/* The contents of this file are subject to the license and copyright terms
* detailed in the license directory at the root of the source tree (also
* available online at http://fedora-commons.org/license/).
*/
package fedora.test.api;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import melcoe.xacml.pdp.data.DbXmlPolicyDataManager;
import melcoe.xacml.pdp.data.PolicyDataManager;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.multipart.FilePart;
import org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity;
import org.apache.commons.httpclient.methods.multipart.Part;
import org.w3c.dom.Document;
import junit.framework.Test;
import junit.framework.TestSuite;
import fedora.client.FedoraClient;
import fedora.client.HttpInputStream;
import fedora.server.security.servletfilters.xmluserfile.FedoraUsers;
import fedora.test.DemoObjectTestSetup;
import fedora.test.FedoraServerTestCase;
import fedora.test.fesl.util.DataUtils;
/**
* Common tests for correct/incorrect http status codes with api requests over
* API-A/API-M Lite. For non-200 requests, this also tests the response body for
* the string "Fedora: # " (where # is the status code) to ensure that the
* correct jsp has been delivered.
*
* @author Chris Wilper
*/
public class TestHTTPStatusCodesConfigC
extends FedoraServerTestCase {
public static final String TEST_OBJ = "demo:SmileyBucket";
public static final String BOGUS_DS = "NonExistingDS";
public static final String BOGUS_METHOD = "nonExistingMethod";
public static final String BOGUS_OBJ = "demo:NonExistingObject";
public static final String BOGUS_SDEF = "demo:NonExistingSDef";
public static final String GET_NEXT_PID_PATH =
"/management/getNextPID?xml=true";
public static final String DESCRIBE_REPOSITORY_PATH = "/describe?xml=true";
public static final String GET_DS_DISSEM_PATH = "/get/" + TEST_OBJ + "/DC";
public static final String GET_DS_DISSEM_BOGUS_DS_PATH =
"/get/" + TEST_OBJ + "/" + BOGUS_DS;
public static final String GET_DS_DISSEM_BOGUS_OBJ_PATH =
"/get/" + BOGUS_OBJ + "/DC";
public static final String GET_DEFAULT_DISSEM_PATH =
"/get/" + TEST_OBJ + "/fedora-system:3/viewDublinCore";
public static final String GET_DEFAULT_DISSEM_BOGUS_METHOD_PATH =
"/get/" + TEST_OBJ + "/fedora-system:3/" + BOGUS_METHOD;
public static final String GET_DEFAULT_DISSEM_BOGUS_OBJ_PATH =
"/get/" + BOGUS_OBJ + "/fedora-system:3/viewDublinCore";
public static final String GET_CUSTOM_DISSEM_PATH =
"/get/" + TEST_OBJ + "/demo:DualResolution/mediumSize";
public static final String GET_CUSTOM_DISSEM_BOGUS_METHOD_PATH =
"/get/" + TEST_OBJ + "/demo:DualResolution/" + BOGUS_METHOD;
public static final String GET_CUSTOM_DISSEM_BOGUS_SDEF_PATH =
"/get/" + TEST_OBJ + "/" + BOGUS_SDEF + "/" + BOGUS_METHOD;
public static final String GET_CUSTOM_DISSEM_BOGUS_OBJ_PATH =
"/get/" + BOGUS_OBJ + "/demo:DualResolution/mediumSize";
public static final String GET_OBJ_HISTORY_PATH =
"/getObjectHistory/" + TEST_OBJ + "?xml=true";
public static final String GET_OBJ_HISTORY_BOGUS_OBJ_PATH =
"/getObjectHistory/" + BOGUS_OBJ + "?xml=true";
public static final String GET_OBJ_PROFILE_PATH =
"/get/" + TEST_OBJ + "?xml=true";
public static final String GET_OBJ_PROFILE_BOGUS_OBJ_PATH =
"/get/" + BOGUS_OBJ + "?xml=true";
public static final String LIST_DATASTREAMS_PATH =
"/listDatastreams/" + TEST_OBJ + "?xml=true";
public static final String LIST_DATASTREAMS_BOGUS_OBJ_PATH =
"/listDatastreams/" + BOGUS_OBJ + "?xml=true";
public static final String LIST_METHODS_PATH =
"/listMethods/" + TEST_OBJ + "?xml=true";
public static final String LIST_METHODS_BOGUS_OBJ_PATH =
"/listMethods/" + BOGUS_OBJ + "?xml=true";
public static final String FIND_OBJECTS_PATH =
