.junit.jupiter.api.Test;
23 import org.mockito.Mockito;
25 class OAuthKafkaAuthenticateLoginCallbackHandlerTest {
27 private OAuthKafkaAuthenticateLoginCallbackHandler callbackHandler;
31 callbackHandler = new OAuthKafkaAuthenticateLoginCallbackHandler();
35 void testConfigureWithValidSaslMechanismAndConfigEntry() {
36 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
37 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
39 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
41 assertTrue(callbackHandler.isConfigured());
44 @SuppressWarnings("java:S5778")
46 void testConfigureWithInvalidSaslMechanism() {
47 String invalidSaslMechanism = "InvalidMechanism";
48 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
50 assertThrows(IllegalArgumentException.class, () -> callbackHandler.configure(new HashMap<>(), invalidSaslMechanism, jaasConfigEntries));
52 assertFalse(callbackHandler.isConfigured());
55 @SuppressWarnings("java:S5778")
57 void testConfigureWithEmptyJaasConfigEntries() {
58 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
59 List<AppConfigurationEntry> emptyJaasConfigEntries = Collections.emptyList();
61 assertThrows(IllegalArgumentException.class, () -> callbackHandler.configure(new HashMap<>(), saslMechanism, emptyJaasConfigEntries));
63 assertFalse(callbackHandler.isConfigured());
67 void testHandleSaslExtensionsCallback() throws IOException, UnsupportedCallbackException {
68 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
69 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
71 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
72 SaslExtensionsCallback callback = mock(SaslExtensionsCallback.class);
74 callbackHandler.handle(new Callback[]{callback});
75 verify(callback).extensions(any());
79 void testHandleUnsupportedCallback() {
80 Callback unsupportedCallback = mock(Callback.class);
81 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
82 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
84 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
85 assertThrows(UnsupportedCallbackException.class, () -> callbackHandler.handle(new Callback[]{unsupportedCallback}));
89 void testHandleOAuthBearerTokenCallback() throws IOException, UnsupportedCallbackException {
91 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
92 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
93 String validJwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
95 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
97 OAuthBearerTokenCallback oauthBearerTokenCallback = Mockito.mock(OAuthBearerTokenCallback.class);
98 SecurityContext securityContextMock = Mockito.mock(SecurityContext.class);
99 when(oauthBearerTokenCallback.token()).thenReturn(null); // Ensure the callback has no token initially
100 when(oauthBearerTokenCallback.token()).thenAnswer(invocation -> {
101 return OAuthBearerTokenJwt.create(validJwt);
104 when(securityContextMock.getBearerAuthToken()).thenReturn(validJwt);
105 callbackHandler.handle(new Callback[]{oauthBearerTokenCallback});
106 verify(oauthBearerTokenCallback).token();