Commit 9e157580 authored by cdanger's avatar cdanger

Added non-regression test for issue 25 on OW2 JIRA

parent 10ebbac4
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -169,7 +169,7 @@ public final class IndividualDecisionRequestContext implements EvaluationContext
* putAttributeDesignatorResultIfAbsent() in this case. In any case, we do not support setting a different result for same id (but different datatype URI/datatype class) in the same
* context
*/
LOGGER.error("Attempt to override value of AttributeDesignator {} already set in evaluation context. Overriding value: {}", id, result);
LOGGER.warn("Attempt to override value of AttributeDesignator {} already set in evaluation context. Overriding value: {}", id, result);
return false;
}
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -86,7 +86,7 @@ public final class MatchEvaluator
final FunctionExpression matchFunction = expFactory.getFunction(matchId);
if (matchFunction == null)
{
throw new IllegalArgumentException("Unsupported function for MatchId: " + matchId);
throw new IllegalArgumentException("Unsupported function for MatchId: '" + matchId + "'");
}
// next, get the designator or selector being used, and the attribute
......
/**
* Copyright (C) 2012-2016 Thales Services SAS.
* Copyright (C) 2012-2017 Thales Services SAS.
*
* This file is part of AuthZForce CE.
*
......@@ -48,20 +48,16 @@ import org.slf4j.LoggerFactory;
import org.springframework.util.ResourceUtils;
/**
* PDP test class. There should be a folder for test data of each issue. Each test folder is expected to be in one of
* these two configurations:
* PDP test class. There should be a folder for test data of each issue. Each test folder is expected to be in one of these two configurations:
* <p>
* Configuration 1 for minimal/basic PDP configuration:
* <ul>
* <li>{@value #POLICY_FILENAME}: root policy filename used by the PDP</li>
* <li>{@value #REF_POLICIES_DIR_NAME}: (optional) directory containing files of XACML Policy(Set) that can be referred
* to from root policy {@value #POLICY_FILENAME} via Policy(Set)IdReference; required only if there is any
* Policy(Set)IdReference in {@value #POLICY_FILENAME} to resolve.</li>
* <li>{@value #REQUEST_FILENAME}: (optional) XACML request file sent to the PDP for evaluation. If not present, the
* test is considered as a static policy test, i.e. test for invalid policy detection, such as invalid syntax, circular
* reference, etc.</li>
* <li>{@value #EXPECTED_RESPONSE_FILENAME}: (optional) expected XACML response from the PDP, to be compared with the
* actual response. Required only if {@value #REQUEST_FILENAME} is present.</li>
* <li>{@value #REF_POLICIES_DIR_NAME}: (optional) directory containing files of XACML Policy(Set) that can be referred to from root policy {@value #POLICY_FILENAME} via Policy(Set)IdReference;
* required only if there is any Policy(Set)IdReference in {@value #POLICY_FILENAME} to resolve.</li>
* <li>{@value #REQUEST_FILENAME}: (optional) XACML request file sent to the PDP for evaluation. If not present, the test is considered as a static policy test, i.e. test for invalid policy detection,
* such as invalid syntax, circular reference, etc.</li>
* <li>{@value #EXPECTED_RESPONSE_FILENAME}: (optional) expected XACML response from the PDP, to be compared with the actual response. Required only if {@value #REQUEST_FILENAME} is present.</li>
* </ul>
* </p>
* <p>
......@@ -69,14 +65,11 @@ import org.springframework.util.ResourceUtils;
* <ul>
* <li>{@value #PDP_CONF_FILENAME}: PDP configuration file</li>
* <li>{@value #PDP_EXTENSION_XSD}: (optional) PDP extensions schema, required iff custom PDP extensions are required</li>
* <li>{@value #REQUEST_FILENAME}: (optional) XACML request file sent to the PDP for evaluation. If not present, the
* test is considered as a static policy test, i.e. test for invalid policy detection, such as invalid syntax, circular
* reference, etc.</li>
* <li>{@value #EXPECTED_RESPONSE_FILENAME}: (optional) expected XACML response from the PDP, to be compared with the
* actual response. Required only if {@value #REQUEST_FILENAME} is present.</li>
* <li>{@value #REF_POLICIES_DIR_NAME}: (optional) directory containing files of XACML Policy(Set) that can be referred
* to from root policy {@value #POLICY_FILENAME} via Policy(Set)IdReference; required only if there is any
* Policy(Set)IdReference in {@value #POLICY_FILENAME} to resolve.</li>
