X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Fsecurityservice%2Fsecurity_test.go;h=1abb8aec03b99f8fb02f8008cfabf80eb881211b;hb=856821490df816d7343d90f76f729240bd4e00d6;hp=13af737a093a24441e6f98f35e250712f96f1e23;hpb=4308df0663b45eb9d95b3babdf519a06ee76c15a;p=nonrtric%2Fplt%2Fsme.git

diff --git a/capifcore/internal/securityservice/security_test.go b/capifcore/internal/securityservice/security_test.go
index 13af737..1abb8ae 100644
--- a/capifcore/internal/securityservice/security_test.go
+++ b/capifcore/internal/securityservice/security_test.go
@@ -28,7 +28,9 @@ import (
 	"os"
 	"testing"
 
+	"oransc.org/nonrtric/capifcore/internal/common29122"
 	"oransc.org/nonrtric/capifcore/internal/keycloak"
+	"oransc.org/nonrtric/capifcore/internal/publishserviceapi"
 	"oransc.org/nonrtric/capifcore/internal/securityapi"
 
 	"oransc.org/nonrtric/capifcore/internal/invokermanagement"
@@ -66,7 +68,7 @@ func TestPostSecurityIdTokenInvokerRegistered(t *testing.T) {
 	accessMgmMock := keycloackmocks.AccessManagement{}
 	accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, nil)
 
-	requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
+	requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
 
 	data := url.Values{}
 	clientId := "id"
@@ -99,7 +101,7 @@ func TestPostSecurityIdTokenInvokerNotRegistered(t *testing.T) {
 	invokerRegisterMock := invokermocks.InvokerRegister{}
 	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
 
-	requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+	requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
 
 	data := url.Values{}
 	data.Set("client_id", "id")
@@ -124,7 +126,7 @@ func TestPostSecurityIdTokenInvokerSecretNotValid(t *testing.T) {
 	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
 	invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
 
-	requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+	requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
 
 	data := url.Values{}
 	data.Set("client_id", "id")
@@ -151,7 +153,7 @@ func TestPostSecurityIdTokenFunctionNotRegistered(t *testing.T) {
 	serviceRegisterMock := servicemocks.ServiceRegister{}
 	serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)
 
-	requestHandler := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
+	requestHandler, _ := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
 
 	data := url.Values{}
 	data.Set("client_id", "id")
@@ -180,7 +182,7 @@ func TestPostSecurityIdTokenAPINotPublished(t *testing.T) {
 	publishRegisterMock := publishmocks.PublishRegister{}
 	publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
 
-	requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
+	requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
 
 	data := url.Values{}
 	data.Set("client_id", "id")
@@ -213,7 +215,7 @@ func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
 	accessMgmMock := keycloackmocks.AccessManagement{}
 	accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, errors.New("invalid_credentials"))
 
-	requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
+	requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
 
 	data := url.Values{}
 	clientId := "id"
@@ -240,7 +242,253 @@ func TestPostSecurityIdTokenInvokerInvalidCredentials(t *testing.T) {
 	accessMgmMock.AssertCalled(t, "GetToken", clientId, clientSecret, "3gpp#"+aefId+":"+path, "invokerrealm")
 }
 
