Search in sources :

Example 26 with XmlParser

use of org.codice.ddf.parser.xml.XmlParser in project ddf by codice.

the class XacmlClientTest method testEvaluateroleuseractionquerycitizenshipCA.

@Test
public void testEvaluateroleuseractionquerycitizenshipCA() throws Exception {
    LOGGER.debug("\n\n\n##### testEvaluate_role_user_action_query_citizenship_CA");
    final String country = "CA";
    testSetup();
    RequestType xacmlRequestType = new RequestType();
    xacmlRequestType.setCombinedDecision(false);
    xacmlRequestType.setReturnPolicyIdList(false);
    AttributesType actionAttributes = new AttributesType();
    actionAttributes.setCategory(ACTION_CATEGORY);
    AttributeType actionAttribute = new AttributeType();
    actionAttribute.setAttributeId(ACTION_ID);
    actionAttribute.setIncludeInResult(false);
    AttributeValueType actionValue = new AttributeValueType();
    actionValue.setDataType(STRING_DATA_TYPE);
    actionValue.getContent().add(QUERY_ACTION);
    actionAttribute.getAttributeValue().add(actionValue);
    actionAttributes.getAttribute().add(actionAttribute);
    AttributesType subjectAttributes = new AttributesType();
    subjectAttributes.setCategory(SUBJECT_CATEGORY);
    AttributeType subjectAttribute = new AttributeType();
    subjectAttribute.setAttributeId(SUBJECT_ID);
    subjectAttribute.setIncludeInResult(false);
    AttributeValueType subjectValue = new AttributeValueType();
    subjectValue.setDataType(STRING_DATA_TYPE);
    subjectValue.getContent().add(TEST_USER_2);
    subjectAttribute.getAttributeValue().add(subjectValue);
    subjectAttributes.getAttribute().add(subjectAttribute);
    AttributeType roleAttribute = new AttributeType();
    roleAttribute.setAttributeId(ROLE_CLAIM);
    roleAttribute.setIncludeInResult(false);
    AttributeValueType roleValue = new AttributeValueType();
    roleValue.setDataType(STRING_DATA_TYPE);
    roleValue.getContent().add(ROLE);
    roleAttribute.getAttributeValue().add(roleValue);
    subjectAttributes.getAttribute().add(roleAttribute);
    AttributesType categoryAttributes = new AttributesType();
    categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
    AttributeType citizenshipAttribute = new AttributeType();
    citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
    citizenshipAttribute.setIncludeInResult(false);
    AttributeValueType citizenshipValue = new AttributeValueType();
    citizenshipValue.setDataType(STRING_DATA_TYPE);
    citizenshipValue.getContent().add(country);
    citizenshipAttribute.getAttributeValue().add(citizenshipValue);
    categoryAttributes.getAttribute().add(citizenshipAttribute);
    xacmlRequestType.getAttributes().add(actionAttributes);
    xacmlRequestType.getAttributes().add(subjectAttributes);
    xacmlRequestType.getAttributes().add(categoryAttributes);
    XacmlClient pdp = new XacmlClient(tempDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
    // Perform Test
    ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
    // Verify
    JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
    Marshaller marshaller = jaxbContext.createMarshaller();
    ObjectFactory objectFactory = new ObjectFactory();
    Writer writer = new StringWriter();
    marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
    LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
    assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.DENY);
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) Marshaller(javax.xml.bind.Marshaller) AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType) JAXBContext(javax.xml.bind.JAXBContext) ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType) ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory) StringWriter(java.io.StringWriter) AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType) AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) StringWriter(java.io.StringWriter) Writer(java.io.Writer) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 27 with XmlParser

use of org.codice.ddf.parser.xml.XmlParser in project ddf by codice.

the class XacmlClientTest method testWrapperpoliciesdirectoryexistsandisempty.

@Test
public /**
 * No longer expect an exception thrown here since we can start with an empty directory
 */
void testWrapperpoliciesdirectoryexistsandisempty() throws Exception {
    LOGGER.debug("\n\n\n##### testXACMLWrapper_policies_directory_exists_and_is_empty");
    // Setup
    File dir = folder.newFolder(TEMP_DIR_NAME);
    LOGGER.debug("Making directory: {}", dir.getPath());
    if (dir.mkdir()) {
        assertTrue(dir.isDirectory());
        assertTrue(isDirEmpty(dir));
        // Perform Test
        new XacmlClient(dir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
        // Cleanup
        LOGGER.debug("Deleting directory: {}", dir.getPath());
        FileUtils.deleteDirectory(dir);
    } else {
        LOGGER.debug("Could not create directory: {}", dir.getPath());
    }
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) File(java.io.File) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 28 with XmlParser

use of org.codice.ddf.parser.xml.XmlParser in project ddf by codice.

the class XacmlClientTest method testEvaluateroleuseractionquerycitizenshipUS.

