From 0a3b5772f93d7e376c96859f0e79ded18d8443c4 Mon Sep 17 00:00:00 2001 From: Oscar Norman Date: Thu, 23 Nov 2023 09:22:30 +0000 Subject: [PATCH] DSS-2696: Fixing remaining failures on Jenkins --- .../rest/RestAuthorizationTest.java | 305 ------------------ .../signserver/rest/RestAuthorizedTest.java | 189 +++++++++++ .../signserver/rest/RestUnauthorizedTest.java | 163 ++++++++++ .../org/signserver/rest/RestWorkersTest.java | 124 ++----- .../signserver/testutils/ModulesTestCase.java | 46 ++- .../signserver/testutils/RestTestUtils.java | 96 ++++++ 6 files changed, 513 insertions(+), 410 deletions(-) delete mode 100644 signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizationTest.java create mode 100644 signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizedTest.java create mode 100644 signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestUnauthorizedTest.java create mode 100644 signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/RestTestUtils.java diff --git a/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizationTest.java b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizationTest.java deleted file mode 100644 index 635482682..000000000 --- a/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizationTest.java +++ /dev/null @@ -1,305 +0,0 @@ -package org.signserver.rest; - -import io.restassured.http.Method; -import io.restassured.response.Response; -import org.apache.log4j.Logger; -import org.json.simple.JSONObject; -import org.junit.Test; -import org.signserver.testutils.ModulesTestCase; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertTrue; - - -/** - * System test for testing authorization for the REST API. - * - * @version $Id$ - */ -public class RestAuthorizationTest extends ModulesTestCase { - private static final int HELLO_WORKER_ID = 80004; - private static final String HELLO_WORKER_NAME = "HelloWorker_REST"; - - private static final Logger LOG = Logger.getLogger(RestAuthorizationTest.class); - private static final ModulesTestCase mt = new ModulesTestCase(); - - private JSONObject createPostWorkerAddRequestJsonBody() { - JSONObject properties = new JSONObject(); - properties.put("NAME", HELLO_WORKER_NAME); - properties.put("TYPE", "PROCESSABLE"); - properties.put("AUTHTYPE", "NOAUTH"); - properties.put("GREETING", "Hi"); - properties.put("IMPLEMENTATION_CLASS", "org.signserver.module.sample.workers.HelloWorker"); - - JSONObject patchRequestJsonBody = new JSONObject(); - patchRequestJsonBody.put("properties", properties); - - return patchRequestJsonBody; - } - - private JSONObject createPatchWorkerEditRequestJsonBody() { - JSONObject properties = new JSONObject(); - properties.put("property1", "value1"); - properties.put("-GREETING", ""); - - JSONObject patchRequestJsonBody = new JSONObject(); - patchRequestJsonBody.put("properties", properties); - - return patchRequestJsonBody; - } - - - private JSONObject createPutWorkerReplaceRequestJsonBody() { - JSONObject properties = new JSONObject(); - properties.put("NAME", HELLO_WORKER_NAME); - properties.put("TYPE", "PROCESSABLE"); - properties.put("GREETING", "Properties Replaced!"); - properties.put("IMPLEMENTATION_CLASS", "org.signserver.module.sample.workers.HelloWorker"); - - JSONObject patchRequestJsonBody = new JSONObject(); - patchRequestJsonBody.put("properties", properties); - - return patchRequestJsonBody; - } - - /** - * Test unauthorized REST call to add worker without ID. - * - * @throws Exception in case of error - */ - @Test - public void testUnauthorizedRestPostAddWorkerWithoutID() throws Exception { - LOG.debug("testUnauthorizedRestPostAddWorkerWithoutID"); - final Response response = mt.callRest( - Method.POST, - 401, - "", - "/workers/", - createPostWorkerAddRequestJsonBody(), - mt.getUnauthorizedStore()); - - assertEquals("Check response status code is 401.", 401, response.statusCode()); - } - - /** - * Test authorized REST call to add worker without ID. - * - * @throws Exception in case of error - */ - @Test - public void testAuthorizedRestPostAddWorkerWithoutID() throws Exception { - LOG.debug("testAuthorizedRestPostAddWorkerWithoutID"); - int workerID = 0; - try { - final Response response = mt.callRest( - Method.POST, - 201, - "", - "/workers/", - createPostWorkerAddRequestJsonBody(), - mt.getAuthorizedStore()); - - workerID = getWorkerSession().getWorkerId("HelloWorker_REST"); - assertNotEquals("Check new worker created with a new worker ID", 0, workerID); - assertEquals("Check response status code 201", 201, response.statusCode()); - } finally { - removeWorker(workerID); - } - } - - /** - * Test unauthorized REST POST call to add worker by ID. - * - * @throws Exception in case of error - */ - @Test - public void testUnauthorizedRestPostAddWorkerWithID() throws Exception { - LOG.debug("testUnauthorizedRestPostAddWorkerWithID"); - try { - final Response response = mt.callRest( - Method.POST, - 401, - "", - "/workers/" + HELLO_WORKER_ID, - createPostWorkerAddRequestJsonBody(), - mt.getUnauthorizedStore()); - assertEquals("Check response status code is 401.", 401, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test authorized REST POST call to add worker by ID. - * - * @throws Exception in case of error - */ - @Test - public void testAuthorizedRestPostAddWorkerWithID() throws Exception { - LOG.debug("testAuthorizedRestPostAddWorkerWithID"); - int workerID = 0; - try { - final Response response = mt.callRest( - Method.POST, - 201, - "", - "/workers/" + HELLO_WORKER_ID, - createPostWorkerAddRequestJsonBody(), - mt.getAuthorizedStore()); - - workerID = getWorkerSession().getWorkerId("HelloWorker_REST"); - assertNotEquals("Check new worker created with a new worker ID", 0, workerID); - assertEquals("Check response status code 201", 201, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test unauthorized REST PATCH worker to update the properties. - */ - @Test - public void testUnauthorizedRestPatchWorker() throws Exception { - LOG.debug("testUnauthorizedRestPatchWorker"); - - try { - mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, createPostWorkerAddRequestJsonBody(), mt.getAuthorizedStore()); - final Response response = mt.callRest( - Method.PATCH, - 401, - "application/json", - "/workers/" + HELLO_WORKER_ID, - createPatchWorkerEditRequestJsonBody(), - mt.getUnauthorizedStore()); - - assertEquals("Check response status code 401", 401, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test authorized REST PATCH worker to update the properties. - */ - @Test - public void testAuthorizedRestPatchWorker() throws Exception { - LOG.debug("testAuthorizedRestPatchWorker"); - - try { - mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, createPostWorkerAddRequestJsonBody(), mt.getAuthorizedStore()); - final Response response = mt.callRest( - Method.PATCH, - 200, - "application/json", - "/workers/" + HELLO_WORKER_ID, - createPatchWorkerEditRequestJsonBody(), - mt.getAuthorizedStore()); - - assertEquals("value1", getWorkerSession().getCurrentWorkerConfig(HELLO_WORKER_ID).getProperties().getProperty("PROPERTY1")); - JSONObject responseJsonObject = new JSONObject(response.jsonPath().getJsonObject("$")); - assertTrue("Response contains the correct message", responseJsonObject.toString().contains("Worker properties successfully updated")); - assertEquals("Check response status code is 200.", 200, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test unauthorized REST PUT worker to replace all worker properties. - */ - @Test - public void testUnauthorizedRestPutWorker() throws Exception { - LOG.debug("testUnauthorizedRestPutWorker"); - - try { - mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, createPostWorkerAddRequestJsonBody(), mt.getAuthorizedStore()); - final Response response = mt.callRest( - Method.PUT, - 401, - "application/json", - "/workers/" + HELLO_WORKER_ID, - createPutWorkerReplaceRequestJsonBody(), - mt.getUnauthorizedStore()); - - assertEquals("Check response status code is 401.", 401, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test authorized REST PUT worker to replace all worker properties. - */ - @Test - public void testAuthorizedRestPutWorker() throws Exception { - LOG.debug("testAuthorizedRestPutWorker"); - - try { - mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, createPostWorkerAddRequestJsonBody(), mt.getAuthorizedStore()); - final Response response = mt.callRest( - Method.PUT, - 200, - "application/json", - "/workers/" + HELLO_WORKER_ID, - createPutWorkerReplaceRequestJsonBody(), - mt.getAuthorizedStore()); - - assertEquals("Properties Replaced!", getWorkerSession().getCurrentWorkerConfig(HELLO_WORKER_ID).getProperties().getProperty("GREETING")); - assertEquals(null, getWorkerSession().getCurrentWorkerConfig(HELLO_WORKER_ID).getProperties().getProperty("AUTHTYPE")); - JSONObject responseJsonObject = new JSONObject(response.jsonPath().getJsonObject("$")); - assertTrue("Response contains the correct message", responseJsonObject.toString().contains("Worker properties successfully replaced")); - assertEquals("Check response status code 200", 200, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test unauthorized REST DELETE worker. - */ - @Test - public void testUnauthorizedDeleteWorker() throws Exception { - LOG.debug("testUnauthorizedDeleteWorker"); - try { - mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, createPostWorkerAddRequestJsonBody(), mt.getAuthorizedStore()); - final Response response = mt.callRest( - Method.DELETE, - 401, - "application/json", - "/workers/" + HELLO_WORKER_ID, - new JSONObject(), - mt.getUnauthorizedStore()); - - assertEquals("Check response status code is 401.", 401, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } - - /** - * Test authorized REST