Search in sources :

Example 16 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class DatawavePrincipalLoginModuleTest method testGetRoleSetsLeavesRequiredRoles.

@Test
public void testGetRoleSetsLeavesRequiredRoles() throws Exception {
    // Proxied entities has the original user DN, plus it came through a server and
    // the request is being made by a second server. Make sure that the resulting
    // principal has all 3 server DNs in its list, and the user DN is not one of the
    // server DNs.
    String issuerDN = DnUtils.normalizeDN(testServerCert.getIssuerDN().getName());
    String serverDN = DnUtils.normalizeDN("CN=testServer.example.com, OU=iamnotaperson, OU=acme");
    SubjectIssuerDNPair server1 = SubjectIssuerDNPair.of(serverDN, issuerDN);
    String otherServerDN = DnUtils.normalizeDN("CN=otherServer.example.com, OU=iamnotaperson, OU=acme");
    SubjectIssuerDNPair server2 = SubjectIssuerDNPair.of(otherServerDN, issuerDN);
    String proxiedSubjects = "<" + serverDN + "><" + otherServerDN + "><" + userDN.subjectDN() + ">";
    String proxiedIssuers = "<" + issuerDN + "><" + issuerDN + "><" + userDN.issuerDN() + ">";
    DatawaveCredential datawaveCredential = new DatawaveCredential(testServerCert, proxiedSubjects, proxiedIssuers);
    callbackHandler.name = datawaveCredential.getUserName();
    callbackHandler.credential = datawaveCredential;
    List<String> userRoles = Arrays.asList("Role1", "AuthorizedUser");
    List<String> s1Roles = Arrays.asList("Role2", "AuthorizedServer");
    List<String> s2Roles = Arrays.asList("Role3", "OtherRequiredRole");
    DatawaveUser user = new DatawaveUser(userDN, UserType.USER, null, userRoles, null, System.currentTimeMillis());
    DatawaveUser s1 = new DatawaveUser(server1, UserType.SERVER, null, s1Roles, null, System.currentTimeMillis());
    DatawaveUser s2 = new DatawaveUser(server2, UserType.SERVER, null, s2Roles, null, System.currentTimeMillis());
    DatawavePrincipal expected = new DatawavePrincipal(Lists.newArrayList(user, s1, s2));
    expect(securityDomain.getKeyStore()).andReturn(serverKeystore);
    expect(securityDomain.getTrustStore()).andReturn(truststore);
    expect(datawaveUserService.lookup(datawaveCredential.getEntities())).andReturn(expected.getProxiedUsers());
    replayAll();
    boolean success = datawaveLoginModule.login();
    assertTrue("Login did not succeed.", success);
    assertEquals(userDN, expected.getUserDN());
    Group[] roleSets = datawaveLoginModule.getRoleSets();
    assertEquals(2, roleSets.length);
    assertEquals("Roles", roleSets[0].getName());
    List<String> groupSetRoles = Collections.list(roleSets[0].members()).stream().map(Principal::getName).collect(Collectors.toList());
    assertEquals(Lists.newArrayList("Role1", "AuthorizedUser"), groupSetRoles);
    verifyAll();
}
Also used : SimpleGroup(org.jboss.security.SimpleGroup) Group(java.security.acl.Group) DatawaveCredential(datawave.security.auth.DatawaveCredential) SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) DatawaveUser(datawave.security.authorization.DatawaveUser) DatawavePrincipal(datawave.security.authorization.DatawavePrincipal) Test(org.junit.Test)

Example 17 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_ButNoResults.