@Test
public void testEvaluateroleuseractionquerycitizenshipUS() throws Exception {
    LOGGER.debug("\n\n\n##### testEvaluate_role_user_action_query_citizenship_US");
    // Setup
    File destDir = folder.newFolder(TEMP_DIR_NAME);
    LOGGER.debug("Making directory: {}", destDir.getPath());
    if (destDir.mkdir()) {
        File srcFile = new File(projectHome + File.separator + RELATIVE_POLICIES_DIR + File.separator + POLICY_FILE);
        FileUtils.copyFileToDirectory(srcFile, destDir);
        RequestType xacmlRequestType = new RequestType();
        xacmlRequestType.setCombinedDecision(false);
        xacmlRequestType.setReturnPolicyIdList(false);
        AttributesType actionAttributes = new AttributesType();
        actionAttributes.setCategory(ACTION_CATEGORY);
        AttributeType actionAttribute = new AttributeType();
        actionAttribute.setAttributeId(ACTION_ID);
        actionAttribute.setIncludeInResult(false);
        AttributeValueType actionValue = new AttributeValueType();
        actionValue.setDataType(STRING_DATA_TYPE);
        actionValue.getContent().add(QUERY_ACTION);
        actionAttribute.getAttributeValue().add(actionValue);
        actionAttributes.getAttribute().add(actionAttribute);
        AttributesType subjectAttributes = new AttributesType();
        subjectAttributes.setCategory(SUBJECT_CATEGORY);
        AttributeType subjectAttribute = new AttributeType();
        subjectAttribute.setAttributeId(SUBJECT_ID);
        subjectAttribute.setIncludeInResult(false);
        AttributeValueType subjectValue = new AttributeValueType();
        subjectValue.setDataType(STRING_DATA_TYPE);
        subjectValue.getContent().add(TEST_USER_1);
        subjectAttribute.getAttributeValue().add(subjectValue);
        subjectAttributes.getAttribute().add(subjectAttribute);
        AttributeType roleAttribute = new AttributeType();
        roleAttribute.setAttributeId(ROLE_CLAIM);
        roleAttribute.setIncludeInResult(false);
        AttributeValueType roleValue = new AttributeValueType();
        roleValue.setDataType(STRING_DATA_TYPE);
        roleValue.getContent().add(ROLE);
        roleAttribute.getAttributeValue().add(roleValue);
        subjectAttributes.getAttribute().add(roleAttribute);
        AttributesType categoryAttributes = new AttributesType();
        categoryAttributes.setCategory(PERMISSIONS_CATEGORY);
        AttributeType citizenshipAttribute = new AttributeType();
        citizenshipAttribute.setAttributeId(CITIZENSHIP_ATTRIBUTE);
        citizenshipAttribute.setIncludeInResult(false);
        AttributeValueType citizenshipValue = new AttributeValueType();
        citizenshipValue.setDataType(STRING_DATA_TYPE);
        citizenshipValue.getContent().add(US_COUNTRY);
        citizenshipAttribute.getAttributeValue().add(citizenshipValue);
        categoryAttributes.getAttribute().add(citizenshipAttribute);
        xacmlRequestType.getAttributes().add(actionAttributes);
        xacmlRequestType.getAttributes().add(subjectAttributes);
        xacmlRequestType.getAttributes().add(categoryAttributes);
        XacmlClient pdp = new XacmlClient(destDir.getCanonicalPath(), new XmlParser(), mock(SecurityLogger.class));
        // Perform Test
        ResponseType xacmlResponse = pdp.evaluate(xacmlRequestType);
        // Verify
        JAXBContext jaxbContext = JAXBContext.newInstance(ResponseType.class);
        Marshaller marshaller = jaxbContext.createMarshaller();
        ObjectFactory objectFactory = new ObjectFactory();
        Writer writer = new StringWriter();
        marshaller.marshal(objectFactory.createResponse(xacmlResponse), writer);
        LOGGER.debug("\nXACML 3.0 Response:\n{}", writer.toString());
        assertEquals(xacmlResponse.getResult().get(0).getDecision(), DecisionType.PERMIT);
        // Cleanup
        LOGGER.debug("Deleting directory: {}", destDir);
        FileUtils.deleteDirectory(destDir);
    } else {
        LOGGER.debug("Could not create directory: {}", destDir);
    }
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) Marshaller(javax.xml.bind.Marshaller) AttributeValueType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType) JAXBContext(javax.xml.bind.JAXBContext) ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType) ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory) StringWriter(java.io.StringWriter) AttributeType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeType) AttributesType(oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributesType) File(java.io.File) StringWriter(java.io.StringWriter) Writer(java.io.Writer) RequestType(oasis.names.tc.xacml._3_0.core.schema.wd_17.RequestType) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 29 with XmlParser

use of org.codice.ddf.parser.xml.XmlParser in project ddf by codice.

the class XacmlClientTest method testWrapperpoliciesdirectorydoesnotexist.