* <li>{@value #REQUEST_FILENAME}: (optional) XACML request file sent to the PDP for evaluation. If not present, the test is considered as a static policy test, i.e. test for invalid policy detection,
* such as invalid syntax, circular reference, etc.</li>
* <li>{@value #EXPECTED_RESPONSE_FILENAME}: (optional) expected XACML response from the PDP, to be compared with the actual response. Required only if {@value #REQUEST_FILENAME} is present.</li>
* <li>{@value #REF_POLICIES_DIR_NAME}: (optional) directory containing files of XACML Policy(Set) that can be referred to from root policy {@value #POLICY_FILENAME} via Policy(Set)IdReference;
* required only if there is any Policy(Set)IdReference in {@value #POLICY_FILENAME} to resolve.</li>
* <li>Policy files matching locations defined in {@value #PDP_CONF_FILENAME}.</li>
* </ul>
* </p>
......@@ -96,14 +89,12 @@ public abstract class PdpTest
public final static String PDP_EXTENSION_XSD = "pdp-ext.xsd";
/**
* XACML policy filename used by default when no PDP configuration file found, i.e. no file named
* {@value #PDP_CONF_FILENAME} exists in the test directory
* XACML policy filename used by default when no PDP configuration file found, i.e. no file named {@value #PDP_CONF_FILENAME} exists in the test directory
*/
public final static String POLICY_FILENAME = "policy.xml";
/**
* Name of directory containing files of XACML Policy(Set) that can be referred to from root policy
* {@value #POLICY_FILENAME} via Policy(Set)IdReference
* Name of directory containing files of XACML Policy(Set) that can be referred to from root policy {@value #POLICY_FILENAME} via Policy(Set)IdReference
*/
public final static String REF_POLICIES_DIR_NAME = "refPolicies";
......@@ -136,7 +127,7 @@ public abstract class PdpTest
* @param testDir
* directory where test data are located
*/
public PdpTest(String testDir)
public PdpTest(final String testDir)
{
this.testDirPath = testDir;
}
......@@ -145,25 +136,23 @@ public abstract class PdpTest
* Initialize test parameters for each test. To be called by method with Parameters annotation in subclasses.
*
* @param testResourcesRootDirectory
* Spring-resolvable location (e.g. classpath:...) of root directory that contains test resources for
* each test
* Spring-resolvable location (e.g. classpath:...) of root directory that contains test resources for each test
*
* @return collection of test dataset
* @throws URISyntaxException
* @throws IOException
*/
public static Collection<Object[]> params(String testResourcesRootDirectory) throws URISyntaxException, IOException
public static Collection<Object[]> params(final String testResourcesRootDirectory) throws URISyntaxException, IOException
{
final Collection<Object[]> testParams = new ArrayList<>();
/*
* Each sub-directory of the root directory is data for a specific test. So we configure a test for each
* directory
* Each sub-directory of the root directory is data for a specific test. So we configure a test for each directory
*/
final URL testRootDir = ResourceUtils.getURL(testResourcesRootDirectory);
final Path testRootPath = Paths.get(testRootDir.toURI());
try (DirectoryStream<Path> stream = Files.newDirectoryStream(testRootPath))
{
for (Path path : stream)
for (final Path path : stream)
{
if (Files.isDirectory(path))
{
......@@ -178,7 +167,8 @@ public abstract class PdpTest
testParams.add(new Object[] { testResourcesRootDirectory + "/" + lastPathElement.toString() });
}
}
} catch (DirectoryIteratorException ex)
}
catch (final DirectoryIteratorException ex)
{
// I/O error encounted during the iteration, the cause is an IOException
throw ex.getCause();
......@@ -196,18 +186,17 @@ public abstract class PdpTest
// Parse request
Request request = null;
// if no Request file, it is just a static policy syntax error check
String reqFilepath = testResourceLocationPrefix + REQUEST_FILENAME;
NamespaceFilteringParser unmarshaller = XACML_PARSER_FACTORY.getInstance();
final String reqFilepath = testResourceLocationPrefix + REQUEST_FILENAME;
final NamespaceFilteringParser unmarshaller = XACML_PARSER_FACTORY.getInstance();
try
{
request = TestUtils.createRequest(reqFilepath, unmarshaller);
LOGGER.debug("XACML Request sent to the PDP: {}", request);
} catch (FileNotFoundException notFoundErr)
}
catch (final FileNotFoundException notFoundErr)
{
// do nothing except logging -> request = null
LOGGER.debug(
"Request file '{}' does not exist -> Static policy syntax error check (Request/Response ignored)",
reqFilepath);
LOGGER.debug("Request file '{}' does not exist -> Static policy syntax error check (Request/Response ignored)", reqFilepath);