@SuppressWarnings({ "rawtypes", "unchecked" })
@Test(expected = NoResultsException.class)
public void testCreateQueryAndNext_ButNoResults() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userdn";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    long pageNumber = 0L;
    HashMap<String, Collection<String>> authsMap = new HashMap<>();
    authsMap.put("userdn", Arrays.asList(queryAuthorizations));
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations of the create logic
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
    expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
    expect(this.context.getCallerPrincipal()).andReturn(this.principal);
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.NONE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(this.principal.getPrimaryUser()).andReturn(dwUser);
    expect(this.dwUser.getAuths()).andReturn(Collections.singleton(queryAuthorizations));
    expect(this.principal.getProxiedUsers()).andReturn(Collections.singletonList(dwUser));
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.NONE);
    expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
    expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
    expect(this.traceInfos.get(userSid)).andReturn(new ArrayList<>(0));
    expect(this.traceInfos.get(null)).andReturn(Arrays.asList(PatternWrapper.wrap("NONMATCHING_REGEX")));
    expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andReturn(true);
    expect(this.queryLogic1.getCollectQueryMetrics()).andReturn(true);
    expect(this.query.getOwner()).andReturn(userSid).anyTimes();
    expect(this.query.getId()).andReturn(queryId).anyTimes();
    expect(this.query.getQuery()).andReturn(queryName).anyTimes();
    expect(this.query.getQueryLogicName()).andReturn(queryLogicName).anyTimes();
    expect(this.query.getBeginDate()).andReturn(null).anyTimes();
    expect(this.query.getEndDate()).andReturn(null).anyTimes();
    expect(this.query.getQueryAuthorizations()).andReturn(queryAuthorizations).anyTimes();
    expect(this.query.getQueryName()).andReturn(null).anyTimes();
    expect(this.query.getColumnVisibility()).andReturn(null).anyTimes();
    expect(this.query.getPagesize()).andReturn(0).anyTimes();
    expect(this.query.getPageTimeout()).andReturn(-1).anyTimes();
    expect(this.query.getExpirationDate()).andReturn(null).anyTimes();
    expect(this.query.getParameters()).andReturn((Set) Collections.emptySet()).anyTimes();
    expect(this.query.getUncaughtExceptionHandler()).andReturn(new QueryUncaughtExceptionHandler()).anyTimes();
    this.metrics.updateMetric(isA(QueryMetric.class));
    PowerMock.expectLastCall().times(2);
    expect(this.query.getUserDN()).andReturn(userDN).anyTimes();
    expect(this.query.getDnList()).andReturn(dnList).anyTimes();
    expect(this.queryLogic1.getResultLimit(dnList)).andReturn(-1L);
    expect(this.queryLogic1.getMaxResults()).andReturn(-1L);
    expect(this.queryLogic1.initialize(eq(this.connector), eq(this.query), isA(Set.class))).andReturn(this.genericConfiguration);
    this.queryLogic1.setupQuery(this.genericConfiguration);
    expect(this.queryLogic1.getTransformIterator(this.query)).andReturn(this.transformIterator);
    expect(this.genericConfiguration.getQueryString()).andReturn(queryName).once();
    this.cache.put(eq(queryId.toString()), isA(RunningQuery.class));
    expect(this.qlCache.poll(queryId.toString())).andReturn(null);
    // Set expectations of the next logic
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.context.getUserTransaction()).andReturn(this.transaction).anyTimes();
    this.transaction.begin();
    expect(this.cache.get(queryId.toString())).andReturn(this.runningQuery);
    expect(cache.lock(queryId.toString())).andReturn(true);
    expect(this.runningQuery.getSettings()).andReturn(this.query).anyTimes();
    this.connectionRequestBean.requestBegin(queryId.toString());
    expect(this.runningQuery.getConnection()).andReturn(this.connector);
    this.connectionRequestBean.requestEnd(queryId.toString());
    this.runningQuery.setActiveCall(true);
    expectLastCall();
    expect(this.runningQuery.getTraceInfo()).andReturn(this.traceInfo);
    expect(this.runningQuery.next()).andReturn(this.resultsPage);
    expect(this.runningQuery.getLastPageNumber()).andReturn(pageNumber);
    expect(this.runningQuery.getLogic()).andReturn((QueryLogic) this.queryLogic1).times(2);
    expect(this.queryLogic1.getTransformer(this.query)).andReturn(this.transformer);
    expect(this.transformer.createResponse(this.resultsPage)).andReturn(this.baseResponse);
    expect(this.resultsPage.getResults()).andReturn(new ArrayList<>(0)).times(2);
    this.baseResponse.setHasResults(false);
    this.baseResponse.setPageNumber(pageNumber);
    expect(this.queryLogic1.getLogicName()).andReturn(queryLogicName);
    this.baseResponse.setLogicName(queryLogicName);
    this.baseResponse.setQueryId(queryId.toString());
    expect(this.runningQuery.getMetric()).andReturn(this.queryMetric).times(2);
    this.runningQuery.setActiveCall(false);
    expectLastCall();
    this.queryMetric.setProxyServers(eq(new ArrayList<>(0)));
    this.baseResponse.addException(isA(NoResultsQueryException.class));
    expect(this.runningQuery.getLogic()).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getCollectQueryMetrics()).andReturn(true);
    this.metrics.updateMetric(this.queryMetric);
    cache.unlock(queryId.toString());
    this.transaction.setRollbackOnly();