@Test
public void testWrapperpoliciesdirectorydoesnotexist() throws PdpException, IOException {
    LOGGER.debug("\n\n\n##### testXACMLWrapper_policies_directory_does_not_exist");
    // Perform Test on new directory
    // Expect directory to be created
    new XacmlClient(TEST_CREATION_DIR, new XmlParser(), mock(SecurityLogger.class));
    // Delete the directory that was just created
    FileUtils.forceDelete(new File(TEST_CREATION_DIR));
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) File(java.io.File) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Example 30 with XmlParser

use of org.codice.ddf.parser.xml.XmlParser in project ddf by codice.

the class AuthzRealmTest method testIsPermittedOneMultiple.

@Test
public void testIsPermittedOneMultiple() throws PdpException {
    permissionList.clear();
    KeyValuePermission kvp = new KeyValuePermissionImpl("country", Arrays.asList("AUS", "CAN", "GBR"));
    permissionList.add(kvp);
    String ruleClaim = "FineAccessControls";
    String countryClaim = "CountryOfAffiliation";
    // create a new user here with multiple country permissions to test
    List<Permission> permissions = new ArrayList<Permission>();
    KeyValuePermission rulePermission = new KeyValuePermissionImpl(ruleClaim);
    rulePermission.addValue("A");
    rulePermission.addValue("B");
    permissions.add(rulePermission);
    KeyValuePermission countryPermission = new KeyValuePermissionImpl(countryClaim);
    countryPermission.addValue("USA");
    countryPermission.addValue("AUS");
    permissions.add(countryPermission);
    SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
    authorizationInfo.addObjectPermission(rulePermission);
    authorizationInfo.addObjectPermission(countryPermission);
    authorizationInfo.addRole("admin");
    AuthzRealm testRealm = new AuthzRealm("src/test/resources/policies", new XmlParser()) {

        @Override
        public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principals) {
            return authorizationInfo;
        }
    };
    testRealm.setSecurityLogger(mock(SecurityLogger.class));
    testRealm.setMatchOneMappings(Arrays.asList("CountryOfAffiliation=country"));
    testRealm.setMatchAllMappings(Arrays.asList("FineAccessControls=rule"));
    testRealm.setRolePermissionResolver(roleString -> Arrays.asList(new KeyValuePermissionImpl("role", Arrays.asList(roleString))));
    boolean[] permittedArray = testRealm.isPermitted(mockSubjectPrincipal, permissionList);
    for (boolean permitted : permittedArray) {
        Assert.assertEquals(true, permitted);
    }
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) AuthzRealm(ddf.security.pdp.realm.AuthzRealm) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) ArrayList(java.util.ArrayList) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) KeyValuePermissionImpl(ddf.security.permission.impl.KeyValuePermissionImpl) CollectionPermission(ddf.security.permission.CollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) WildcardPermission(org.apache.shiro.authz.permission.WildcardPermission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) KeyValuePermission(ddf.security.permission.KeyValuePermission) SecurityLogger(ddf.security.audit.SecurityLogger) Test(org.junit.Test)

Aggregations

XmlParser (org.codice.ddf.parser.xml.XmlParser)32 Test (org.junit.Test)16 Before (org.junit.Before)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)9 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)9 SecurityLogger (ddf.security.audit.SecurityLogger)7 JAXBContext (javax.xml.bind.JAXBContext)7 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)7 File (java.io.File)5 HashSet (java.util.HashSet)5 RegistryObjectMetacardType (org.codice.ddf.registry.common.metacard.RegistryObjectMetacardType)5 MetacardMarshaller (org.codice.ddf.registry.schemabindings.helper.MetacardMarshaller)5 MetacardMarshaller (ddf.catalog.transformer.api.MetacardMarshaller)4 MetacardMarshallerImpl (ddf.catalog.transformer.xml.MetacardMarshallerImpl)4 PrintWriterProviderImpl (ddf.catalog.transformer.xml.PrintWriterProviderImpl)4 ArrayList (java.util.ArrayList)4 MetacardImpl (ddf.catalog.data.impl.MetacardImpl)3 XmlMetacardTransformer (ddf.catalog.transformer.xml.XmlMetacardTransformer)3 StringWriter (java.io.StringWriter)3 Writer (java.io.Writer)3