Google Git
Sign in
apache / incubator-retired-openaz / 5c9ab8cdd87655889c86f2ec7d59e7535a38c74c / . / openaz-xacml-test / src / test / java / org / apache / openaz / xacml / pdp / std / functions / FunctionDefinitionRegexpMatchTest.java
blob: 5587ffc7249eff8edaf3f763bc57dbef31b91991 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.openaz.xacml.pdp.std.functions;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.openaz.xacml.api.XACML3;
import org.apache.openaz.xacml.pdp.policy.ExpressionResult;
import org.apache.openaz.xacml.pdp.policy.FunctionArgument;
import org.apache.openaz.xacml.pdp.policy.FunctionArgumentAttributeValue;
import org.apache.openaz.xacml.pdp.std.StdFunctions;
import org.apache.openaz.xacml.pdp.std.functions.FunctionDefinitionRegexpMatch;
import org.apache.openaz.xacml.std.datatypes.DataTypes;
import org.apache.openaz.xacml.std.datatypes.IPAddress;
import org.apache.openaz.xacml.std.datatypes.RFC2396DomainName;
import org.apache.openaz.xacml.std.datatypes.RFC822Name;
import org.junit.Test;
/**
* Test of PDP Functions (See XACML core spec section A.3) TO RUN - use jUnit In Eclipse select this file or
* the enclosing directory, right-click and select Run As/JUnit Test
*/
public class FunctionDefinitionRegexpMatchTest {
/*
* variables useful in the following tests
*/
List<FunctionArgument> arguments = new ArrayList<FunctionArgument>();
@Test
public void testString() {
String v1 = new String("abc");
String v2 = new String("def");
FunctionArgumentAttributeValue attrV1 = null;
FunctionArgumentAttributeValue attrV2 = null;
FunctionArgumentAttributeValue attrNull = null;
FunctionArgumentAttributeValue attrInteger = null;
try {
attrV1 = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(v1));
attrV2 = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(v2));
attrNull = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(null));
attrInteger = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(1234));
} catch (Exception e) {
fail("creating attributes e=" + e);
}
FunctionDefinitionRegexpMatch<?> fd = (FunctionDefinitionRegexpMatch<?>)StdFunctions.FD_STRING_REGEXP_MATCH;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_STRING_REGEXP_MATCH, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// match
arguments.clear();
arguments.add(attrV1);
arguments.add(attrV1);
ExpressionResult res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
Boolean resValue = (Boolean)res.getValue().getValue();
assertEquals(true, resValue);
// no match
arguments.clear();
arguments.add(attrV1);
arguments.add(attrV2);
res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
resValue = (Boolean)res.getValue().getValue();
assertEquals(false, resValue);
// null regex
arguments.clear();
arguments.add(null);
arguments.add(attrV2);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:string-regexp-match Got null argument", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
arguments.clear();
arguments.add(attrNull);
arguments.add(attrV2);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:string-regexp-match Got null attribute", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
// null object to match
arguments.clear();
arguments.add(attrV1);
arguments.add(null);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:string-regexp-match Got null argument", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
arguments.clear();
arguments.add(attrV1);
arguments.add(attrNull);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:string-regexp-match Got null attribute", res.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
// regex not string
arguments.clear();
arguments.add(attrInteger);
arguments.add(attrV2);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:string-regexp-match Expected data type 'string' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
// object to match not correct type
arguments.clear();
arguments.add(attrV1);
arguments.add(attrInteger);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:string-regexp-match Expected data type 'string' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
}
@Test
public void testAnyURI() {
String regexp = new String("abc");
URI uri1 = null;
URI uri2 = null;
try {
uri1 = new URI("abc");
uri2 = new URI("def");
} catch (Exception e) {
fail("Unable to create URIs, e=" + e);
}
FunctionArgumentAttributeValue attrRegexp = null;
FunctionArgumentAttributeValue attrUri1 = null;
FunctionArgumentAttributeValue attrUri2 = null;
FunctionArgumentAttributeValue attrInteger = null;