    expect(this.transaction.getStatus()).andReturn(Status.STATUS_ACTIVE).anyTimes();
    this.transaction.commit();
    // Set expectations
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid).times(2);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(this.connectionRequestBean.cancelConnectionRequest(queryId.toString(), this.principal)).andReturn(false);
    expect(this.qlCache.pollIfOwnedBy(queryId.toString(), userSid)).andReturn(null);
    expect(this.cache.get(queryId.toString())).andReturn(this.runningQuery);
    expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
    this.runningQuery.closeConnection(this.connectionFactory);
    this.cache.remove(queryId.toString());
    this.closedCache.add(queryId.toString());
    this.closedCache.remove(queryId.toString());
    expect(this.runningQuery.getTraceInfo()).andReturn(null);
    expect(this.responseObjectFactory.getEventQueryResponse()).andReturn(new DefaultEventQueryResponse());
    // Run the test
    PowerMock.replayAll();
    try {
        QueryExecutorBean subject = new QueryExecutorBean();
        setInternalState(subject, EJBContext.class, context);
        setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
        setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
        setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
        setInternalState(subject, QueryCache.class, cache);
        setInternalState(subject, ClosedQueryCache.class, closedCache);
        setInternalState(subject, Persister.class, persister);
        setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
        setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
        setInternalState(subject, AuditBean.class, auditor);
        setInternalState(subject, QueryMetricsBean.class, metrics);
        setInternalState(subject, Multimap.class, traceInfos);
        setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
        setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
        setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
        setInternalState(connectionRequestBean, EJBContext.class, context);
        setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
        subject.createQueryAndNext(queryLogicName, queryParameters);
    } finally {
        PowerMock.verifyAll();
    }
}
Also used : Set(java.util.Set) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) DefaultEventQueryResponse(datawave.webservice.result.DefaultEventQueryResponse) HashMap(java.util.HashMap) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ArrayList(java.util.ArrayList) QueryUncaughtExceptionHandler(datawave.webservice.query.util.QueryUncaughtExceptionHandler) QueryMetric(datawave.microservice.querymetric.QueryMetric) QueryPersistence(datawave.webservice.query.QueryPersistence) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) BaseQueryLogic(datawave.webservice.query.logic.BaseQueryLogic) QueryLogic(datawave.webservice.query.logic.QueryLogic) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) Collection(java.util.Collection) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 18 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testPlanQuery.

@Test
public void testPlanQuery() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userdn";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    HashMap<String, Collection<String>> authsMap = new HashMap<>();
    authsMap.put("userdn", Arrays.asList(queryAuthorizations));
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations of the create logic
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.PASSIVE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.PASSIVE);
    expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
    expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
    expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
    this.connectionRequestBean.requestBegin(queryId.toString());
    expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
    this.connectionRequestBean.requestEnd(queryId.toString());
    expect(this.principal.getPrimaryUser()).andReturn(dwUser);
    expect(this.dwUser.getAuths()).andReturn(Collections.singleton(queryAuthorizations));
    expect(this.principal.getProxiedUsers()).andReturn(Collections.singletonList(dwUser));
    expect(this.query.getOwner()).andReturn(userSid).anyTimes();
    expect(this.query.getId()).andReturn(queryId).anyTimes();
    expect(this.query.getQuery()).andReturn(queryName).anyTimes();
    expect(this.query.getQueryLogicName()).andReturn(queryLogicName).anyTimes();
    expect(this.query.getBeginDate()).andReturn(null).anyTimes();
    expect(this.query.getEndDate()).andReturn(null).anyTimes();
    expect(this.query.getColumnVisibility()).andReturn(null).anyTimes();
    expect(this.query.getQueryAuthorizations()).andReturn(queryAuthorizations).anyTimes();
    expect(this.query.getQueryName()).andReturn(null).anyTimes();
    expect(this.query.getPagesize()).andReturn(0).anyTimes();
    expect(this.query.getExpirationDate()).andReturn(null).anyTimes();
    expect(this.query.getParameters()).andReturn((Set) Collections.emptySet()).anyTimes();
    expect(this.query.getUncaughtExceptionHandler()).andReturn(new QueryUncaughtExceptionHandler()).anyTimes();
    expect(this.query.getUserDN()).andReturn(userDN).anyTimes();
    // Set expectations of the plan
    Authorizations queryAuths = new Authorizations(queryAuthorizations);
