From: Anil S. <ani...@jb...> - 2006-05-30 21:29:36
|
User: asaldhana Date: 06/05/30 17:29:34 Added: src/main/org/jboss/test/security/test/xacml XACMLUnitTestCase.java XACMLUtil.java Log: JBAS-2673: Test Drive the Sun's OSS XACML Implementation. Revision Changes Path 1.1 date: 2006/05/30 21:29:34; author: asaldhana; state: Exp;jbosstest/src/main/org/jboss/test/security/test/xacml/XACMLUnitTestCase.java Index: XACMLUnitTestCase.java =================================================================== /* * JBoss, Home of Professional Open Source * Copyright 2005, JBoss Inc., and individual contributors as indicated * by the @authors tag. See the copyright.txt in the distribution for a * full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ package org.jboss.test.security.test.xacml; import java.io.File; import java.io.FileInputStream; import java.net.URL; import java.util.ArrayList; import org.jboss.test.JBossTestCase; import com.sun.xacml.ConfigurationStore; import com.sun.xacml.PDP; import com.sun.xacml.PDPConfig; import com.sun.xacml.ParsingException; import com.sun.xacml.ctx.RequestCtx; import com.sun.xacml.ctx.ResponseCtx; import com.sun.xacml.ctx.Result; import com.sun.xacml.ctx.Status; //$Id: XACMLUnitTestCase.java,v 1.1 2006/05/30 21:29:34 asaldhana Exp $ /** * Unit Tests for the XACML Integration * @author <a href="mailto:Ani...@jb...">Anil Saldhana</a> * @since May 26, 2006 * @version $Revision: 1.1 $ */ public class XACMLUnitTestCase extends JBossTestCase { /** * There are basic xacml conformance tests in the resources folder(security/xacml) * with the format testX where X is an integer in (firstTest,numberOfTests}. * If you need to run a particular test - make both these variables to be * the number of the test. So to run test6, both firstTest=6 and * numberOfTests=6 */ private int firstTest = 1; private int numberOfTests = 13; //True: Response will be dumped to System.out private boolean debug = false; public XACMLUnitTestCase(String name) { super(name); } public void testPDPConstruction() throws Exception { assertNotNull("PDP != null", getBasicPDP()); } public void testPDPResponse() throws Exception { for(int i=firstTest; i<=numberOfTests;i++) { String[] policyFiles = new String[] {getPolicyFile(i)}; PDP pdp = new PDP(new PDPConfig(XACMLUtil.getAttributeFinder(), XACMLUtil.getPolicyFinder( policyFiles), null)); assertNotNull("PDP != null", pdp); ResponseCtx first = processRequest(pdp,getRequestFile(i)); assertNotNull("Response != null", first); //Print out the response to the System.Out XACMLUtil.logResponseCtxToSystemOut(first, debug); ResponseCtx second = ResponseCtx.getInstance(new FileInputStream(getResponseFile(i))); try { XACMLUtil.assertEquals(first,second); } catch(Exception e) { Exception enew = new Exception("Test#"+i+"::"+e.getMessage()); enew.initCause(e); throw enew; } } } /** * Obtain a very basic PDP * @return * @throws Exception */ private PDP getBasicPDP() throws Exception { String p = "security/xacml/basicConfig.xml"; ClassLoader tcl = Thread.currentThread().getContextClassLoader(); URL url = tcl.getResource(p); File file = new File(url.getPath()); ConfigurationStore store = new ConfigurationStore(file); store.useDefaultFactories(); return new PDP(store.getDefaultPDPConfig()); } /** * Ask the PDP to evaluate the input request file * @param pdp * @param requestFile * @return * @throws Exception */ private ResponseCtx processRequest(PDP pdp, String requestFile) throws Exception { ResponseCtx response = null; try { response = pdp.evaluate(RequestCtx.getInstance(new FileInputStream(requestFile))); } catch(ParsingException pse) { response = getSyntaxErrorResponseCtx(); } return response; } /** * Get the String that represents the temp file * for the Policy 1 * @return */ private String getPolicyFile(int num) throws Exception { String p1 = "security/xacml/test"+num+"/policy.xml"; ClassLoader tcl = Thread.currentThread().getContextClassLoader(); URL url = tcl.getResource(p1); assertNotNull("policy file " + p1 + " null",url); return