DELETE worker. - */ - @Test - public void testAuthorizedDeleteWorker() throws Exception { - LOG.debug("testAuthorizedDeleteWorker"); - try { - mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, createPostWorkerAddRequestJsonBody(), mt.getAuthorizedStore()); - final Response response = mt.callRest( - Method.DELETE, - 200, - "application/json", - "/workers/" + HELLO_WORKER_ID, - new JSONObject(), - mt.getAuthorizedStore()); - - assertFalse("Check worker with the given worker name removed", getWorkerSession().getAllWorkers().contains(HELLO_WORKER_ID)); - JSONObject responseJsonObject = new JSONObject(response.jsonPath().getJsonObject("$")); - assertTrue("Response contains the correct message", responseJsonObject.toString().contains("Worker removed successfully!")); - assertEquals("Check response status code 200", 200, response.statusCode()); - } finally { - removeWorker(HELLO_WORKER_ID); - } - } -} diff --git a/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizedTest.java b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizedTest.java new file mode 100644 index 000000000..6e3f3b48e --- /dev/null +++ b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestAuthorizedTest.java @@ -0,0 +1,189 @@ +package org.signserver.rest; + +import io.restassured.http.Method; +import io.restassured.response.Response; +import org.apache.log4j.Logger; +import org.json.simple.JSONObject; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.signserver.cli.CommandLineInterface; +import org.signserver.cli.spi.UnexpectedCommandFailureException; +import org.signserver.testutils.CLITestHelper; +import org.signserver.testutils.ModulesTestCase; +import org.signserver.testutils.RestTestUtils; + +import java.io.IOException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertTrue; + + +/** + * System test for testing authorization for the REST API. + * + * @version $Id$ + */ +public class RestAuthorizedTest extends ModulesTestCase { + private static final int HELLO_WORKER_ID = 80005; + private static final String HELLO_WORKER_NAME = "HelloWorker_REST_Authorized"; + + private static final Logger LOG = Logger.getLogger(RestAuthorizedTest.class); + private static final ModulesTestCase mt = new ModulesTestCase(); + private static final CLITestHelper cli = mt.getAdminCLI(); + + private final RestTestUtils rtu = new RestTestUtils(); + + @BeforeClass + public static void setUp() throws UnexpectedCommandFailureException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { + assertEquals("", CommandLineInterface.RETURN_SUCCESS, cli.execute("wsadmins", "-allowany", String.valueOf(false))); + assertEquals("", CommandLineInterface.RETURN_SUCCESS, + cli.execute("wsadmins", "-add", "-certserialno", mt.getAdminOneSerialNumber(), + "-issuerdn", mt.getAdminOneIssuerDn())); + } + + @AfterClass + public static void tearDown() throws UnexpectedCommandFailureException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { + assertEquals("", CommandLineInterface.RETURN_SUCCESS, + cli.execute("wsadmins", "-remove", "-certserialno", mt.getAdminOneSerialNumber(), + "-issuerdn", mt.getAdminOneIssuerDn())); + assertEquals("", CommandLineInterface.RETURN_SUCCESS, + cli.execute("wsadmins", "-allowany")); + } + + + /** + * Test authorized REST call to add worker without ID. + * + * @throws Exception in case of error + */ + @Test + public void testAuthorizedRestPostAddWorkerWithoutID() throws Exception { + LOG.debug("testAuthorizedRestPostAddWorkerWithoutID"); + int workerID = 0; + try { + final Response response = mt.callRest( + Method.POST, + 201, + "", + "/workers/", + rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), + mt.getAuthorizedStore()); + + workerID = getWorkerSession().getWorkerId(HELLO_WORKER_NAME); + assertNotEquals("Check new worker created with a new worker ID", 0, workerID); + assertEquals("Check response status code 201", 201, response.statusCode()); + } finally { + removeWorker(workerID); + } + } + + /** + * Test authorized REST POST call to add worker by ID. + * + * @throws Exception in case of error + */ + @Test + public void testAuthorizedRestPostAddWorkerWithID() throws Exception { + LOG.debug("testAuthorizedRestPostAddWorkerWithID"); + int workerID = 0; + try { + final Response response = mt.callRest( + Method.POST, + 201, + "", + "/workers/" + HELLO_WORKER_ID, + rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), + mt.getAuthorizedStore()); + + workerID = getWorkerSession().getWorkerId(HELLO_WORKER_NAME); + assertNotEquals("Check new worker created with a new worker ID", 0, workerID); + assertEquals("Check response status code 201", 201, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } + + /** + * Test authorized REST PATCH worker to update the properties. + */ + @Test + public void testAuthorizedRestPatchWorker() throws Exception { + LOG.debug("testAuthorizedRestPatchWorker"); + + try { + mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), mt.getAuthorizedStore()); + final Response response = mt.callRest( + Method.PATCH, + 200, + "application/json", + "/workers/" + HELLO_WORKER_ID, + rtu.createPatchWorkerEditRequestJsonBody(), + mt.getAuthorizedStore()); + + assertEquals("value1", getWorkerSession().getCurrentWorkerConfig(HELLO_WORKER_ID).getProperties().getProperty("PROPERTY1")); + JSONObject responseJsonObject = new JSONObject(response.jsonPath().getJsonObject("$")); + assertTrue("Response contains the correct message", responseJsonObject.toString().contains("Worker properties successfully updated")); + assertEquals("Check response status code is 200.", 200, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } + + /** + * Test authorized REST PUT worker to replace all worker properties. + */ + @Test + public void testAuthorizedRestPutWorker() throws Exception { + LOG.debug("testAuthorizedRestPutWorker"); + + try { + mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), mt.getAuthorizedStore()); + final Response response = mt.callRest( + Method.PUT, + 200, + "application/json", + "/workers/" + HELLO_WORKER_ID, + rtu.createPutWorkerReplaceRequestJsonBody(HELLO_WORKER_NAME), + mt.getAuthorizedStore()); + + assertEquals("Properties Replaced!", getWorkerSession().getCurrentWorkerConfig(HELLO_WORKER_ID).getProperties().getProperty("GREETING")); + assertEquals(null, getWorkerSession().getCurrentWorkerConfig(HELLO_WORKER_ID).getProperties().getProperty("AUTHTYPE")); + JSONObject responseJsonObject = new JSONObject(response.jsonPath().getJsonObject("$")); + assertTrue("Response contains the correct message", responseJsonObject.toString().contains("Worker properties successfully replaced")); + assertEquals("Check response status code 200", 200, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } + + /** + * Test authorized REST DELETE worker. + */ + @Test + public void testAuthorizedDeleteWorker() throws Exception { + LOG.debug("testAuthorizedDeleteWorker"); + try { + mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), mt.getAuthorizedStore()); + final Response response = mt.callRest( + Method.DELETE, + 200, + "application/json", + "/workers/" + HELLO_WORKER_ID, + new JSONObject(), + mt.getAuthorizedStore()); + + assertFalse("Check worker with the given worker name removed", getWorkerSession().getAllWorkers().contains(HELLO_WORKER_ID)); + JSONObject responseJsonObject = new JSONObject(response.jsonPath().getJsonObject("$")); + assertTrue("Response contains the correct message", responseJsonObject.toString().contains("Worker removed successfully!")); + assertEquals("Check response status code 200", 200, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } +} diff --git a/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestUnauthorizedTest.java b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestUnauthorizedTest.java new file mode 100644 index 000000000..43d153122 --- /dev/null +++ b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestUnauthorizedTest.java @@ -0,0 +1,163 @@ +package org.signserver.rest; + +import io.restassured.http.Method; +import io.restassured.response.Response; +import org.apache.log4j.Logger; +import org.json.simple.JSONObject; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.signserver.cli.CommandLineInterface; +import org.signserver.cli.spi.UnexpectedCommandFailureException; +import org.signserver.testutils.CLITestHelper; +import org.signserver.testutils.ModulesTestCase; +import org.signserver.testutils.RestTestUtils; + +import java.io.IOException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import static org.junit.Assert.assertEquals; + +/** + * System test for testing not authorized calls for the REST API. + * + * @version $Id$ + */ +public class RestUnauthorizedTest extends ModulesTestCase { + private static final int HELLO_WORKER_ID = 80006; + private static final String HELLO_WORKER_NAME = "HelloWorker_REST_Unauthorized"; + + private static final Logger LOG = Logger.getLogger(RestUnauthorizedTest.class); + private static final ModulesTestCase mt = new ModulesTestCase(); + private static final CLITestHelper cli = mt.getAdminCLI(); + + private final RestTestUtils rtu = new RestTestUtils(); + + @BeforeClass + public static void setUp() throws UnexpectedCommandFailureException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { + assertEquals("", CommandLineInterface.RETURN_SUCCESS, cli.execute("wsadmins", "-allowany", String.valueOf(false))); + assertEquals("", CommandLineInterface.RETURN_SUCCESS, + cli.execute("wsadmins", "-add", "-certserialno", mt.getAdminOneSerialNumber(), + "-issuerdn", mt.getAdminOneIssuerDn())); + } + + @AfterClass + public static void tearDown() throws UnexpectedCommandFailureException, IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { + assertEquals("", CommandLineInterface.RETURN_SUCCESS, + cli.execute("wsadmins", "-remove", "-certserialno", mt.getAdminOneSerialNumber(), + "-issuerdn", mt.getAdminOneIssuerDn())); + assertEquals("", CommandLineInterface.RETURN_SUCCESS, + cli.execute("wsadmins", "-allowany")); + } + + /** + * Test unauthorized REST call to add worker without ID. + * + * @throws Exception in case of error + */ + @Test + public void testUnauthorizedRestPostAddWorkerWithoutID() throws Exception { + LOG.debug("testUnauthorizedRestPostAddWorkerWithoutID"); + final Response response = mt.callRest( + Method.POST, + 401, + "", + "/workers/", + rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), + mt.getUnauthorizedStore()); + + assertEquals("Check response status code is 401.", 401, response.statusCode()); + } + + /** + * Test unauthorized REST POST call to add worker by ID. + * + * @throws Exception in case of error + */ + @Test + public void testUnauthorizedRestPostAddWorkerWithID() throws Exception { + LOG.debug("testUnauthorizedRestPostAddWorkerWithID"); + try { + final Response response = mt.callRest( + Method.POST, + 401, + "", + "/workers/" + HELLO_WORKER_ID, + rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), + mt.getUnauthorizedStore()); + assertEquals("Check response status code is 401.", 401, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } + + /** + * Test unauthorized REST PATCH worker to update the properties. + */ + @Test + public void testUnauthorizedRestPatchWorker() throws Exception { + LOG.debug("testUnauthorizedRestPatchWorker"); + + try { + mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), mt.getAuthorizedStore()); + final Response response = mt.callRest( + Method.PATCH, + 401, + "application/json", + "/workers/" + HELLO_WORKER_ID, + rtu.createPatchWorkerEditRequestJsonBody(), + mt.getUnauthorizedStore()); + + assertEquals("Check response status code 401", 401, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } + + /** + * Test unauthorized REST PUT worker to replace all worker properties. + */ + @Test + public void testUnauthorizedRestPutWorker() throws Exception { + LOG.debug("testUnauthorizedRestPutWorker"); + + try { + mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), mt.getAuthorizedStore()); + final Response response = mt.callRest( + Method.PUT, + 401, + "application/json", + "/workers/" + HELLO_WORKER_ID, + rtu.createPutWorkerReplaceRequestJsonBody(HELLO_WORKER_NAME), + mt.getUnauthorizedStore()); + + assertEquals("Check response status code is 401.", 401, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } + + /** + * Test unauthorized REST DELETE worker. + */ + @Test + public void testUnauthorizedDeleteWorker() throws Exception { + LOG.debug("testUnauthorizedDeleteWorker"); + try { + mt.callRest(Method.POST, 201, "", "/workers/" + HELLO_WORKER_ID, rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME), mt.getAuthorizedStore()); + final Response response = mt.callRest( + Method.DELETE, + 401, + "application/json", + "/workers/" + HELLO_WORKER_ID, + new JSONObject(), + mt.getUnauthorizedStore()); + + assertEquals("Check response status code is 401.", 401, response.statusCode()); + } finally { + removeWorker(HELLO_WORKER_ID); + } + } +} diff --git a/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestWorkersTest.java b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestWorkersTest.java index f6910f9ae..b9b74d8ff 100644 --- a/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestWorkersTest.java +++ b/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/rest/RestWorkersTest.java @@ -3,22 +3,19 @@ import io.restassured.RestAssured; import io.restassured.config.SSLConfig; import io.restassured.response.Response; -import org.apache.commons.io.FileUtils; import org.apache.log4j.Logger; import org.bouncycastle.util.encoders.Base64; import org.json.simple.JSONObject; import org.junit.Before; import org.junit.Test; import org.signserver.common.InvalidWorkerIdException; -import org.signserver.common.util.PathUtil; import org.signserver.module.cmssigner.CMSSigner; import org.signserver.module.cmssigner.PlainSigner; import org.signserver.module.pdfsigner.PDFSigner; import org.signserver.testutils.ModulesTestCase; +import org.signserver.testutils.RestTestUtils; -import java.io.File; import java.io.FileNotFoundException; -import java.io.IOException; import static io.restassured.RestAssured.given; import static io.restassured.http.ContentType.JSON; @@ -35,6 +32,7 @@ public class RestWorkersTest extends ModulesTestCase { private String baseURL; private String baseHttpsURL; + private final RestTestUtils rtu = new RestTestUtils(); private static final int PDFSIGNER_WORKER_ID = 80001; private static final String PDFSIGNER_WORKER_NAME = "PDFSigner_REST"; private static final int CMSSIGNER_WORKER_ID = 80002; @@ -57,84 +55,6 @@ public void setUp() throws FileNotFoundException { .trustStore(moduleTestCase.getSignServerHome().getAbsolutePath() + "/p12/truststore.jks", "changeit")); } - /** - * Generate a test Json Object with sample data, metaData in it. - */ - private JSONObject createPostProcessRequestJsonBody() { - JSONObject metaData = new JSONObject(); - metaData.put("name1", "value1"); - metaData.put("name2", "value2"); - - JSONObject postRequestJsonBody = new JSONObject(); - postRequestJsonBody.put("metaData", metaData); - postRequestJsonBody.put("data", "Sample Text!"); - - return postRequestJsonBody; - } - - private JSONObject createPostWorkerAddRequestJsonBody() { - JSONObject properties = new JSONObject(); - properties.put("NAME", HELLO_WORKER_NAME); - properties.put("TYPE", "PROCESSABLE"); - properties.put("AUTHTYPE", "NOAUTH"); - properties.put("GREETING", "Hi"); - properties.put("IMPLEMENTATION_CLASS", "org.signserver.module.sample.workers.HelloWorker"); - - JSONObject patchRequestJsonBody = new JSONObject(); - patchRequestJsonBody.put("properties", properties); - - return patchRequestJsonBody; - } - - private JSONObject createPatchWorkerEditRequestJsonBody() { - JSONObject properties = new JSONObject(); - properties.put("property1", "value1"); - properties.put("-GREETING", ""); - - JSONObject patchRequestJsonBody = new JSONObject(); - patchRequestJsonBody.put("properties", properties); - - return patchRequestJsonBody; - } - - - private JSONObject createPutWorkerReplaceRequestJsonBody() { - JSONObject properties = new JSONObject(); - properties.put("NAME", HELLO_WORKER_NAME); - properties.put("TYPE", "PROCESSABLE"); - properties.put("GREETING", "Properties Replaced!"); - properties.put("IMPLEMENTATION_CLASS", "org.signserver.module.sample.workers.HelloWorker"); - - JSONObject patchRequestJsonBody = new JSONObject(); - patchRequestJsonBody.put("properties", properties); - - return patchRequestJsonBody; - } - - /** - * Generate a test Json Object from a sample PDF file, metaData and encoding base64 in it. - * - * @throws IOException in case of error - */ - private JSONObject createPostRequestJsonBodyPDF() throws IOException { - - File home; - home = PathUtil.getAppHome(); - File samplePdf = new File(home, "res/test/pdf/sample.pdf"); - String base64DataString = Base64.toBase64String(FileUtils.readFileToByteArray(samplePdf)); - - JSONObject metaData = new JSONObject(); - metaData.put("name1", "value1"); - metaData.put("name2", "value2"); - - JSONObject postRequestJsonBody = new JSONObject(); - postRequestJsonBody.put("encoding", "BASE64"); - postRequestJsonBody.put("metaData", metaData); - postRequestJsonBody.put("data", base64DataString); - - return postRequestJsonBody; - } - /** * Test REST POST workers process by worker name, signing data string with CMSSigner. * @@ -149,7 +69,7 @@ public void testRestPostWorkersCMSSignerProcess() throws Exception { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostProcessRequestJsonBody()) + .body(rtu.createPostProcessRequestJsonBody()) .when() .post(baseURL + "/workers/" + CMSSIGNER_WORKER_NAME + "/process") .then() @@ -180,7 +100,7 @@ public void testRestPostWorkersPlainSignerProcess() throws Exception { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostProcessRequestJsonBody()) + .body(rtu.createPostProcessRequestJsonBody()) .when() .post(baseURL + "/workers/" + PLAINSIGNER_WORKER_NAME + "/process") .then() @@ -212,7 +132,7 @@ public void testRestPostWorkersPDFSignerProcess() throws Exception { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostRequestJsonBodyPDF()) + .body(rtu.createPostRequestJsonBodyPDF()) .when() .post(baseURL + "/workers/" + PDFSIGNER_WORKER_ID + "/process") .then() @@ -317,7 +237,7 @@ public void testRestNoSuchWorkerExceptionStatusCode() { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostProcessRequestJsonBody()) + .body(rtu.createPostProcessRequestJsonBody()) .when() .post(baseURL + "/workers/" + "nosuchworker101" + "/process") .then() @@ -342,7 +262,7 @@ public void testRestCryptoTokenOfflineExceptionStatusCode() throws Exception { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostProcessRequestJsonBody()) + .body(rtu.createPostProcessRequestJsonBody()) .when() .post(baseURL + "/workers/" + CMSSIGNER_WORKER_NAME + "/process") .then() @@ -401,7 +321,7 @@ public void testInternalServerExceptionStatusCode() throws Exception { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostProcessRequestJsonBody()) + .body(rtu.createPostProcessRequestJsonBody()) .when() .post(baseURL + "/workers/" + CMSSIGNER_WORKER_NAME + "/process") .then() @@ -431,7 +351,7 @@ public void testRestRequestFailedExceptionStatusCode() throws Exception { Response response = given() .contentType(JSON) .accept(JSON) - .body(createPostProcessRequestJsonBody()) + .body(rtu.createPostProcessRequestJsonBody()) .when() .post(baseURL + "/workers/" + CMSSIGNER_WORKER_ID + "/process") .then() @@ -460,7 +380,7 @@ public