}
// Create PDP
......@@ -217,11 +206,10 @@ public abstract class PdpTest
try
{
pdpConfFile = ResourceUtils.getFile(pdpConfLocation);
} catch (FileNotFoundException e)
}
catch (final FileNotFoundException e)
{
LOGGER.debug(
"No PDP configuration file found at location: '{}'. Using minimal PDP instead (returned by TestUtils.getPDPNewInstance(policy) ).",
pdpConfLocation);
LOGGER.debug("No PDP configuration file found at location: '{}'. Using minimal PDP instead (returned by TestUtils.getPDPNewInstance(policy) ).", pdpConfLocation);
}
try
......@@ -229,13 +217,12 @@ public abstract class PdpTest
if (pdpConfFile == null)
{
/*
* PDP configuration filename NOT found in test directory -> create minimal PDP using
* TestUtils.getPDPNewInstance(policy)
* PDP configuration filename NOT found in test directory -> create minimal PDP using TestUtils.getPDPNewInstance(policy)
*/
pdp = TestUtils.getPDPNewInstance(testResourceLocationPrefix + POLICY_FILENAME,
testResourceLocationPrefix + REF_POLICIES_DIR_NAME, false, null, null);
pdp = TestUtils.getPDPNewInstance(testResourceLocationPrefix + POLICY_FILENAME, testResourceLocationPrefix + REF_POLICIES_DIR_NAME, false, null, null);
} else
}
else
{
// PDP configuration filename found in test directory -> create PDP from it
final String pdpExtXsdLocation = testResourceLocationPrefix + PDP_EXTENSION_XSD;
......@@ -243,40 +230,37 @@ public abstract class PdpTest
try
{
pdpExtXsdFile = ResourceUtils.getFile(pdpExtXsdLocation);
} catch (FileNotFoundException e)
}
catch (final FileNotFoundException e)
{
LOGGER.debug(
"No PDP extension configuration file '{}' found -> JAXB-bound PDP extensions not allowed.",
pdpExtXsdLocation);
LOGGER.debug("No PDP extension configuration file '{}' found -> JAXB-bound PDP extensions not allowed.", pdpExtXsdLocation);
}
try
{
/*
* Load the PDP configuration from the configuration, and optionally, the PDP extension XSD if this
* file exists, and the XML catalog required to resolve these extension XSDs
* Load the PDP configuration from the configuration, and optionally, the PDP extension XSD if this file exists, and the XML catalog required to resolve these extension XSDs
*/
pdp = pdpExtXsdFile == null ? PdpConfigurationParser.getPDP(pdpConfLocation)
: PdpConfigurationParser.getPDP(pdpConfFile, XML_CATALOG_LOCATION, pdpExtXsdLocation);
} catch (IOException e)
pdp = pdpExtXsdFile == null ? PdpConfigurationParser.getPDP(pdpConfLocation) : PdpConfigurationParser.getPDP(pdpConfFile, XML_CATALOG_LOCATION, pdpExtXsdLocation);
}
catch (final IOException e)
{
throw new RuntimeException("Error parsing PDP configuration from file '" + pdpConfLocation
+ "' with extension XSD '" + pdpExtXsdLocation + "' and XML catalog file '"
throw new RuntimeException("Error parsing PDP configuration from file '" + pdpConfLocation + "' with extension XSD '" + pdpExtXsdLocation + "' and XML catalog file '"
+ XML_CATALOG_LOCATION + "'", e);
}
}
if (request == null)
{
// this is a policy syntax error check and we didn't found the syntax error as
// expected
Assert.fail("Failed to find syntax error as expected in policy(ies) located in directory: "
+ testDirPath);
} else
/*
* This is a policy syntax error check and we didn't found the syntax error as expected
*/
Assert.fail("Failed to find syntax error as expected in policy(ies) located in directory: " + testDirPath);
}
else
{
// Parse expected response
final Response expectedResponse = TestUtils.createResponse(testResourceLocationPrefix
+ EXPECTED_RESPONSE_FILENAME, unmarshaller);
final Response expectedResponse = TestUtils.createResponse(testResourceLocationPrefix + EXPECTED_RESPONSE_FILENAME, unmarshaller);
final Response response = pdp.evaluate(request, null);
if (LOGGER.isDebugEnabled())
......@@ -286,20 +270,22 @@ public abstract class PdpTest
TestUtils.assertNormalizedEquals(testResourceLocationPrefix, expectedResponse, response);
LOGGER.debug("Finished PDP test of directory '{}'", testDirPath);
}
} catch (IllegalArgumentException e)
}
catch (final IllegalArgumentException e)
{
// we found syntax error in policy
if (request == null)
{
// this is a policy syntax error check and we found the syntax error as
// expected -> success
LOGGER.debug("Successfully found syntax error as expected in policy(ies) located in directory: {}",
testDirPath, e);
} else
LOGGER.debug("Successfully found syntax error as expected in policy(ies) located in directory: {}", testDirPath, e);
}
else
{
throw e;
}
} finally
}
finally
{
if (pdp != null)
{
......
