+// -
+// ========================LICENSE_START=================================
+// O-RAN-SC
+// %%
+// Copyright (C) 2023: Nordix Foundation
+// %%
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ========================LICENSE_END===================================
+//
+
+package securityapi
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestValidateClientIdNotPresent(t *testing.T) {
+ accessTokenUnderTest := AccessTokenReq{}
+ valid, err := accessTokenUnderTest.Validate()
+
+ assert.Equal(t, false, valid)
+ assert.Equal(t, AccessTokenErrErrorInvalidRequest, err.Error)
+ assert.Equal(t, "Invalid request", *err.ErrorDescription)
+}
+
+func TestValidateGrantType(t *testing.T) {
+ accessTokenUnderTest := AccessTokenReq{
+ ClientId: "clientId",
+ GrantType: AccessTokenReqGrantType(""),
+ }
+ valid, err := accessTokenUnderTest.Validate()
+
+ assert.Equal(t, false, valid)
+ assert.Equal(t, AccessTokenErrErrorInvalidGrant, err.Error)
+ assert.Equal(t, "Invalid value for grant_type", *err.ErrorDescription)
+
+ accessTokenUnderTest.GrantType = AccessTokenReqGrantType("client_credentials")
+ valid, err = accessTokenUnderTest.Validate()
+ assert.Equal(t, true, valid)
+}
+
+func TestValidateScopeNotValid(t *testing.T) {
+ scope := "scope#aefId:path"
+ accessTokenUnderTest := AccessTokenReq{
+ ClientId: "clientId",
+ GrantType: ("client_credentials"),
+ Scope: &scope,
+ }
+ valid, err := accessTokenUnderTest.Validate()
+
+ assert.Equal(t, false, valid)
+ assert.Equal(t, AccessTokenErrErrorInvalidScope, err.Error)
+ assert.Equal(t, "Scope should start with 3gpp", *err.ErrorDescription)
+
+ scope = "3gpp#aefId:path"
+ accessTokenUnderTest.Scope = &scope
+ valid, err = accessTokenUnderTest.Validate()
+ assert.Equal(t, true, valid)
+}
+
+func TestValidateScopeMalformed(t *testing.T) {
+ scope := "3gpp"
+ accessTokenUnderTest := AccessTokenReq{
+ ClientId: "clientId",
+ GrantType: ("client_credentials"),
+ Scope: &scope,
+ }
+ valid, err := accessTokenUnderTest.Validate()
+
+ assert.Equal(t, false, valid)
+ assert.Equal(t, AccessTokenErrErrorInvalidScope, err.Error)
+ assert.Equal(t, "Malformed scope", *err.ErrorDescription)
+
+ scope = "3gpp#aefId"
+ accessTokenUnderTest.Scope = &scope
+ valid, err = accessTokenUnderTest.Validate()
+ assert.Equal(t, false, valid)
+ assert.Equal(t, AccessTokenErrErrorInvalidScope, err.Error)
+ assert.Equal(t, "Malformed scope", *err.ErrorDescription)
+
+ scope = "3gpp#aefId:path"
+ accessTokenUnderTest.Scope = &scope
+ valid, err = accessTokenUnderTest.Validate()
+ assert.Equal(t, true, valid)
+}