void testRestPostAddWorkerWithID() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -515,7 +435,7 @@ public void testRestPostWorkerExistsExceptionStatusCode() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -527,7 +447,7 @@ public void testRestPostWorkerExistsExceptionStatusCode() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -586,7 +506,7 @@ public void testRestPostAddWorkerWithoutID() throws InvalidWorkerIdException { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers") .then() @@ -613,7 +533,7 @@ public void testRestPatchWorker() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -628,7 +548,7 @@ public void testRestPatchWorker() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPatchWorkerEditRequestJsonBody()) + .body(rtu.createPatchWorkerEditRequestJsonBody()) .when() .patch(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -658,7 +578,7 @@ public void testRestPatchWorkerIllegalRequestExceptionStatusCode() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -700,7 +620,7 @@ public void testRestPatchWorkerNoSuchWorkerExceptionStatusCode() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPutWorkerReplaceRequestJsonBody()) + .body(rtu.createPutWorkerReplaceRequestJsonBody(HELLO_WORKER_NAME)) .when() .patch(baseHttpsURL + "/workers/" + dummyWorkerID) .then() @@ -758,7 +678,7 @@ public void testRestPutWorker() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -775,7 +695,7 @@ public void testRestPutWorker() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPutWorkerReplaceRequestJsonBody()) + .body(rtu.createPutWorkerReplaceRequestJsonBody(HELLO_WORKER_NAME)) .when() .put(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -806,7 +726,7 @@ public void testRestPutWorkerIllegalRequestExceptionStatusCode() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() @@ -848,7 +768,7 @@ public void testRestPutWorkerNoSuchWorkerExceptionStatusCode() { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPutWorkerReplaceRequestJsonBody()) + .body(rtu.createPutWorkerReplaceRequestJsonBody(HELLO_WORKER_NAME)) .when() .put(baseHttpsURL + "/workers/" + dummyWorkerID) .then() @@ -905,7 +825,7 @@ public void testRestDeleteWorker() throws InvalidWorkerIdException { .relaxedHTTPSValidation() .contentType(JSON) .accept(JSON) - .body(createPostWorkerAddRequestJsonBody()) + .body(rtu.createPostWorkerAddRequestJsonBody(HELLO_WORKER_NAME)) .when() .post(baseHttpsURL + "/workers/" + HELLO_WORKER_ID) .then() diff --git a/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/ModulesTestCase.java b/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/ModulesTestCase.java index 6129b8acb..600ccbab6 100644 --- a/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/ModulesTestCase.java +++ b/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/ModulesTestCase.java @@ -27,12 +27,14 @@ import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyManagementException; +import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Enumeration; import java.util.Locale; @@ -934,9 +936,10 @@ public String getSignServerBaseURL() { public Response callRest(final Method method, final int statusCode, final String responseContentType, final String call, final JSONObject body) { - final String baseURL = getSignServerBaseURL() + "/rest/v1"; + final String baseURL = "https://" + getHTTPHost() + ":" + getPrivateHTTPSPort() + "/signserver/rest/v1"; final Response response = given() + .header("X-Keyfactor-Requested-With", "1") .contentType(JSON) .accept(JSON) .body(body) @@ -964,9 +967,10 @@ public Response callRest(final Method method, final int statusCode, public Response callRest(final Method method, final int statusCode, final String responseContentType, final String call, final JSONObject body, Map storeInfo) { - final String baseURL = getSignServerBaseURL() + "/rest/v1"; + final String baseURL = "https://" + getHTTPHost() + ":" + getPrivateHTTPSPort() + "/signserver/rest/v1"; final Response response = given() + .header("X-Keyfactor-Requested-With", "1") .config(new RestAssuredConfig().sslConfig(new SSLConfig() .keyStore(storeInfo.get("keyStorePath"), storeInfo.get("keyStorePassword")) .trustStore(storeInfo.get("trustStorePath"), storeInfo.get("trustStorePassword")))) @@ -1100,13 +1104,49 @@ public HashMap getAuthorizedStore() throws Exception { */ public HashMap getUnauthorizedStore() throws Exception { HashMap ret = new HashMap<>(); - ret.put("keyStorePath", getSignServerHome().getAbsolutePath() + "/res/test/dss10/dss10_signer1.p12"); + ret.put("keyStorePath", getSignServerHome().getAbsolutePath() + "/res/test/dss10/dss11_signer6.p12"); ret.put("keyStorePassword", "foo123"); ret.put("trustStorePath", getSignServerHome().getAbsolutePath() + "/p12/truststore.jks"); ret.put("trustStorePassword", "changeit"); return ret; } + /** + * This method will return the serial number for certificate identified