    expect(this.queryLogic1.getPlan(this.connector, this.query, Collections.singleton(queryAuths), true, false)).andReturn("a query plan");
    // Set expectations of the cleanup
    this.connectionFactory.returnConnection(this.connector);
    EasyMock.expectLastCall().times(2);
    queryLogic1.close();
    EasyMock.expectLastCall();
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, QueryCache.class, cache);
    setInternalState(subject, ClosedQueryCache.class, closedCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, QueryMetricsBean.class, metrics);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    GenericResponse<String> result1 = subject.planQuery(queryLogicName, queryParameters);
    PowerMock.verifyAll();
    // Verify results
    assertNotNull("Expected a non-null response", result1);
    assertEquals("a query plan", result1.getResult());
}
Also used : Authorizations(org.apache.accumulo.core.security.Authorizations) Set(java.util.Set) TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) HashMap(java.util.HashMap) MultivaluedHashMap(javax.ws.rs.core.MultivaluedHashMap) ArrayList(java.util.ArrayList) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) QueryUncaughtExceptionHandler(datawave.webservice.query.util.QueryUncaughtExceptionHandler) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) QueryPersistence(datawave.webservice.query.QueryPersistence) Collection(java.util.Collection) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 19 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testCreateQueryAndNext_AddToCacheException.

@SuppressWarnings({ "rawtypes", "unchecked" })
@Test
public void testCreateQueryAndNext_AddToCacheException() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 9999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userDN";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    List<String> dnList = Collections.singletonList(userDN);
    UUID queryId = UUID.randomUUID();
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle("valid", "param");
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    // op.putSingle(PrivateAuditConstants.AUDIT_TYPE, AuditType.ACTIVE.name());
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations
    expect(context.getCallerPrincipal()).andReturn(principal);
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.queryLogic1.getMaxPageSize()).andReturn(1000).times(2);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal);
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0));
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(true);
    expect(this.queryLogic1.getAuditType(null)).andReturn(AuditType.ACTIVE);
    expect(this.principal.getAuthorizations()).andReturn((Collection) Arrays.asList(Arrays.asList(queryAuthorizations)));
    expect(persister.create(eq(userDNpair.subjectDN()), eq(dnList), eq(marking), eq(queryLogicName), eq(qp), eq(op))).andReturn(this.query);
    expect(this.queryLogic1.getAuditType(this.query)).andReturn(AuditType.ACTIVE);
    expect(this.queryLogic1.getSelectors(this.query)).andReturn(null);
    expect(auditor.audit(eq(queryParameters))).andReturn(null);
    expect(this.queryLogic1.getConnectionPriority()).andReturn(Priority.NORMAL);
    expect(this.queryLogic1.getConnPoolName()).andReturn("connPool1");
    expect(this.connectionFactory.getTrackingMap(isA(StackTraceElement[].class))).andReturn(null);
    this.connectionRequestBean.requestBegin(queryId.toString());
    expect(this.connectionFactory.getConnection("connPool1", Priority.NORMAL, null)).andReturn(this.connector);
    this.connectionRequestBean.requestEnd(queryId.toString());
    expect(this.traceInfos.get(userSid)).andReturn(Arrays.asList(PatternWrapper.wrap(query)));
    expect(this.qlCache.add(queryId.toString(), userSid, this.queryLogic1, this.connector)).andThrow(new IllegalStateException("INTENTIONALLY THROWN TEST EXCEPTION: PROBLEM ADDING QUERY LOGIC TO CACHE"));
    this.queryLogic1.close();
    this.connectionFactory.returnConnection(this.connector);
    PowerMock.expectLastCall().andThrow(new IOException("INTENTIONALLY THROWN 2ND-LEVEL TEST EXCEPTION"));
    this.persister.remove(this.query);
    PowerMock.expectLastCall().andThrow(new IOException("INTENTIONALLY THROWN 3RD-LEVEL TEST EXCEPTION"));
    expect(this.query.getId()).andReturn(queryId).anyTimes();
    expect(this.qlCache.poll(queryId.toString())).andReturn(null);
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactory.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, marking);
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    Throwable result1 = null;
    try {
        subject.createQueryAndNext(queryLogicName, queryParameters);
    } catch (DatawaveWebApplicationException e) {
        result1 = e.getCause();
    }
    PowerMock.verifyAll();
    // Verify results
    assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
    assertEquals("Exception expected to have been caused by problem adding query logic to cache", "500-7", ((QueryException) result1).getErrorCode());
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) IOException(java.io.IOException) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) QueryPersistence(datawave.webservice.query.QueryPersistence) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) UUID(java.util.UUID) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 20 with SubjectIssuerDNPair

use of datawave.security.authorization.SubjectIssuerDNPair in project datawave by NationalSecurityAgency.

