summaryrefslogtreecommitdiff
path: root/bkucommon/src/test
diff options
context:
space:
mode:
Diffstat (limited to 'bkucommon/src/test')
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java17
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java87
-rw-r--r--bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml78
3 files changed, 182 insertions, 0 deletions
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java
new file mode 100644
index 00000000..b53db264
--- /dev/null
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/ConfigTest.java
@@ -0,0 +1,17 @@
+package at.gv.egiz.bku.accesscontroller;
+
+import javax.xml.bind.JAXBException;
+
+import org.junit.Test;
+
+public class ConfigTest {
+
+ public final static String RESOURCE = "at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml";
+
+ @Test
+ public void testUnmarshall() throws JAXBException {
+ AccessControllerFactory.getInstance().init(
+ getClass().getClassLoader().getResourceAsStream(RESOURCE));
+ }
+
+}
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java
new file mode 100644
index 00000000..88f1490c
--- /dev/null
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/accesscontroller/RuleCheckerTest.java
@@ -0,0 +1,87 @@
+package at.gv.egiz.bku.accesscontroller;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import at.gv.egiz.bku.accesscontroller.RuleChecker.PEER_TYPE;
+import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl;
+import at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl;
+import static org.junit.Assert.*;
+
+public class RuleCheckerTest {
+
+ protected RuleChecker onlyAuthChecker;
+ protected RuleChecker onlyCmdChecker;
+ protected RuleChecker onlyPeerChecker;
+
+ @Before
+ public void setUp() {
+ onlyAuthChecker = new RuleChecker("OnlyAuthChecker");
+ onlyAuthChecker.setAction("allow");
+ onlyAuthChecker.setUserAction("none");
+ onlyAuthChecker.setAuthenticationClass("pseudoanonymous");
+ onlyCmdChecker = new RuleChecker("OnlyCmdChecker");
+ onlyCmdChecker.setAction("allow");
+ onlyCmdChecker.setCommandName("InfoboxReadRequest");
+ onlyPeerChecker = new RuleChecker("OnlyPeerChecker");
+ onlyPeerChecker.setAction("allow");
+ onlyPeerChecker.setPeerId("https://129.27.142..*", PEER_TYPE.URL);
+ }
+
+ @Test
+ public void testAuthClass() {
+ AccessCheckerContext ctx = new AccessCheckerContext(null,
+ AuthenticationClass.ANONYMOUS, null);
+ RuleResult rr = onlyAuthChecker.check(ctx);
+ assertFalse(rr.matchFound());
+ ctx = new AccessCheckerContext(null, AuthenticationClass.PSEUDO_ANONYMOUS,
+ null);
+ rr = onlyAuthChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ ctx = new AccessCheckerContext(null, AuthenticationClass.CERTIFIED, null);
+ rr = onlyAuthChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ }
+
+ @Test
+ public void testCmd() {
+ AccessCheckerContext ctx = new AccessCheckerContext(
+ new InfoboxReadCommandImpl(), null, null);
+ RuleResult rr = onlyCmdChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ onlyCmdChecker.setCommandName("Info.*");
+ rr = onlyCmdChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ ctx = new AccessCheckerContext(new NullOperationCommandImpl(), null, null);
+ rr = onlyCmdChecker.check(ctx);
+ assertFalse(rr.matchFound());
+ onlyCmdChecker.setCommandName(".*");
+ rr = onlyCmdChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ }
+
+ @Test
+ public void testPeerId() {
+ AccessCheckerContext ctx = new AccessCheckerContext(null, null,
+ "https://129.27.142.20:80/index.html");
+ RuleResult rr = onlyPeerChecker.check(ctx);
+ assertTrue(rr.matchFound());
+
+ ctx = new AccessCheckerContext(null, null,
+ "https://129.27.14.20:80/index.html");
+ rr = onlyPeerChecker.check(ctx);
+ assertFalse(rr.matchFound());
+
+ onlyPeerChecker.setPeerId(".*.iaik..*", PEER_TYPE.HOST);
+ ctx = new AccessCheckerContext(null, null,
+ "https://129.27.142.20:80/index.html");
+ rr = onlyPeerChecker.check(ctx);
+ assertTrue(rr.matchFound());
+
+ onlyPeerChecker.setPeerId("129.27.142..*", PEER_TYPE.IP);
+ ctx = new AccessCheckerContext(null, null, "https://www.iaik.tugraz.at:80/");
+ rr = onlyPeerChecker.check(ctx);
+ assertTrue(rr.matchFound());
+ }
+
+}
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml
new file mode 100644
index 00000000..2455d68d
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<AccessControl>
+ <Chains>
+ <Chain Id="Identification">
+ <Rules>
+ <Rule Id="rule-1">
+ <AuthClass>certifiedGovAgency</AuthClass>
+ <AnyPeer />
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="rule-2">
+ <AuthClass>pseudoanonymous</AuthClass>
+ <AnyPeer />
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ <Rule Id="rule-3">
+ <AuthClass>anonymous</AuthClass>
+ <IPv4Address>127.0.0.1</IPv4Address>
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ <Rule Id="rule-4">
+ <AuthClass>anonymous</AuthClass>
+ <DomainName>*.gv.at</DomainName>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+ <Chain Id="Command">
+ <Rules>
+ <Rule Id="cmd-rule-1">
+ <AuthClass>certified</AuthClass>
+ <AnyPeer />
+ <Command Name="Infobox*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">*</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-2">
+ <AuthClass>certified</AuthClass>
+ <URL>https://finanzonline.bmf.gv.at/*</URL>
+ <Command Name="InfoboxReadRequest">
+ <Param Name="InfoboxIdentifier">Mandates</Param>
+ <Param Name="PersonIdentifier">*</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>info</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-3">
+ <AuthClass>certified</AuthClass>
+ <AnyPeer />
+ <Command Name="InfoboxReadRequest" />
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>none</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+ </Chains>
+</AccessControl>