package security
import (
+ "errors"
"fmt"
"net/http"
"net/url"
"os"
"testing"
+ "oransc.org/nonrtric/capifcore/internal/keycloak"
"oransc.org/nonrtric/capifcore/internal/securityapi"
"oransc.org/nonrtric/capifcore/internal/invokermanagement"
"github.com/labstack/echo/v4"
- "oransc.org/nonrtric/capifcore/internal/common29122"
-
invokermocks "oransc.org/nonrtric/capifcore/internal/invokermanagement/mocks"
+ keycloackmocks "oransc.org/nonrtric/capifcore/internal/keycloak/mocks"
servicemocks "oransc.org/nonrtric/capifcore/internal/providermanagement/mocks"
publishmocks "oransc.org/nonrtric/capifcore/internal/publishservice/mocks"
"github.com/stretchr/testify/mock"
)
-func TestPostSecurityIdToken(t *testing.T) {
+func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
invokerRegisterMock := invokermocks.InvokerRegister{}
invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
serviceRegisterMock := servicemocks.ServiceRegister{}
serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
- apiRegisterMock := publishmocks.APIRegister{}
- apiRegisterMock.On("IsAPIRegistered", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
+ publishRegisterMock := publishmocks.PublishRegister{}
+ publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
+
+ jwt := keycloak.Jwttoken{
+ AccessToken: "eyJhbGNIn0.e3YTQ0xLjEifQ.FcqCwCy7iJiOmw",
+ ExpiresIn: 300,
+ Scope: "3gpp#aefIdpath",
+ }
+ accessMgmMock := keycloackmocks.AccessManagement{}
+ accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, nil)
- requestHandler := getEcho(&serviceRegisterMock, &apiRegisterMock, &invokerRegisterMock)
+ requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
data := url.Values{}
- data.Set("client_id", "id")
- data.Add("client_secret", "secret")
- data.Add("grant_type", "client_credentials")
- data.Add("scope", "scope#aefId:path")
+ clientId := "id"
+ clientSecret := "secret"
+ aefId := "aefId"
+ path := "path"
+ data.Set("client_id", clientId)
+ data.Set("client_secret", clientSecret)
+ data.Set("grant_type", "client_credentials")
+ data.Set("scope", "3gpp#"+aefId+":"+path)
+
encodedData := data.Encode()
result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
err := result.UnmarshalBodyToObject(&resultResponse)
assert.NoError(t, err, "error unmarshaling response")
assert.NotEmpty(t, resultResponse.AccessToken)
- assert.Equal(t, "scope#aefId:path", *resultResponse.Scope)
assert.Equal(t, securityapi.AccessTokenRspTokenTypeBearer, resultResponse.TokenType)
- assert.Equal(t, common29122.DurationSec(0), resultResponse.ExpiresIn)
- invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", "id")
- invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", "id", "secret")
- serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", "aefId")
- apiRegisterMock.AssertCalled(t, "IsAPIRegistered", "aefId", "path")
+ invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
+ invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
+ serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
+ publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
+ accessMgmMock.AssertCalled(t, "GetToken", clientId, clientSecret, "3gpp#"+aefId+":"+path, "invokerrealm")
+}
+
+func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
+ invokerRegisterMock := invokermocks.InvokerRegister{}
+ invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
+
+ requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+
+ data := url.Values{}
+ data.Set("client_id", "id")
+ data.Add("client_secret", "secret")
+ data.Add("grant_type", "client_credentials")
+ data.Add("scope", "3gpp#aefId:path")
+ encodedData := data.Encode()
+
+ result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusBadRequest, result.Code())
+ var errDetails securityapi.AccessTokenErr
+ err := result.UnmarshalBodyToObject(&errDetails)
+ assert.NoError(t, err, "error unmarshaling response")
+ assert.Equal(t, securityapi.AccessTokenErrErrorInvalidClient, errDetails.Error)
+ errMsg := "Invoker not registered"
+ assert.Equal(t, &errMsg, errDetails.ErrorDescription)
+}
+
+func TestPostSecurityIdTokenInvokerSecretNotValid(t *testing.T) {
+ invokerRegisterMock := invokermocks.InvokerRegister{}
+ invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+ invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
+
+ requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+
+ data := url.Values{}
+ data.Set("client_id", "id")
+ data.Add("client_secret", "secret")
+ data.Add("grant_type", "client_credentials")
+ data.Add("scope", "3gpp#aefId:path")
+ encodedData := data.Encode()
+
+ result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusBadRequest, result.Code())
+ var errDetails securityapi.AccessTokenErr
+ err := result.UnmarshalBodyToObject(&errDetails)
+ assert.NoError(t, err, "error unmarshaling response")