-func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) *echo.Echo {
+func TestPutTrustedInvokerSuccessfully(t *testing.T) {
+	invokerRegisterMock := invokermocks.InvokerRegister{}
+	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+	aefId := "aefId"
+	aefProfile := getAefProfile(aefId)
+	aefProfile.SecurityMethods = &[]publishserviceapi.SecurityMethod{
+		publishserviceapi.SecurityMethodPKI,
+	}
+	aefProfiles := []publishserviceapi.AefProfile{
+		aefProfile,
+	}
+	apiId := "apiId"
+	publishedServices := []publishserviceapi.ServiceAPIDescription{
+		{
+			ApiId:       &apiId,
+			AefProfiles: &aefProfiles,
+		},
+	}
+	publishRegisterMock := publishmocks.PublishRegister{}
+	publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
+
+	requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+
+	invokerId := "invokerId"
+	serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
+	serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
+
+	result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
+
+	assert.Equal(t, http.StatusCreated, result.Code())
+	var resultResponse securityapi.ServiceSecurity
+	err := result.UnmarshalBodyToObject(&resultResponse)
+	assert.NoError(t, err, "error unmarshaling response")
+	assert.NotEmpty(t, resultResponse.NotificationDestination)
+
+	for _, security := range resultResponse.SecurityInfo {
+		assert.Equal(t, *security.ApiId, apiId)
+		assert.Equal(t, *security.SelSecurityMethod, publishserviceapi.SecurityMethodPKI)
+	}
+	invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
+
+}
+
+func TestPutTrustedInkoverNotRegistered(t *testing.T) {
+	invokerRegisterMock := invokermocks.InvokerRegister{}
+	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
+
+	requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
+
+	invokerId := "invokerId"
+	serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
+
+	result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
+
+	badRequest := http.StatusBadRequest
+	assert.Equal(t, badRequest, result.Code())
+	var problemDetails common29122.ProblemDetails
+	err := result.UnmarshalBodyToObject(&problemDetails)
+	assert.NoError(t, err, "error unmarshaling response")
+	assert.Equal(t, &badRequest, problemDetails.Status)
+	assert.Contains(t, *problemDetails.Cause, "Invoker not registered")
+	invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
+}
+
+func TestPutTrustedInkoverInvalidInputServiceSecurity(t *testing.T) {
+	invokerRegisterMock := invokermocks.InvokerRegister{}
+	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+
+	requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
+
+	invokerId := "invokerId"
+	notificationUrl := "url"
+	serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
+	serviceSecurityUnderTest.NotificationDestination = common29122.Uri(notificationUrl)
+
+	result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
+
+	badRequest := http.StatusBadRequest
+	assert.Equal(t, badRequest, result.Code())
+	var problemDetails common29122.ProblemDetails
+	err := result.UnmarshalBodyToObject(&problemDetails)
+	assert.NoError(t, err, "error unmarshaling response")
+	assert.Equal(t, &badRequest, problemDetails.Status)
+	assert.Contains(t, *problemDetails.Cause, "ServiceSecurity has invalid notificationDestination")
+	invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
+}
+
+func TestPutTrustedInvokerInterfaceDetailsNotNil(t *testing.T) {
+	invokerRegisterMock := invokermocks.InvokerRegister{}
+	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+	aefId := "aefId"
+	aefProfile := getAefProfile(aefId)
+	aefProfile.SecurityMethods = &[]publishserviceapi.SecurityMethod{
+		publishserviceapi.SecurityMethodPKI,
+	}
+	aefProfiles := []publishserviceapi.AefProfile{
+		aefProfile,
+	}
+	apiId := "apiId"
+	publishedServices := []publishserviceapi.ServiceAPIDescription{
+		{
+			ApiId:       &apiId,
+			AefProfiles: &aefProfiles,
+		},
+	}
+	publishRegisterMock := publishmocks.PublishRegister{}
+	publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
+
+	requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+
+	invokerId := "invokerId"
+	serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
+	serviceSecurityUnderTest.SecurityInfo[0] = securityapi.SecurityInformation{
+		ApiId: &apiId,
+		PrefSecurityMethods: []publishserviceapi.SecurityMethod{
+			publishserviceapi.SecurityMethodOAUTH,
+		},
+		InterfaceDetails: &publishserviceapi.InterfaceDescription{
+			SecurityMethods: &[]publishserviceapi.SecurityMethod{
+				publishserviceapi.SecurityMethodPSK,
+			},
+		},
+	}
+
+	result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
+
+	assert.Equal(t, http.StatusCreated, result.Code())
+	var resultResponse securityapi.ServiceSecurity
+	err := result.UnmarshalBodyToObject(&resultResponse)
+	assert.NoError(t, err, "error unmarshaling response")
+	assert.NotEmpty(t, resultResponse.NotificationDestination)
+
+	for _, security := range resultResponse.SecurityInfo {
+		assert.Equal(t, apiId, *security.ApiId)
+		assert.Equal(t, publishserviceapi.SecurityMethodPSK, *security.SelSecurityMethod)
+	}