"/search?pid=true&terms=&query=&maxResults=120&xml=true";
public static final String FIND_OBJECTS_BADREQ_PATH =
"/search?pid=true&terms=&query=&maxResults=unparsable&xml=true";
public static final String RI_SEARCH_PATH =
"/risearch?type=triples&lang=spo&format=N-Triples&limit=&dt=on&stream=on&query=%3Cinfo%3Afedora%2Fdemo%3ASmileyStuff%3E+*+*";
private static FedoraClient CLIENT_VALID_USER_VALID_PASS;
private static FedoraClient CLIENT_VALID_USER_VALID_PASS_UNAUTHORIZED;
private static FedoraClient CLIENT_VALID_USER_BOGUS_PASS;
private static FedoraClient CLIENT_BOGUS_USER;
//---
// Test suite setup
//---
public static Test suite() {
TestSuite suite = new TestSuite("TestHTTPStatusCodes TestSuite");
suite.addTestSuite(TestHTTPStatusCodesConfigC.class);
return new DemoObjectTestSetup(suite);
}
//---
// Test utility methods
//---
public static void checkOK(String requestPath) throws Exception {
checkGetCode(getClient(true, true, true),
requestPath,
"Expected HTTP 200 (OK) response for authenticated, "
+ "authorized request",
200);
}
public static void checkError(String requestPath) throws Exception {
checkGetCode(getClient(true, true, true),
requestPath,
"Expected HTTP 500 (Internal Server Error) response for "
+ "authenticated, authorized request",
500);
}
public static void checkBadAuthN(String requestPath) throws Exception {
checkGetCode(getClient(true, false, true),
requestPath,
"Expected HTTP 401 (Unauthorized) response for bad "
+ "authentication (valid user, bad pass) request",
401);
checkGetCode(getClient(false, false, true),
requestPath,
"Expected HTTP 401 (Unauthorized) response for bad "
+ "authentication (invalid user) request",
401);
}
public static void checkBadAuthZ(String requestPath) throws Exception {
try {
activateUnauthorizedUserAndPolicy();
checkGetCode(getClient(true, true, false),
requestPath,
"Expected HTTP 403 (Forbidden) response for "
+ "authenticated, unauthorized request",
403);
} finally {
deactivateUnauthorizedUserAndPolicy();
}
}
public static void checkNotFound(String requestPath) throws Exception {
checkGetCode(getClient(true, true, true),
requestPath,
"Expected HTTP 404 (Not Found) response for authenticated, "
+ "authorized request",
404);
}
public static void checkBadRequest(String requestPath) throws Exception {
checkGetCode(getClient(true, true, true),
requestPath,
"Expected HTTP 400 (Bad Request) response for authenticated, "
+ "authorized request",
400);
}
//---
// API-M Lite: getNextPID
//---
public void testGetNextPID_OK() throws Exception {
checkOK(GET_NEXT_PID_PATH);
}
public void testGetNextPID_BadAuthN() throws Exception {
checkBadAuthN(GET_NEXT_PID_PATH);
}
public void testGetNextPID_BadAuthZ() throws Exception {
checkBadAuthZ(GET_NEXT_PID_PATH);
}
//---
// API-M Lite: upload
//---
public void testUpload_Created() throws Exception {
checkUploadCode(getClient(true, true, true),
"file",
"Expected HTTP 201 (Created) response for authenticated, "
+ "authorized request",
201);
}
public void testUpload_BadAuthN() throws Exception {
checkUploadCode(getClient(true, false, true),
"file",
"Expected HTTP 401 (Unauthorized) response for bad "
+ "authentication (valid user, bad pass) request",
401);
checkUploadCode(getClient(false, false, true),
"file",
"Expected HTTP 401 (Unauthorized) response for bad "
+ "authentication (invalid user) request",
401);
}
public void testUpload_BadRequest() throws Exception {
checkUploadCode(getClient(true, true, true),
"badparam",
"Expected HTTP 400 (Bad Request) response for authenticated, "
+ "authorized request",
400);
}
//---
// API-A Lite: describeRepository
//---
public void testDescribeRepository_OK() throws Exception {
checkOK(DESCRIBE_REPOSITORY_PATH);
}