the class ExtendedQueryExecutorBeanTest method testPlanQuery_userNotInAllowedDNs.

@Test
public void testPlanQuery_userNotInAllowedDNs() throws Exception {
    // Set local test input
    String queryLogicName = "queryLogicName";
    String query = "query";
    String queryName = "queryName";
    String queryVisibility = "A&B";
    long currentTime = System.currentTimeMillis();
    Date beginDate = new Date(currentTime - 5000);
    Date endDate = new Date(currentTime - 1000);
    String queryAuthorizations = "AUTH_1";
    Date expirationDate = new Date(currentTime + 999999);
    int pagesize = 10;
    int pageTimeout = -1;
    QueryPersistence persistenceMode = QueryPersistence.PERSISTENT;
    boolean trace = false;
    String userName = "userName";
    String userSid = "userSid";
    String userDN = "userdn";
    SubjectIssuerDNPair userDNpair = SubjectIssuerDNPair.of(userDN);
    MultivaluedMap<String, String> queryParameters = new MultivaluedMapImpl<>();
    queryParameters.putSingle(QueryParameters.QUERY_LOGIC_NAME, queryLogicName);
    queryParameters.putSingle(QueryParameters.QUERY_STRING, query);
    queryParameters.putSingle(QueryParameters.QUERY_NAME, queryName);
    queryParameters.putSingle(QueryParameters.QUERY_BEGIN, QueryParametersImpl.formatDate(beginDate));
    queryParameters.putSingle(QueryParameters.QUERY_END, QueryParametersImpl.formatDate(endDate));
    queryParameters.putSingle(QueryParameters.QUERY_EXPIRATION, QueryParametersImpl.formatDate(expirationDate));
    queryParameters.putSingle(QueryParameters.QUERY_AUTHORIZATIONS, queryAuthorizations);
    queryParameters.putSingle(QueryParameters.QUERY_PAGESIZE, String.valueOf(pagesize));
    queryParameters.putSingle(QueryParameters.QUERY_PAGETIMEOUT, String.valueOf(pageTimeout));
    queryParameters.putSingle(QueryParameters.QUERY_PERSISTENCE, persistenceMode.name());
    queryParameters.putSingle(QueryParameters.QUERY_TRACE, String.valueOf(trace));
    queryParameters.putSingle(ColumnVisibilitySecurityMarking.VISIBILITY_MARKING, queryVisibility);
    queryParameters.putSingle("valid", "param");
    ColumnVisibilitySecurityMarking marking = new ColumnVisibilitySecurityMarking();
    marking.validate(queryParameters);
    QueryParameters qp = new QueryParametersImpl();
    qp.validate(queryParameters);
    MultivaluedMap<String, String> op = new MultivaluedMapImpl<>();
    op.putAll(qp.getUnknownParameters(queryParameters));
    op.putSingle(PrivateAuditConstants.LOGIC_CLASS, queryLogicName);
    op.putSingle(PrivateAuditConstants.COLUMN_VISIBILITY, queryVisibility);
    op.putSingle(PrivateAuditConstants.USER_DN, userDNpair.subjectDN());
    // Set expectations of the create logic
    queryLogic1.validate(queryParameters);
    expect(this.queryLogicFactory.getQueryLogic(queryLogicName, this.principal)).andReturn((QueryLogic) this.queryLogic1);
    expect(this.context.getCallerPrincipal()).andReturn(this.principal).anyTimes();
    expect(this.principal.getName()).andReturn(userName);
    expect(this.principal.getShortName()).andReturn(userSid);
    expect(this.principal.getUserDN()).andReturn(userDNpair);
    expect(this.principal.getDNs()).andReturn(new String[] { userDN });
    expect(this.principal.getProxyServers()).andReturn(new ArrayList<>(0)).anyTimes();
    expect(this.queryLogic1.containsDNWithAccess(Collections.singletonList(userDN))).andReturn(false);
    // Run the test
    PowerMock.replayAll();
    QueryExecutorBean subject = new QueryExecutorBean();
    setInternalState(subject, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionFactory.class, connectionFactory);