+	invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
+
+}
+
+func TestPutTrustedInvokerNotFoundSecurityMethod(t *testing.T) {
+	invokerRegisterMock := invokermocks.InvokerRegister{}
+	invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
+
+	aefProfiles := []publishserviceapi.AefProfile{
+		getAefProfile("aefId"),
+	}
+	apiId := "apiId"
+	publishedServices := []publishserviceapi.ServiceAPIDescription{
+		{
+			ApiId:       &apiId,
+			AefProfiles: &aefProfiles,
+		},
+	}
+	publishRegisterMock := publishmocks.PublishRegister{}
+	publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
+
+	requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+
+	invokerId := "invokerId"
+	serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
+
+	result := testutil.NewRequest().Put("/trustedInvokers/"+invokerId).WithJsonBody(serviceSecurityUnderTest).Go(t, requestHandler)
+
+	badRequest := http.StatusBadRequest
+	assert.Equal(t, badRequest, result.Code())
+	var problemDetails common29122.ProblemDetails
+	err := result.UnmarshalBodyToObject(&problemDetails)
+	assert.NoError(t, err, "error unmarshaling response")
+	assert.Equal(t, &badRequest, problemDetails.Status)
+	assert.Contains(t, *problemDetails.Cause, "not found")
+	assert.Contains(t, *problemDetails.Cause, "security method")
+	invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
+}
+
+func TestDeleteSecurityContext(t *testing.T) {
+
+	requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
+
+	aefId := "aefId"
+	apiId := "apiId"
+	serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
+	serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
+
+	invokerId := "invokerId"
+	securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
+
+	// Delete the security context
+	result := testutil.NewRequest().Delete("/trustedInvokers/"+invokerId).Go(t, requestHandler)
+
+	assert.Equal(t, http.StatusNoContent, result.Code())
+	_, ok := securityUnderTest.trustedInvokers[invokerId]
+	assert.False(t, ok)
+}
+
+func TestGetSecurityContextByInvokerId(t *testing.T) {
+
+	requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
+
+	aefId := "aefId"
+	apiId := "apiId"
+	authenticationInfo := "authenticationInfo"
+	authorizationInfo := "authorizationInfo"
+	serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
+	serviceSecurityUnderTest.SecurityInfo[0].AuthenticationInfo = &authenticationInfo
+	serviceSecurityUnderTest.SecurityInfo[0].AuthorizationInfo = &authorizationInfo
+
+	invokerId := "invokerId"
+	securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
+
+	// Get security context
+	result := testutil.NewRequest().Get("/trustedInvokers/"+invokerId).Go(t, requestHandler)
+
+	assert.Equal(t, http.StatusOK, result.Code())
+	var resultService securityapi.ServiceSecurity
+	err := result.UnmarshalBodyToObject(&resultService)
+	assert.NoError(t, err, "error unmarshaling response")
+
+	for _, secInfo := range resultService.SecurityInfo {
+		assert.Equal(t, apiId, *secInfo.ApiId)
+		assert.Equal(t, aefId, *secInfo.AefId)
+		assert.Equal(t, "", *secInfo.AuthenticationInfo)
+		assert.Equal(t, "", *secInfo.AuthorizationInfo)
+	}
+
+	result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=false").Go(t, requestHandler)
+	assert.Equal(t, http.StatusOK, result.Code())
+	err = result.UnmarshalBodyToObject(&resultService)
+	assert.NoError(t, err, "error unmarshaling response")
+
+	for _, secInfo := range resultService.SecurityInfo {
+		assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
+		assert.Equal(t, "", *secInfo.AuthorizationInfo)
+	}
+
+	result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=true").Go(t, requestHandler)
+	assert.Equal(t, http.StatusOK, result.Code())
+	err = result.UnmarshalBodyToObject(&resultService)
+	assert.NoError(t, err, "error unmarshaling response")
+
+	for _, secInfo := range resultService.SecurityInfo {
+		assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
+		assert.Equal(t, authorizationInfo, *secInfo.AuthorizationInfo)
+	}
+}
+
+func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) (*echo.Echo, *Security) {
 	swagger, err := securityapi.GetSwagger()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
@@ -256,5 +504,35 @@ func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister
 	e.Use(middleware.OapiRequestValidator(swagger))
 
 	securityapi.RegisterHandlers(e, s)
-	return e
+	return e, s
+}
+
+func getServiceSecurity(aefId string, apiId string) securityapi.ServiceSecurity {
+	return securityapi.ServiceSecurity{
+		NotificationDestination: common29122.Uri("http://golang.cafe/"),
+		SecurityInfo: []securityapi.SecurityInformation{
+			{
+				AefId: &aefId,
+				ApiId: &apiId,
+				PrefSecurityMethods: []publishserviceapi.SecurityMethod{
+					publishserviceapi.SecurityMethodOAUTH,
+				},
+			},
+		},
+	}
+}
+
+func getAefProfile(aefId string) publishserviceapi.AefProfile {
+	return publishserviceapi.AefProfile{
+		AefId: aefId,
+		Versions: []publishserviceapi.Version{
+			{
+				Resources: &[]publishserviceapi.Resource{
+					{
+						CommType: "REQUEST_RESPONSE",
+					},
+				},
+			},
+		},
+	}
 }