+ assert.Equal(t, securityapi.AccessTokenErrErrorUnauthorizedClient, errDetails.Error)
+ errMsg := "Invoker secret not valid"
+ assert.Equal(t, &errMsg, errDetails.ErrorDescription)
+}
+
+func TestPostSecurityIdTokenFunctionNotRegistered(t *testing.T) {
+ invokerRegisterMock := invokermocks.InvokerRegister{}
+ invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+ invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
+ serviceRegisterMock := servicemocks.ServiceRegister{}
+ serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)
+
+ requestHandler := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
+
+ data := url.Values{}
+ data.Set("client_id", "id")
+ data.Add("client_secret", "secret")
+ data.Add("grant_type", "client_credentials")
+ data.Add("scope", "3gpp#aefId:path")
+ encodedData := data.Encode()
+
+ result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusBadRequest, result.Code())
+ var errDetails securityapi.AccessTokenErr
+ err := result.UnmarshalBodyToObject(&errDetails)
+ assert.NoError(t, err, "error unmarshaling response")
+ assert.Equal(t, securityapi.AccessTokenErrErrorInvalidScope, errDetails.Error)
+ errMsg := "AEF Function not registered"
+ assert.Equal(t, &errMsg, errDetails.ErrorDescription)
+}
+
+func TestPostSecurityIdTokenAPINotPublished(t *testing.T) {
+ invokerRegisterMock := invokermocks.InvokerRegister{}
+ invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+ invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
+ serviceRegisterMock := servicemocks.ServiceRegister{}
+ serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
+ publishRegisterMock := publishmocks.PublishRegister{}
+ publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
+
+ requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
+
+ data := url.Values{}
+ data.Set("client_id", "id")
+ data.Add("client_secret", "secret")
+ data.Add("grant_type", "client_credentials")
+ data.Add("scope", "3gpp#aefId:path")
+ encodedData := data.Encode()
+
+ result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusBadRequest, result.Code())
+ var errDetails securityapi.AccessTokenErr
+ err := result.UnmarshalBodyToObject(&errDetails)
+ assert.NoError(t, err, "error unmarshaling response")
+ assert.Equal(t, securityapi.AccessTokenErrErrorInvalidScope, errDetails.Error)
+ errMsg := "API not published"
+ assert.Equal(t, &errMsg, errDetails.ErrorDescription)
+}
+
+func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
+ invokerRegisterMock := invokermocks.InvokerRegister{}
+ invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+ invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
+ serviceRegisterMock := servicemocks.ServiceRegister{}
+ serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(true)
+ publishRegisterMock := publishmocks.PublishRegister{}
+ publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(true)
+
+ jwt := keycloak.Jwttoken{}
+ accessMgmMock := keycloackmocks.AccessManagement{}
+ accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, errors.New("invalid_credentials"))
+
+ requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
+
+ data := url.Values{}
+ clientId := "id"
+ clientSecret := "secret"
+ aefId := "aefId"
+ path := "path"
+ data.Set("client_id", clientId)
+ data.Set("client_secret", clientSecret)
+ data.Set("grant_type", "client_credentials")
+ data.Set("scope", "3gpp#"+aefId+":"+path)
+
+ encodedData := data.Encode()
+
+ result := testutil.NewRequest().Post("/securities/invokerId/token").WithContentType("application/x-www-form-urlencoded").WithBody([]byte(encodedData)).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusBadRequest, result.Code())
+ var resultResponse securityapi.AccessTokenErr
+ err := result.UnmarshalBodyToObject(&resultResponse)
+ assert.NoError(t, err, "error unmarshaling response")
+ invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", clientId)
+ invokerRegisterMock.AssertCalled(t, "VerifyInvokerSecret", clientId, clientSecret)
+ serviceRegisterMock.AssertCalled(t, "IsFunctionRegistered", aefId)
+ publishRegisterMock.AssertCalled(t, "IsAPIPublished", aefId, path)
+ accessMgmMock.AssertCalled(t, "GetToken", clientId, clientSecret, "3gpp#"+aefId+":"+path, "invokerrealm")
}
-func getEcho(serviceRegister providermanagement.ServiceRegister, apiRegister publishservice.APIRegister, invokerRegister invokermanagement.InvokerRegister) *echo.Echo {
+func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) *echo.Echo {
swagger, err := securityapi.GetSwagger()
if err != nil {
fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
swagger.Servers = nil
- s := NewSecurity(serviceRegister, apiRegister, invokerRegister)
+ s := NewSecurity(serviceRegister, publishRegister, invokerRegister, keycloakMgm)
e := echo.New()
e.Use(echomiddleware.Logger())