    setInternalState(subject, ResponseObjectFactory.class, responseObjectFactory);
    setInternalState(subject, CreatedQueryLogicCacheBean.class, qlCache);
    setInternalState(subject, QueryCache.class, cache);
    setInternalState(subject, ClosedQueryCache.class, closedCache);
    setInternalState(subject, Persister.class, persister);
    setInternalState(subject, QueryLogicFactoryImpl.class, queryLogicFactory);
    setInternalState(subject, QueryExpirationConfiguration.class, queryExpirationConf);
    setInternalState(subject, AuditBean.class, auditor);
    setInternalState(subject, QueryMetricsBean.class, metrics);
    setInternalState(subject, Multimap.class, traceInfos);
    setInternalState(subject, SecurityMarking.class, new ColumnVisibilitySecurityMarking());
    setInternalState(subject, QueryParameters.class, new QueryParametersImpl());
    setInternalState(subject, QueryMetricFactory.class, new QueryMetricFactoryImpl());
    setInternalState(connectionRequestBean, EJBContext.class, context);
    setInternalState(subject, AccumuloConnectionRequestBean.class, connectionRequestBean);
    Throwable result1 = null;
    try {
        subject.planQuery(queryLogicName, queryParameters);
    } catch (DatawaveWebApplicationException e) {
        result1 = e.getCause();
    }
    PowerMock.verifyAll();
    // Verify results
    assertTrue("QueryException expected to have been thrown", result1 instanceof QueryException);
    assertEquals("Thrown exception expected to have been due to access denied", "401", ((QueryException) result1).getErrorCode());
    assertEquals("Thrown exception expected to detail reason for access denial", "None of the DNs used have access to this query logic: [userdn]", result1.getMessage());
}
Also used : SubjectIssuerDNPair(datawave.security.authorization.SubjectIssuerDNPair) ArrayList(java.util.ArrayList) MultivaluedMapImpl(org.jboss.resteasy.specimpl.MultivaluedMapImpl) QueryParameters(datawave.webservice.query.QueryParameters) QueryParametersImpl(datawave.webservice.query.QueryParametersImpl) Date(java.util.Date) ColumnVisibilitySecurityMarking(datawave.marking.ColumnVisibilitySecurityMarking) NoResultsQueryException(datawave.webservice.query.exception.NoResultsQueryException) QueryException(datawave.webservice.query.exception.QueryException) QueryPersistence(datawave.webservice.query.QueryPersistence) DatawaveWebApplicationException(datawave.webservice.common.exception.DatawaveWebApplicationException) QueryMetricFactoryImpl(datawave.microservice.querymetric.QueryMetricFactoryImpl) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Aggregations

SubjectIssuerDNPair (datawave.security.authorization.SubjectIssuerDNPair)29 Test (org.junit.Test)18 QueryMetricFactoryImpl (datawave.microservice.querymetric.QueryMetricFactoryImpl)13 DatawaveUser (datawave.security.authorization.DatawaveUser)13 Date (java.util.Date)13 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)13 DatawavePrincipal (datawave.security.authorization.DatawavePrincipal)12 QueryParametersImpl (datawave.webservice.query.QueryParametersImpl)12 QueryPersistence (datawave.webservice.query.QueryPersistence)12 MultivaluedMapImpl (org.jboss.resteasy.specimpl.MultivaluedMapImpl)12 ColumnVisibilitySecurityMarking (datawave.marking.ColumnVisibilitySecurityMarking)11 UUID (java.util.UUID)11 QueryParameters (datawave.webservice.query.QueryParameters)10 ArrayList (java.util.ArrayList)10 Collection (java.util.Collection)9 HashMap (java.util.HashMap)7 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)7 NoResultsQueryException (datawave.webservice.query.exception.NoResultsQueryException)6 HashSet (java.util.HashSet)6 Set (java.util.Set)6