//---
// API-A Lite: getDatastreamDissemination
//---
public void testGetDatastreamDissemination_OK() throws Exception {
checkOK(GET_DS_DISSEM_PATH);
}
public void testGetDatastreamDissemination_Datastream_NotFound()
throws Exception {
checkNotFound(GET_DS_DISSEM_BOGUS_DS_PATH);
}
public void testGetDatastreamDissemination_Object_NotFound()
throws Exception {
checkNotFound(GET_DS_DISSEM_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: getDissemination (default)
//---
public void testGetDissemination_Default_OK() throws Exception {
checkOK(GET_DEFAULT_DISSEM_PATH);
}
public void testGetDissemination_Default_Method_NotFound() throws Exception {
checkNotFound(GET_DEFAULT_DISSEM_BOGUS_METHOD_PATH);
}
public void testGetDissemination_Default_Object_NotFound() throws Exception {
checkNotFound(GET_DEFAULT_DISSEM_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: getDissemination (custom)
//---
public void testGetDissemination_Custom_OK() throws Exception {
checkOK(GET_CUSTOM_DISSEM_PATH);
}
public void testGetDissemination_Custom_Method_NotFound() throws Exception {
checkNotFound(GET_CUSTOM_DISSEM_BOGUS_METHOD_PATH);
}
public void testGetDissemination_Custom_Object_NotFound() throws Exception {
checkNotFound(GET_CUSTOM_DISSEM_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: getObjectHistory
//---
public void testGetObjectHistory_OK() throws Exception {
checkOK(GET_OBJ_HISTORY_PATH);
}
public void testGetObjectHistory_Object_NotFound() throws Exception {
checkNotFound(GET_OBJ_HISTORY_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: getObjectProfile
//---
public void testGetObjectProfile_OK() throws Exception {
checkOK(GET_OBJ_PROFILE_PATH);
}
public void testGetObjectProfile_Object_NotFound() throws Exception {
checkNotFound(GET_OBJ_PROFILE_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: listDatastreams
//---
public void testListDatastreams_OK() throws Exception {
checkOK(LIST_DATASTREAMS_PATH);
}
public void testListDatastreams_Object_NotFound() throws Exception {
checkNotFound(LIST_DATASTREAMS_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: listMethods
//---
public void testListMethods_OK() throws Exception {
checkOK(LIST_METHODS_PATH);
}
public void testListMethods_Object_NotFound() throws Exception {
checkNotFound(LIST_METHODS_BOGUS_OBJ_PATH);
}
//---
// API-A Lite: findObjects
//---
public void testFindObjects_OK() throws Exception {
checkOK(FIND_OBJECTS_PATH);
}
public void testFindObjects_BadRequest() throws Exception {
checkBadRequest(FIND_OBJECTS_BADREQ_PATH);
}
//---
// Static helpers
//---
private static int getStatus(FedoraClient client, String requestPath)
throws Exception {
HttpInputStream in = client.get(requestPath, false);
try {
return in.getStatusCode();
} finally {
in.close();
}
}
private static FedoraClient getClient(boolean validUser,
boolean validPass,
boolean authorized) throws Exception {
if (validUser) {
if (validPass) {
System.out
.println("Using Fedora Client with valid user, valid pass");
if (authorized) {
if (CLIENT_VALID_USER_VALID_PASS == null) {
CLIENT_VALID_USER_VALID_PASS = getFedoraClient();
}
return CLIENT_VALID_USER_VALID_PASS;
} else {
if (CLIENT_VALID_USER_VALID_PASS_UNAUTHORIZED == null) {
CLIENT_VALID_USER_VALID_PASS_UNAUTHORIZED =
getFedoraClient(getBaseURL(),
"untrustedUser",
"password");
}
return CLIENT_VALID_USER_VALID_PASS_UNAUTHORIZED;
}
} else {
System.out
.println("Using Fedora Client with valid user, bogus pass");
if (CLIENT_VALID_USER_BOGUS_PASS == null) {
CLIENT_VALID_USER_BOGUS_PASS =
getFedoraClient(getBaseURL(),
getUsername(),
"bogus");
}
return CLIENT_VALID_USER_BOGUS_PASS;
}
} else {
System.out.println("Using Fedora Client with bogus user");