by 'Admin One' inside the dss10_admin1.p12 keystore. + * @return Serial number for certificate 'Admin One' + * @throws KeyStoreException + * @throws IOException + * @throws CertificateException + * @throws NoSuchAlgorithmException + */ + public String getAdminOneSerialNumber() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + KeyStore keyStore = KeyStore.getInstance("pkcs12"); + try (InputStream input = new FileInputStream(getSignServerHome().getAbsolutePath() + "/res/test/dss10/dss10_admin1.p12")) { + keyStore.load(input, "foo123".toCharArray()); + } + X509Certificate certFromKeyStore = (X509Certificate) keyStore.getCertificate("Admin One"); + + return certFromKeyStore.getSerialNumber().toString(16); + } + + /** + * This method will return the issuer DN for certificate identified by 'Admin One' inside the dss10_admin1.p12 keystore. + * @return Issuer DN for certificate 'Admin One' + * @throws KeyStoreException + * @throws IOException + * @throws CertificateException + * @throws NoSuchAlgorithmException + */ + public String getAdminOneIssuerDn() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + KeyStore keyStore = KeyStore.getInstance("pkcs12"); + try (InputStream input = new FileInputStream(getSignServerHome().getAbsolutePath() + "/res/test/dss10/dss10_admin1.p12")) { + keyStore.load(input, "foo123".toCharArray()); + } + X509Certificate certFromKeyStore = (X509Certificate) keyStore.getCertificate("Admin One"); + + return certFromKeyStore.getIssuerDN().getName(); + } + /** * Is OS running this test-Windows?. */ diff --git a/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/RestTestUtils.java b/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/RestTestUtils.java new file mode 100644 index 000000000..b7818355e --- /dev/null +++ b/signserver/modules/SignServer-Test-Utils/src/main/java/org/signserver/testutils/RestTestUtils.java @@ -0,0 +1,96 @@ +package org.signserver.testutils; + +import org.apache.commons.io.FileUtils; +import org.bouncycastle.util.encoders.Base64; +import org.json.simple.JSONObject; +import org.signserver.common.util.PathUtil; + +import java.io.File; +import java.io.IOException; + +/** + * Class containing utility methods used to simplify REST api testing. + * + * @version $Id$ + */ +public class RestTestUtils { + + /** + * Generate a test Json Object with sample data, metaData in it. + */ + public JSONObject createPostProcessRequestJsonBody() { + JSONObject metaData = new JSONObject(); + metaData.put("name1", "value1"); + metaData.put("name2", "value2"); + + JSONObject postRequestJsonBody = new JSONObject(); + postRequestJsonBody.put("metaData", metaData); + postRequestJsonBody.put("data", "Sample Text!"); + + return postRequestJsonBody; + } + + public JSONObject createPostWorkerAddRequestJsonBody(final String workerName) { + JSONObject properties = new JSONObject(); + properties.put("NAME", workerName); + properties.put("TYPE", "PROCESSABLE"); + properties.put("AUTHTYPE", "NOAUTH"); + properties.put("GREETING", "Hi"); + properties.put("IMPLEMENTATION_CLASS", "org.signserver.module.sample.workers.HelloWorker"); + + JSONObject patchRequestJsonBody = new JSONObject(); + patchRequestJsonBody.put("properties", properties); + + return patchRequestJsonBody; + } + + public JSONObject createPatchWorkerEditRequestJsonBody() { + JSONObject properties = new JSONObject(); + properties.put("property1", "value1"); + properties.put("-GREETING", ""); + + JSONObject patchRequestJsonBody = new JSONObject(); + patchRequestJsonBody.put("properties", properties); + + return patchRequestJsonBody; + } + + + public JSONObject createPutWorkerReplaceRequestJsonBody(final String workerName) { + JSONObject properties = new JSONObject(); + properties.put("NAME", workerName); + properties.put("TYPE", "PROCESSABLE"); + properties.put("GREETING", "Properties Replaced!"); + properties.put("IMPLEMENTATION_CLASS", "org.signserver.module.sample.workers.HelloWorker"); + + JSONObject patchRequestJsonBody = new JSONObject(); + patchRequestJsonBody.put("properties", properties); + + return patchRequestJsonBody; + } + + /** + * Generate a test Json Object from a sample PDF file, metaData and encoding base64 in it. + * + * @throws IOException in case of error + */ + public JSONObject createPostRequestJsonBodyPDF() throws IOException { + + File home; + home = PathUtil.getAppHome(); + File samplePdf = new File(home, "res/test/pdf/sample.pdf"); + String base64DataString = Base64.toBase64String(FileUtils.readFileToByteArray(samplePdf)); + + JSONObject metaData = new JSONObject(); + metaData.put("name1", "value1"); + metaData.put("name2", "value2"); + + JSONObject postRequestJsonBody = new JSONObject(); + postRequestJsonBody.put("encoding", "BASE64"); + postRequestJsonBody.put("metaData", metaData); + postRequestJsonBody.put("data", base64DataString); + + return postRequestJsonBody; + } + +}