2 * ========================LICENSE_START=================================
5 * Copyright (C) 2023 Nordix Foundation
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ========================LICENSE_END===================================
21 package org.oran.pmproducer.oauth2;
23 import static org.junit.jupiter.api.Assertions.assertFalse;
24 import static org.junit.jupiter.api.Assertions.assertThrows;
25 import static org.junit.jupiter.api.Assertions.assertTrue;
26 import static org.mockito.ArgumentMatchers.any;
27 import static org.mockito.Mockito.mock;
28 import static org.mockito.Mockito.verify;
29 import static org.mockito.Mockito.when;
31 import java.io.IOException;
32 import java.util.Collections;
33 import java.util.HashMap;
34 import java.util.List;
35 import javax.security.auth.callback.Callback;
36 import javax.security.auth.callback.UnsupportedCallbackException;
37 import javax.security.auth.login.AppConfigurationEntry;
38 import org.apache.kafka.common.security.auth.SaslExtensionsCallback;
39 import org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule;
40 import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback;
41 import org.junit.jupiter.api.BeforeEach;
42 import org.junit.jupiter.api.Test;
43 import org.mockito.Mockito;
45 class OAuthKafkaAuthenticateLoginCallbackHandlerTest {
47 private OAuthKafkaAuthenticateLoginCallbackHandler callbackHandler;
51 callbackHandler = new OAuthKafkaAuthenticateLoginCallbackHandler();
55 void testConfigureWithValidSaslMechanismAndConfigEntry() {
56 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
57 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
59 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
61 assertTrue(callbackHandler.isConfigured());
64 @SuppressWarnings("java:S5778")
66 void testConfigureWithInvalidSaslMechanism() {
67 String invalidSaslMechanism = "InvalidMechanism";
68 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
70 assertThrows(IllegalArgumentException.class, () -> callbackHandler.configure(new HashMap<>(), invalidSaslMechanism, jaasConfigEntries));
72 assertFalse(callbackHandler.isConfigured());
75 @SuppressWarnings("java:S5778")
77 void testConfigureWithEmptyJaasConfigEntries() {
78 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
79 List<AppConfigurationEntry> emptyJaasConfigEntries = Collections.emptyList();
81 assertThrows(IllegalArgumentException.class, () -> callbackHandler.configure(new HashMap<>(), saslMechanism, emptyJaasConfigEntries));
83 assertFalse(callbackHandler.isConfigured());
87 void testHandleSaslExtensionsCallback() throws IOException, UnsupportedCallbackException {
88 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
89 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
91 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
92 SaslExtensionsCallback callback = mock(SaslExtensionsCallback.class);
94 callbackHandler.handle(new Callback[]{callback});
95 verify(callback).extensions(any());
99 void testHandleUnsupportedCallback() {
100 Callback unsupportedCallback = mock(Callback.class);
101 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
102 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
104 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
105 assertThrows(UnsupportedCallbackException.class, () -> callbackHandler.handle(new Callback[]{unsupportedCallback}));
109 void testHandleOAuthBearerTokenCallback() throws IOException, UnsupportedCallbackException {
111 String saslMechanism = OAuthBearerLoginModule.OAUTHBEARER_MECHANISM;
112 List<AppConfigurationEntry> jaasConfigEntries = Collections.singletonList(Mockito.mock(AppConfigurationEntry.class));
113 String validJwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
115 callbackHandler.configure(new HashMap<>(), saslMechanism, jaasConfigEntries);
117 OAuthBearerTokenCallback oauthBearerTokenCallback = Mockito.mock(OAuthBearerTokenCallback.class);
118 SecurityContext securityContextMock = Mockito.mock(SecurityContext.class);
119 when(oauthBearerTokenCallback.token()).thenReturn(null); // Ensure the callback has no token initially
120 when(oauthBearerTokenCallback.token()).thenAnswer(invocation -> {
121 return OAuthBearerTokenJwt.create(validJwt);
124 when(securityContextMock.getBearerAuthToken()).thenReturn(validJwt);
125 callbackHandler.handle(new Callback[]{oauthBearerTokenCallback});
126 verify(oauthBearerTokenCallback).token();