if (CLIENT_BOGUS_USER == null) {
CLIENT_BOGUS_USER =
getFedoraClient(getBaseURL(), "bogus", "bogus");
}
return CLIENT_BOGUS_USER;
}
}
private static void activateUnauthorizedUserAndPolicy() throws Exception {
backupFedoraUsersFile();
writeFedoraUsersFile("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<fedora-users>\n" + " <user name=\"" + getUsername()
+ "\" password=\"" + getPassword() + "\">\n"
+ " <attribute name=\"fedoraRole\">\n"
+ " <value>administrator</value>\n" + " </attribute>\n"
+ " </user>\n"
+ " <user name=\"fedoraIntCallUser\" password=\"changeme\">\n"
+ " <attribute name=\"fedoraRole\">\n"
+ " <value>fedoraInternalCall-1</value>\n"
+ " <value>fedoraInternalCall-2</value>\n"
+ " </attribute>\n" + " </user>\n"
+ " <user name=\"untrustedUser\" password=\"password\">\n"
+ " <attribute name=\"fedoraRole\">\n"
+ " <value>unauthorized</value>\n" + " </attribute>\n"
+ " </user>\n" + "</fedora-users>");
addSystemWidePolicyFile("deny-all-if-unauthorized.xml",
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<Policy xmlns=\"urn:oasis:names:tc:xacml:1.0:policy\"\n"
+ " xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n"
+ " PolicyId=\"deny-all-if-unauthorized\""
+ " RuleCombiningAlgId=\"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable\">\n"
+ " <Description>deny all api-a and api-m access if subject has fedoraRole unauthorized</Description>\n"
+ " <Target>\n"
+ " <Subjects>\n"
+ " <AnySubject/>\n"
+ " </Subjects>\n"
+ " <Resources>\n"
+ " <AnyResource/>\n"
+ " </Resources>\n"
+ " <Actions>\n"
+ " <AnyAction/>\n"
+ " </Actions>\n"
+ " </Target>\n"
+ " <Rule RuleId=\"1\" Effect=\"Deny\">\n"
+ " <Condition FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:string-is-in\">\n"
+ " <AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">unauthorized</AttributeValue>\n"
+ " <SubjectAttributeDesignator AttributeId=\"fedoraRole\" DataType=\"http://www.w3.org/2001/XMLSchema#string\"/>\n"
+ " </Condition>\n" + " </Rule>\n"
+ "</Policy>");
reloadPolicies();
}
private static void deactivateUnauthorizedUserAndPolicy() throws Exception {
restoreFedoraUsersFile();
removeSystemWidePolicyFile("deny-all-if-unauthorized.xml");
reloadPolicies();
}
private static void backupFedoraUsersFile() throws Exception {
File sourceFile = FedoraUsers.fedoraUsersXML;
File destFile =
new File(FedoraUsers.fedoraUsersXML.getPath() + ".backup");
copyFile(sourceFile, destFile);
}
private static void copyFile(File sourceFile, File destFile)
throws Exception {
FileInputStream in = new FileInputStream(sourceFile);
FileOutputStream out = new FileOutputStream(destFile);
byte[] buf = new byte[4096];
int len;
try {
while ((len = in.read(buf)) > 0) {
out.write(buf, 0, len);
}
} finally {
in.close();
out.close();
}
}
private static void writeFedoraUsersFile(String xml) throws Exception {
writeStringToFile(xml, FedoraUsers.fedoraUsersXML);
}
private static void writeStringToFile(String string, File file)
throws Exception {
FileOutputStream out = new FileOutputStream(file);
PrintWriter writer = new PrintWriter(new OutputStreamWriter(out));
try {
writer.print(string);
} finally {
writer.close();
}
}
private static void restoreFedoraUsersFile() throws Exception {
File sourceFile =
new File(FedoraUsers.fedoraUsersXML.getPath() + ".backup");
File destFile = FedoraUsers.fedoraUsersXML;
copyFile(sourceFile, destFile);
}
private static void addSystemWidePolicyFile(String filename, String xml)
throws Exception {
final String policyDir =
"data/fedora-xacml-policies/repository-policies/junit";
File dir = new File(FEDORA_HOME, policyDir);
dir.mkdir();
File policyFile = new File(dir, filename);
writeStringToFile(xml, policyFile);
// for new policy store...
