/*
* Copyright 2015-present Open Networking Laboratory
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
* Advisers: Keqiu Li and Heng Qi
* This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
* and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
*/
package org.onosproject.acl;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.junit.After;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.onlab.osgi.ServiceDirectory;
import org.onlab.osgi.TestServiceDirectory;
import org.onlab.rest.BaseResource;
import org.onosproject.core.IdGenerator;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.atomic.AtomicLong;
import static org.easymock.EasyMock.*;
import static org.hamcrest.Matchers.containsString;
import static org.junit.Assert.assertThat;
/**
* Test class for ACL application REST resource.
*/
public class AclWebResourceTest extends JerseyTest {
final AclService mockAclService = createMock(AclService.class);
final AclStore mockAclStore = createMock(AclStore.class);
final List<AclRule> rules = new ArrayList<>();
/**
* Constructs a control metrics collector resource test instance.
*/
public AclWebResourceTest() {
super(ResourceConfig.forApplicationClass(AclWebApplication.class));
}
@Before
public void setUpMock() {
expect(mockAclService.getAclRules()).andReturn(rules).anyTimes();
ServiceDirectory testDirectory = new TestServiceDirectory()
.add(AclService.class, mockAclService)
.add(AclStore.class, mockAclStore);
BaseResource.setServiceDirectory(testDirectory);
IdGenerator idGenerator = new MockIdGenerator();
AclRule.bindIdGenerator(idGenerator);
}
@After
public void tearDown() {
verify(mockAclService);
}
/**
* Mock id generator for testing.
*/
private class MockIdGenerator implements IdGenerator {
private AtomicLong nextId = new AtomicLong(0);
@Override
public long getNewId() {
return nextId.getAndIncrement();
}
}
@Test
@Ignore("FIXME: This needs to get reworked")
public void addRule() throws IOException {
WebTarget wt = target();
String response;
String json;
replay(mockAclService);
// FIXME: following code snippet requires refactoring by extracting
// json string as a separated file
// input a invalid JSON string that contains neither nw_src and nw_dst
json = "{\"ipProto\":\"TCP\",\"dstTpPort\":\"80\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("Failed! Either srcIp or dstIp must be assigned."));
// input a invalid JSON string that doesn't contain CIDR mask bits
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("Malformed IPv4 prefix string: 10.0.0.1. " +
"Address must take form \"x.x.x.x/y\""));
// input a invalid JSON string that contains a invalid IP address
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.256/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("Invalid IP address string: 10.0.0.256"));
// input a invalid JSON string that contains a invalid IP address
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.01/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("Invalid IP address string: 10.0.01"));
// input a invalid JSON string that contains a invalid CIDR mask bits
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/a\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("Failed! For input string: \"a\""));
// input a invalid JSON string that contains a invalid CIDR mask bits
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/33\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("Invalid prefix length 33. The value must be in the interval [0, 32]"));
// input a invalid JSON string that contains a invalid ipProto value
json = "{\"ipProto\":\"ARP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("ipProto must be assigned to TCP, UDP, or ICMP."));
// input a invalid JSON string that contains a invalid dstTpPort value
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"a\",\"action\":\"DENY\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("dstTpPort must be assigned to a numerical value."));
// input a invalid JSON string that contains a invalid action value
json = "{\"ipProto\":\"TCP\",\"srcIp\":\"10.0.0.1/32\",\"dstTpPort\":\"80\",\"action\":\"PERMIT\"}";
response = wt.request().post(Entity.json(json), String.class);
assertThat(response, containsString("action must be assigned to ALLOW or DENY."));
}
}