url.getPath(); } /** * Get the String that represents the file * for the Request File * @return */ private String getRequestFile(int num) throws Exception { String p1 = "security/xacml/test"+num+"/request.xml"; ClassLoader tcl = Thread.currentThread().getContextClassLoader(); URL url = tcl.getResource(p1); assertNotNull("request file " + p1 + " null",url); return url.getPath(); } /** * Get the String that represents the file * for the Request File * @return */ private String getResponseFile(int num) throws Exception { String p1 = "security/xacml/test"+num+"/response.xml"; ClassLoader tcl = Thread.currentThread().getContextClassLoader(); URL url = tcl.getResource(p1); assertNotNull("response file " + p1 + " != null",url); return url.getPath(); } /** * Get the ResponseCtx that represents a Syntax Error * @return */ private ResponseCtx getSyntaxErrorResponseCtx() { ArrayList code = new ArrayList(); code.add(Status.STATUS_SYNTAX_ERROR); Status status = new Status(code); return new ResponseCtx(new Result(Result.DECISION_INDETERMINATE, status)); } } 1.1 date: 2006/05/30 21:29:34; author: asaldhana; state: Exp;jbosstest/src/main/org/jboss/test/security/test/xacml/XACMLUtil.java Index: XACMLUtil.java =================================================================== /* * JBoss, Home of Professional Open Source * Copyright 2005, JBoss Inc., and individual contributors as indicated * by the @authors tag. See the copyright.txt in the distribution for a * full listing of individual contributors. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ package org.jboss.test.security.test.xacml; import java.util.ArrayList; import java.util.Arrays; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; import org.jboss.test.security.test.xacml.modules.JBossStaticPolicyFinderModule; import org.jboss.test.security.test.xacml.modules.TestRoleAttributeFinderModule; import com.sun.xacml.Indenter; import com.sun.xacml.Obligation; import com.sun.xacml.combine.PermitOverridesPolicyAlg; import com.sun.xacml.ctx.Attribute; import com.sun.xacml.ctx.ResponseCtx; import com.sun.xacml.ctx.Result; import com.sun.xacml.ctx.Status; import com.sun.xacml.finder.AttributeFinder; import com.sun.xacml.finder.PolicyFinder; import com.sun.xacml.finder.impl.CurrentEnvModule; import com.sun.xacml.finder.impl.SelectorModule; import com.sun.xacml.support.finder.StaticRefPolicyFinderModule; import com.sun.xacml.support.finder.URLPolicyFinderModule; //$Id: XACMLUtil.java,v 1.1 2006/05/30 21:29:34 asaldhana Exp $ /** * Some Util methods for the XACML Suite of tests * @author <a href="mailto:Ani...@jb...">Anil Saldhana</a> * @since May 30, 2006 * @version $Revision: 1.1 $ */ public class XACMLUtil { //Validate that two PDP responses are the same semantically public static void assertEquals(ResponseCtx first, ResponseCtx second) throws Exception { assertResults(first.getResults(), second.getResults()); } // Validate that two PDP response->results are the same semantically public static void assertResults(Set first, Set second) throws Exception { if (first.size() != second.size()) throw new Exception("Size of results mismatch"); Iterator iter = first.iterator(); // A set allows us to remove matching results individually HashSet set2 = new HashSet(second); // consider each Result in the first Response, and try to find an // equivalent one in the second Response while (iter.hasNext()) { Result result1 = (Result)(iter.next()); Iterator it2 = set2.iterator(); boolean matched = false; // go through the second list, and see if there's a matching Result while (it2.hasNext() && (! matched)) { Result result2 = (Result)(it2.next()); if (result1.getDecision() != result2.getDecision()) throw new Exception("decision in the result do not match"); assertStringMatch(result1.getResource(), result2.getResource()); assertStatus(result1.getStatus(), result2.getStatus()); assertObligations(result1.getObligations(), result2.getObligations()); matched = true; } // When matched, remove the result from the second set if (matched) it2.remove(); else throw new Exception("result mismatch"); } } public static void assertStringMatch(String first, String second) throws Exception { Exception ex = new Exception(first + "!