addPolicy(xml);
}
private static void removeSystemWidePolicyFile(String filename)
throws Exception {
final String policyDir =
"data/fedora-xacml-policies/repository-policies/junit";
File dir = new File(FEDORA_HOME, policyDir);
File policyFile = new File(dir, filename);
// new policy store thing. capture the file...
byte[] xml = DataUtils.loadFile(policyFile);
policyFile.delete();
dir.delete(); // succeeds if empty
// new policy store thing - get policyId and delete it.
String policyId = getPolicyId(xml);
delPolicy(policyId);
}
private static void reloadPolicies() throws Exception {
getClient(true, true, true).reloadPolicies();
}
private static void checkGetCode(FedoraClient client,
String requestPath,
String errorMessage,
int expectedCode) throws Exception {
HttpInputStream in = client.get(requestPath, false);
try {
int gotCode = in.getStatusCode();
assertEquals(errorMessage + " (" + requestPath + ")",
expectedCode,
gotCode);
if (expectedCode != 200) {
String expectedString = "Fedora: " + expectedCode + " ";
BufferedReader reader =
new BufferedReader(new InputStreamReader(in));
boolean foundExpectedString = false;
String line = reader.readLine();
while (line != null) {
if (line.indexOf(expectedString) != -1) {
foundExpectedString = true;
}
line = reader.readLine();
}
assertTrue("HTTP status code was correct (" + expectedCode
+ "), but body did not contain " + "the string \""
+ expectedString + "\"", foundExpectedString);
}
} finally {
in.close();
}
}
private static void checkUploadCode(FedoraClient client,
String partName,
String errorMessage,
int expectedCode) throws Exception {
File file = File.createTempFile("fedora-junit", ".txt");
try {
writeStringToFile("test", file);
int gotCode =
getUploadCode(client,
getBaseURL() + "/management/upload",
file,
partName);
assertEquals(errorMessage + " (/management/upload, partName="
+ partName + ")", expectedCode, gotCode);
} finally {
file.delete();
}
}
private static int getUploadCode(FedoraClient client,
String url,
File file,
String partName) throws Exception {
PostMethod post = null;
try {
post = new PostMethod(url);
post.setDoAuthentication(true);
post.getParams().setParameter("Connection", "Keep-Alive");
post.setContentChunked(true);
Part[] parts = {new FilePart(partName, file)};
post.setRequestEntity(new MultipartRequestEntity(parts, post
.getParams()));
int responseCode = client.getHttpClient().executeMethod(post);
if (responseCode > 299 && responseCode < 400) {
String location = post.getResponseHeader("location").getValue();
System.out.println("Redirected to " + location);
return getUploadCode(client, location, file, partName);
} else {
return responseCode;
}
} finally {
if (post != null) {
post.releaseConnection();
}
}
}
private static String getPolicyId(byte[] data) throws Exception
{
Document doc = DataUtils.getDocumentFromBytes(data);
String pid = doc.getDocumentElement().getAttribute("PolicyId");
return pid;
}
private static String addPolicy(String policy) throws Exception
{
PolicyDataManager polMan = new DbXmlPolicyDataManager();
String policyId = getPolicyId(policy.getBytes());
polMan.addPolicy(new String(policy), policyId);
Thread.sleep(1000);
return policyId;
}
private static void delPolicy(String policyId) throws Exception
{
PolicyDataManager polMan = new DbXmlPolicyDataManager();
polMan.deletePolicy(policyId);
Thread.sleep(1000);
}
}