try {
attrRegexp = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(regexp));
attrUri1 = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue(uri1));
attrUri2 = new FunctionArgumentAttributeValue(DataTypes.DT_ANYURI.createAttributeValue(uri2));
attrInteger = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(1234));
} catch (Exception e) {
fail("creating attributes e=" + e);
}
FunctionDefinitionRegexpMatch<?> fd = (FunctionDefinitionRegexpMatch<?>)StdFunctions.FD_ANYURI_REGEXP_MATCH;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_ANYURI_REGEXP_MATCH, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrUri1);
ExpressionResult res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
Boolean resValue = (Boolean)res.getValue().getValue();
assertEquals(true, resValue);
// no match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrUri2);
res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
resValue = (Boolean)res.getValue().getValue();
assertEquals(false, resValue);
// object to match not correct type
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrInteger);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:anyURI-regexp-match Expected data type 'anyURI' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
}
@Test
public void testIpAddress() {
String regexp = new String(".*123.*");
IPAddress addr1 = null;
IPAddress addr2 = null;
try {
addr1 = IPAddress.newInstance("199.123.45.67");
addr2 = IPAddress.newInstance("12.34.67.87");
} catch (Exception e) {
fail("Unable to create IPAddresses, e=" + e);
}
FunctionArgumentAttributeValue attrRegexp = null;
FunctionArgumentAttributeValue attrAddr1 = null;
FunctionArgumentAttributeValue attrAddr2 = null;
FunctionArgumentAttributeValue attrInteger = null;
try {
attrRegexp = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(regexp));
attrAddr1 = new FunctionArgumentAttributeValue(DataTypes.DT_IPADDRESS.createAttributeValue(addr1));
attrAddr2 = new FunctionArgumentAttributeValue(DataTypes.DT_IPADDRESS.createAttributeValue(addr2));
attrInteger = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(1234));
} catch (Exception e) {
fail("creating attributes e=" + e);
}
FunctionDefinitionRegexpMatch<?> fd = (FunctionDefinitionRegexpMatch<?>)StdFunctions.FD_IPADDRESS_REGEXP_MATCH;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_IPADDRESS_REGEXP_MATCH, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr1);
ExpressionResult res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
Boolean resValue = (Boolean)res.getValue().getValue();
assertEquals(true, resValue);
// no match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr2);
res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
resValue = (Boolean)res.getValue().getValue();
assertEquals(false, resValue);
// object to match not correct type
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrInteger);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:ipAddress-regexp-match Expected data type 'ipAddress' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
}
@Test
public void testDnsName() {
String regexp = new String("abc");
RFC2396DomainName addr1 = null;
RFC2396DomainName addr2 = null;
try {
addr1 = RFC2396DomainName.newInstance("abc");
addr2 = RFC2396DomainName.newInstance("def");
} catch (Exception e) {
fail("Unable to create DNSNames, e=" + e);
}
FunctionArgumentAttributeValue attrRegexp = null;
FunctionArgumentAttributeValue attrAddr1 = null;
FunctionArgumentAttributeValue attrAddr2 = null;
FunctionArgumentAttributeValue attrInteger = null;
try {
attrRegexp = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(regexp));
attrAddr1 = new FunctionArgumentAttributeValue(DataTypes.DT_DNSNAME.createAttributeValue(addr1));
attrAddr2 = new FunctionArgumentAttributeValue(DataTypes.DT_DNSNAME.createAttributeValue(addr2));
attrInteger = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(1234));
} catch (Exception e) {
fail("creating attributes e=" + e);
}
FunctionDefinitionRegexpMatch<?> fd = (FunctionDefinitionRegexpMatch<?>)StdFunctions.FD_DNSNAME_REGEXP_MATCH;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_DNSNAME_REGEXP_MATCH, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr1);
ExpressionResult res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
Boolean resValue = (Boolean)res.getValue().getValue();
assertEquals(true, resValue);
// no match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr2);
res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