=" + second); if (first == null && second != null) throw ex; if(second != null && first.equals(second) == false) throw ex; } // Validate that two PDP response ->Status are the same semantically public static void assertStatus(Status first, Status second) throws Exception { Exception ex = new Exception(first + "!=" + second); Iterator it1 = first.getCode().iterator(); Iterator it2 = second.getCode().iterator(); // Same code appear in the status? while (it1.hasNext()) { if (! it2.hasNext()) throw ex; String code = (String)(it1.next()); // check that the specific code is the same at each step if (! (code).equals((String)(it2.next()))) throw ex; } // if there's still more in the second list, then they're not equal if (it2.hasNext()) throw ex; } // Validate that two PDP response->Obligations are the same semantically public static void assertObligations(Set first, Set second) throws Exception { if (first.size() != first.size()) throw new Exception("Obligations sets do not match in size"); Iterator it1 = first.iterator(); // Set for the second set of Obligations, so we can // remove the matching Obligation at each step HashSet set2 = new HashSet(second); // For each Obligation in the first set, and try to find an // equivalent one in the second set while (it1.hasNext()) { Obligation o1 = (Obligation)(it1.next()); Iterator it2 = set2.iterator(); boolean matched = false; // go through the second set, and see if there's a matching // Obligation while (it2.hasNext() && (! matched)) { Obligation o2 = (Obligation)(it2.next()); // Match identifier and fulfillOn setting if ((o1.getId().equals(o2.getId())) && (o1.getFulfillOn() == o2.getFulfillOn())) { // Match the assignments List assignments1 = o1.getAssignments(); List assignments2 = o2.getAssignments(); if (assignments1.size() == assignments2.size()) { Iterator ait1 = assignments1.iterator(); Iterator ait2 = assignments2.iterator(); boolean assignmentsMatch = true; while (ait1.hasNext() && assignmentsMatch) { Attribute attr1 = (Attribute)(ait1.next()); Attribute attr2 = (Attribute)(ait2.next()); if ((! attr1.getId().equals(attr2.getId())) || (! attr1.getType().equals(attr2.getType())) || (! attr1.getValue().equals(attr2.getValue()))) assignmentsMatch = false; } matched = assignmentsMatch; } } } // If matched, remove it from the set if (matched) it2.remove(); else throw new Exception("Obligations do not match"); } } /** * Get a prebuilt AttributeFinder * @return */ public static AttributeFinder getAttributeFinder() { //Prefill the attribute finder with the Sun's impl of //environment attribute module and the selector attribute module AttributeFinder attributeFinder = new AttributeFinder(); List attributeModules = new ArrayList(); attributeModules.add(new TestRoleAttributeFinderModule()); attributeModules.add(new CurrentEnvModule()); attributeModules.add(new SelectorModule()); attributeFinder.setModules(attributeModules); return attributeFinder; } /** * Get a Prebuilt PolicyFinder with the passed array of policy files * @param policyFiles * @return * @throws Exception */ public static PolicyFinder getPolicyFinder(String[] policyFiles) throws Exception { List policyFileList = Arrays.asList(policyFiles); PolicyFinder policyFinder = new PolicyFinder(); HashSet policyModules = new HashSet(); policyModules.add(new JBossStaticPolicyFinderModule(PermitOverridesPolicyAlg.algId, policyFileList)); policyModules.add(new StaticRefPolicyFinderModule(policyFileList)); policyModules.add(new URLPolicyFinderModule()); policyFinder.setModules(policyModules); return policyFinder; } /** * Log the PDP response to system out * @param response * @param flag true=response will be displayed false=no */ public static void logResponseCtxToSystemOut(ResponseCtx response, boolean flag) { if(flag) response.encode(System.out, new Indenter()); } } |