PDP initialization must fail with IllegalArgumentException when using unknown/unsupported Function as Match function
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0" version="5.0.0">
<rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/policy.xml" />
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
PolicySetId="root" Version="1.0"
PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides">
<Target />
<Policy PolicyId="P1" Version="1.0"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides">
<Target />
<Rule RuleId="R1" Effect="Permit">
<Description>Rule using unknown Function as Match function: urn:oasis:names:tc:xacml:2.0:function:string-equal instead of urn:oasis:names:tc:xacml:1.0:function:string-equal</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:2.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">a</AttributeValue>
<AttributeDesignator
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment"
AttributeId="arg1" DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="true" />
</Match>
</AllOf>
</AnyOf>
</Target>
</Rule>
</Policy>
</PolicySet>
\ No newline at end of file
PDP initialization must fail with IllegalArgumentException when using unknown/unsupported Function as Apply function
<?xml version="1.0" encoding="UTF-8"?>
<!-- Testing parameter 'maxPolicySetRefDepth' -->
<pdp xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://authzforce.github.io/core/xmlns/pdp/5.0" version="5.0.0">
<rootPolicyProvider id="rootPolicyProvider" xsi:type="StaticRootPolicyProvider" policyLocation="${PARENT_DIR}/policy.xml" />
</pdp>
<?xml version="1.0" encoding="UTF-8"?>
<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="root" Version="1.0" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:ordered-permit-overrides">
<Target />
<Policy PolicyId="P1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:ordered-permit-overrides">
<Target />
<Rule RuleId="R1" Effect="Permit">
<Description>ule using unknown Function as Match function: urn:oasis:names:tc:xacml:2.0:function:string-equal instead of urn:oasis:names:tc:xacml:1.0:function:string-equal</Description>
<Target />
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">a</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="arg1" DataType="http://www.w3.org/2001/XMLSchema#string"
MustBePresent="true" />
</Apply>
</Condition>
</Rule>
</Policy>
</PolicySet>
\ No newline at end of file
......@@ -3,8 +3,10 @@ This is the directory for all non-regression tests, where each subdirectory corr
- `pdp.xml` (required) : PDP configuration file
- `pdp-ext.xsd` (optional): XSD for loading PDP extensions such as the TestAttributeFinder, required only if such extensions are used in the PDP configuration file
- `policy.xml` (required): XACML Policy(Set) file
- `request.xml` (required): XACML Request
- `response.xml` (required): expected response for the test to succeed
- `request.xml` (optional): XACML Request, absent if the test is only a PDP initialization test (e.g. policy validation)
- `response.xml` (optional): expected XACML Response for the above Request, absent if the test is only PDP initialization test (e.g. policy validation)
- `README.md` (required): title and description of the test, mostly taken from the issue description and comments in the issue management system where the bug was reported.
If the test is a PDP intialization test only, typically a policy syntax validation, we expected an IllegalArgumentException as a result of the test.
If you implement or use a new PDP extension for testing, make sure there have a matching 'system' entry for the resolving the extension XSD location in the XML catalog file `src/test/resources/catalog.xml`, like the one for the TestAttributeFinder XSD.
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment