diff options
Diffstat (limited to 'bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller')
3 files changed, 219 insertions, 0 deletions
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java new file mode 100644 index 00000000..c339704e --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/AuthenticationClassifierTest.java @@ -0,0 +1,28 @@ +package at.gv.egiz.bku.accesscontroller;
+
+import static org.junit.Assert.assertTrue;
+
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.junit.Before;
+import org.junit.Test;
+
+public class AuthenticationClassifierTest {
+
+ private X509Certificate atrust;
+
+ @Before
+ public void setUp() throws Exception {
+ atrust = (X509Certificate) CertificateFactory.getInstance("X509")
+ .generateCertificate(
+ getClass().getClassLoader().getResourceAsStream(
+ "at/gv/egiz/bku/accesscontroller/www.a-trust.at.crt"));
+ }
+
+ @Test
+ public void testATrust() {
+ assertTrue(AuthenticationClassifier.isGovAgency(atrust));
+ }
+
+}
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java new file mode 100644 index 00000000..bce3cdd9 --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java @@ -0,0 +1,104 @@ +package at.gv.egiz.bku.accesscontroller;
+
+import javax.xml.bind.JAXBException;
+
+import org.junit.Test;
+
+import at.gv.egiz.bku.slcommands.InfoboxReadCommand;
+import at.gv.egiz.bku.slcommands.SLCommandContext;
+import at.gv.egiz.bku.slcommands.SLResult;
+import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl;
+import at.gv.egiz.bku.slexceptions.SLCommandException;
+import at.gv.egiz.bku.slexceptions.SLException;
+import static org.junit.Assert.*;
+
+public class ConfigTest {
+
+ public final static String RESOURCE1 = "at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml";
+ public final static String RESOURCE2 = "at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml";
+
+ static class MyInfoBox implements InfoboxReadCommand {
+ private String domainId;
+ private String boxId;
+ private String name;
+
+ public MyInfoBox(String identifier, String domainId) {
+ this.boxId = identifier;
+ this.domainId = domainId;
+ }
+
+ @Override
+ public String getIdentityLinkDomainId() {
+ return domainId;
+ }
+
+ @Override
+ public String getInfoboxIdentifier() {
+ return boxId;
+ }
+
+ @Override
+ public SLResult execute() {
+ return null;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return "InfoboxReadRequest";
+ }
+
+ @Override
+ public void init(SLCommandContext ctx, Object unmarshalledRequest)
+ throws SLCommandException {
+ }
+ }
+
+ @Test
+ public void testUnmarshall() throws JAXBException {
+ AccessControllerFactory.getInstance().init(
+ getClass().getClassLoader().getResourceAsStream(RESOURCE1));
+ }
+
+ @Test
+ public void testBasicFunction() throws JAXBException, SLException {
+ AccessControllerFactory.getInstance().init(
+ getClass().getClassLoader().getResourceAsStream(RESOURCE2));
+ ChainChecker cc = AccessControllerFactory.getInstance().getChainChecker(
+ "InputFilter");
+ assertNotNull(cc);
+
+ AccessCheckerContext ctx = new AccessCheckerContext(null,
+ AuthenticationClass.ANONYMOUS, null);
+ ChainResult cr = cc.check(ctx);
+ assertFalse(cr.matchFound());
+
+ ctx = new AccessCheckerContext(new MyInfoBox("IdentityLink", "hansi"),
+ AuthenticationClass.CERTIFIED, null);
+ cr = cc.check(ctx);
+ assertTrue(cr.matchFound());
+
+ ctx = new AccessCheckerContext(new MyInfoBox("Something", "hansi"),
+ AuthenticationClass.CERTIFIED, null);
+ cr = cc.check(ctx);
+ assertFalse(cr.matchFound());
+
+ MyInfoBox mib = new MyInfoBox("IdentityLink", "seppl");
+ mib.setName("ReadInfoboxSchickSchnack");
+ ctx = new AccessCheckerContext(mib, AuthenticationClass.CERTIFIED, null);
+ cr = cc.check(ctx);
+ assertTrue(cr.matchFound());
+ assertTrue(cr.getAction()==Action.ALLOW);
+
+ mib = new MyInfoBox("IdentityLink", null);
+ mib.setName("ReadInfoboxSchickSchnack");
+ ctx = new AccessCheckerContext(mib, AuthenticationClass.CERTIFIED, null);
+ cr = cc.check(ctx);
+ assertTrue(cr.matchFound());
+ assertTrue(cr.getAction()==Action.DENY);
+ }
+
+}
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java new file mode 100644 index 00000000..88f1490c --- /dev/null +++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java @@ -0,0 +1,87 @@ +package at.gv.egiz.bku.accesscontroller;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import at.gv.egiz.bku.accesscontroller.RuleChecker.PEER_TYPE;
+import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl;
+import at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl;
+import static org.junit.Assert.*;
+
+public class RuleCheckerTest {
+
+ protected RuleChecker onlyAuthChecker;
+ protected RuleChecker onlyCmdChecker;
+ protected RuleChecker onlyPeerChecker;
+
+ @Before
+ public void setUp() {
+ onlyAuthChecker = new RuleChecker("OnlyAuthChecker");
+ onlyAuthChecker.setAction("allow");
+ onlyAuthChecker.setUserAction("none");
+ onlyAuthChecker.setAuthenticationClass("pseudoanonymous");
+ onlyCmdChecker = new RuleChecker("OnlyCmdChecker");
+ onlyCmdChecker.setAction("allow");
+ onlyCmdChecker.setCommandName("InfoboxReadRequest");
+ onlyPeerChecker = new RuleChecker("OnlyPeerChecker");
+ onlyPeerChecker.setAction("allow");
+ onlyPeerChecker.setPeerId("https://129.27.142..*", PEER_TYPE.URL);
+ }
+
+ @Test
+ public void testAuthClass() {
+ AccessCheckerContext ctx = new AccessCheckerContext(null,
+ AuthenticationClass.ANONYMOUS, null);
+ RuleResult rr = onlyAuthChecker.check(ctx);
+ assertFalse(rr.matchFound());
+ ctx = new AccessCheckerContext(null, AuthenticationClass.PSEUDO_ANONYMOUS,
+ null);
+ rr = onlyAuthChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ ctx = new AccessCheckerContext(null, AuthenticationClass.CERTIFIED, null);
+ rr = onlyAuthChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ }
+
+ @Test
+ public void testCmd() {
+ AccessCheckerContext ctx = new AccessCheckerContext(
+ new InfoboxReadCommandImpl(), null, null);
+ RuleResult rr = onlyCmdChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ onlyCmdChecker.setCommandName("Info.*");
+ rr = onlyCmdChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ ctx = new AccessCheckerContext(new NullOperationCommandImpl(), null, null);
+ rr = onlyCmdChecker.check(ctx);
+ assertFalse(rr.matchFound());
+ onlyCmdChecker.setCommandName(".*");
+ rr = onlyCmdChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ }
+
+ @Test
+ public void testPeerId() {
+ AccessCheckerContext ctx = new AccessCheckerContext(null, null,
+ "https://129.27.142.20:80/index.html");
+ RuleResult rr = onlyPeerChecker.check(ctx);
+ assertTrue(rr.matchFound());
+
+ ctx = new AccessCheckerContext(null, null,
+ "https://129.27.14.20:80/index.html");
+ rr = onlyPeerChecker.check(ctx);
+ assertFalse(rr.matchFound());
+
+ onlyPeerChecker.setPeerId(".*.iaik..*", PEER_TYPE.HOST);
+ ctx = new AccessCheckerContext(null, null,
+ "https://129.27.142.20:80/index.html");
+ rr = onlyPeerChecker.check(ctx);
+ assertTrue(rr.matchFound());
+
+ onlyPeerChecker.setPeerId("129.27.142..*", PEER_TYPE.IP);
+ ctx = new AccessCheckerContext(null, null, "https://www.iaik.tugraz.at:80/");
+ rr = onlyPeerChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ }
+
+}
|