resValue = (Boolean)res.getValue().getValue();
assertEquals(false, resValue);
// object to match not correct type
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrInteger);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:dnsName-regexp-match Expected data type 'dnsName' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
}
@Test
public void testRfc822Name() {
String regexp = new String(".*abc.*");
RFC822Name addr1 = null;
RFC822Name addr2 = null;
try {
addr1 = RFC822Name.newInstance("abc@somewhere");
addr2 = RFC822Name.newInstance("def@somewhere");
} catch (Exception e) {
fail("Unable to create RFC822Names, e=" + e);
}
FunctionArgumentAttributeValue attrRegexp = null;
FunctionArgumentAttributeValue attrAddr1 = null;
FunctionArgumentAttributeValue attrAddr2 = null;
FunctionArgumentAttributeValue attrInteger = null;
try {
attrRegexp = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(regexp));
attrAddr1 = new FunctionArgumentAttributeValue(
DataTypes.DT_RFC822NAME
.createAttributeValue(addr1));
attrAddr2 = new FunctionArgumentAttributeValue(
DataTypes.DT_RFC822NAME
.createAttributeValue(addr2));
attrInteger = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(1234));
} catch (Exception e) {
fail("creating attributes e=" + e);
}
FunctionDefinitionRegexpMatch<?> fd = (FunctionDefinitionRegexpMatch<?>)StdFunctions.FD_RFC822NAME_REGEXP_MATCH;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_RFC822NAME_REGEXP_MATCH, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr1);
ExpressionResult res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
Boolean resValue = (Boolean)res.getValue().getValue();
assertEquals(true, resValue);
// no match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr2);
res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
resValue = (Boolean)res.getValue().getValue();
assertEquals(false, resValue);
// object to match not correct type
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrInteger);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:rfc822Name-regexp-match Expected data type 'rfc822Name' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
}
@Test
public void testX500Name() {
String regexp = new String(".*Duke.*");
X500Principal addr1 = null;
X500Principal addr2 = null;
try {
addr1 = new X500Principal("CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US");
addr2 = new X500Principal("CN=Policy Engine, OU=Research, O=ATT, C=US");
} catch (Exception e) {
fail("Unable to create X500Name, e=" + e);
}
FunctionArgumentAttributeValue attrRegexp = null;
FunctionArgumentAttributeValue attrAddr1 = null;
FunctionArgumentAttributeValue attrAddr2 = null;
FunctionArgumentAttributeValue attrInteger = null;
try {
attrRegexp = new FunctionArgumentAttributeValue(DataTypes.DT_STRING.createAttributeValue(regexp));
attrAddr1 = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(addr1));
attrAddr2 = new FunctionArgumentAttributeValue(DataTypes.DT_X500NAME.createAttributeValue(addr2));
attrInteger = new FunctionArgumentAttributeValue(DataTypes.DT_INTEGER.createAttributeValue(1234));
} catch (Exception e) {
fail("creating attributes e=" + e);
}
FunctionDefinitionRegexpMatch<?> fd = (FunctionDefinitionRegexpMatch<?>)StdFunctions.FD_X500NAME_REGEXP_MATCH;
// check identity and type of the thing created
assertEquals(XACML3.ID_FUNCTION_X500NAME_REGEXP_MATCH, fd.getId());
assertEquals(DataTypes.DT_BOOLEAN.getId(), fd.getDataTypeId());
// just to be safe... If tests take too long these can probably be eliminated
assertFalse(fd.returnsBag());
// match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr1);
ExpressionResult res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
Boolean resValue = (Boolean)res.getValue().getValue();
assertEquals(true, resValue);
// no match
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrAddr2);
res = fd.evaluate(null, arguments);
assertTrue(res.isOk());
assertEquals(Boolean.class, res.getValue().getValue().getClass());
resValue = (Boolean)res.getValue().getValue();
assertEquals(false, resValue);
// object to match not correct type
arguments.clear();
arguments.add(attrRegexp);
arguments.add(attrInteger);
res = fd.evaluate(null, arguments);
assertFalse(res.isOk());
assertEquals("function:x500Name-regexp-match Expected data type 'x500Name' saw 'integer'", res
.getStatus().getStatusMessage());
assertEquals("urn:oasis:names:tc:xacml:1.0:status:processing-error", res.getStatus().getStatusCode()
.getStatusCodeValue().stringValue());
}
}