diff options
Diffstat (limited to 'jdisc-security-filters/src/test/java/com/yahoo')
7 files changed, 29 insertions, 60 deletions
diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java index 752f1026f3d..f7a2e41dae4 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzAuthorizationFilterTest.java @@ -9,6 +9,7 @@ import com.yahoo.jdisc.Metric; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.security.athenz.AthenzAuthorizationFilterConfig.EnabledCredentials; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; import com.yahoo.security.SubjectAlternativeName; @@ -267,14 +268,11 @@ public class AthenzAuthorizationFilterTest { } private static DiscFilterRequest createRequest(ZToken roleToken, AthenzAccessToken accessToken, X509Certificate clientCert) { - DiscFilterRequest request = mock(DiscFilterRequest.class); - when(request.getHeader(HEADER_NAME)).thenReturn(roleToken != null ? roleToken.getRawToken() : null); - when(request.getHeader(AthenzAccessToken.HTTP_HEADER_NAME)).thenReturn(accessToken != null ? "Bearer " + accessToken.value() : null); - when(request.getMethod()).thenReturn("GET"); - when(request.getRequestURI()).thenReturn("/my/path"); - when(request.getQueryString()).thenReturn(null); - when(request.getClientCertificateChain()).thenReturn(clientCert != null ? List.of(clientCert) : List.of()); - return request; + var builder = FilterTestUtils.newRequestBuilder().withUri("https://localhost/my/path"); + if (roleToken != null) builder.withHeader(HEADER_NAME, roleToken.getRawToken()); + if (accessToken != null) builder.withHeader(AthenzAccessToken.HTTP_HEADER_NAME, accessToken.value()); + if (clientCert != null) builder.withClientCertificate(clientCert); + return builder.build(); } private static AthenzAuthorizationFilter createFilter(Zpe zpe, List<EnabledCredentials.Enum> enabledCredentials) { @@ -298,7 +296,7 @@ public class AthenzAuthorizationFilterTest { } private static void assertAuthorizationResult(DiscFilterRequest request, Type expectedResult) { - verify(request).setAttribute(RESULT_ATTRIBUTE, expectedResult.name()); + assertEquals(expectedResult.name(), request.getAttribute(RESULT_ATTRIBUTE)); } private static void assertStatusCode(MockResponseHandler responseHandler, int statusCode) { @@ -308,7 +306,7 @@ public class AthenzAuthorizationFilterTest { } private static void assertMatchedCredentialType(DiscFilterRequest request, EnabledCredentials.Enum expectedType) { - verify(request).setAttribute(MATCHED_CREDENTIAL_TYPE_ATTRIBUTE, expectedType.name()); + assertEquals(expectedType.name(), request.getAttribute(MATCHED_CREDENTIAL_TYPE_ATTRIBUTE)); } private static void assertRequestNotFiltered(MockResponseHandler responseHandler) { @@ -316,7 +314,7 @@ public class AthenzAuthorizationFilterTest { } private static void assertMatchedRole(DiscFilterRequest request, AthenzRole role) { - verify(request).setAttribute(MATCHED_ROLE_ATTRIBUTE, role.roleName()); + assertEquals(role.roleName(), request.getAttribute(MATCHED_ROLE_ATTRIBUTE)); } private static void assertErrorMessage(MockResponseHandler responseHandler, String errorMessage) { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java index 0b04993a723..6ee589c1908 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/athenz/AthenzPrincipalFilterTest.java @@ -6,6 +6,7 @@ import com.yahoo.jdisc.handler.ContentChannel; import com.yahoo.jdisc.handler.ReadableContentChannel; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; @@ -28,16 +29,11 @@ import java.util.Objects; import static com.yahoo.jdisc.Response.Status.UNAUTHORIZED; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; -import static java.util.Collections.emptyList; -import static java.util.Collections.singletonList; import static java.util.stream.Collectors.joining; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; /** * @author bjorncs @@ -49,8 +45,7 @@ public class AthenzPrincipalFilterTest { @Test void missing_certificate_is_unauthorized() { - DiscFilterRequest request = createRequestMock(); - when(request.getClientCertificateChain()).thenReturn(emptyList()); + DiscFilterRequest request = FilterTestUtils.newRequestBuilder().build(); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -62,8 +57,7 @@ public class AthenzPrincipalFilterTest { @Test void certificate_is_accepted() { - DiscFilterRequest request = createRequestMock(); - when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE)); + DiscFilterRequest request = FilterTestUtils.newRequestBuilder().withClientCertificate(CERTIFICATE).build(); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -75,15 +69,14 @@ public class AthenzPrincipalFilterTest { } private void assertAuthenticated(DiscFilterRequest request, AthenzPrincipal expectedPrincipal) { - verify(request).setUserPrincipal(expectedPrincipal); - verify(request).setAttribute(AthenzPrincipalFilter.RESULT_PRINCIPAL, expectedPrincipal); + assertEquals(expectedPrincipal, request.getUserPrincipal()); + assertEquals(expectedPrincipal, request.getAttribute(AthenzPrincipalFilter.RESULT_PRINCIPAL)); } @Test void no_response_produced_when_passthrough_mode_is_enabled() { - DiscFilterRequest request = createRequestMock(); - when(request.getClientCertificateChain()).thenReturn(emptyList()); + DiscFilterRequest request = FilterTestUtils.newRequestBuilder().build(); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -93,10 +86,6 @@ public class AthenzPrincipalFilterTest { assertNull(responseHandler.response); } - private DiscFilterRequest createRequestMock() { - return mock(DiscFilterRequest.class); - } - private AthenzPrincipalFilter createFilter(boolean passthroughModeEnabled) { return new AthenzPrincipalFilter(passthroughModeEnabled); } @@ -105,7 +94,7 @@ public class AthenzPrincipalFilterTest { assertNotNull(responseHandler.response); assertEquals(UNAUTHORIZED, responseHandler.response.getStatus()); assertTrue(responseHandler.getResponseContent().contains(expectedMessageSubstring)); - verify(request).setAttribute(AthenzPrincipalFilter.RESULT_ERROR_CODE_ATTRIBUTE, UNAUTHORIZED); + assertEquals(UNAUTHORIZED, request.getAttribute(AthenzPrincipalFilter.RESULT_ERROR_CODE_ATTRIBUTE)); } private static class ResponseHandlerMock implements ResponseHandler { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/base/JsonSecurityRequestFilterBaseTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/base/JsonSecurityRequestFilterBaseTest.java index 34db051aa28..fe530ed90cb 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/base/JsonSecurityRequestFilterBaseTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/base/JsonSecurityRequestFilterBaseTest.java @@ -6,6 +6,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.yahoo.container.jdisc.RequestHandlerTestDriver; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import org.junit.jupiter.api.Test; import java.io.IOException; @@ -13,7 +14,6 @@ import java.util.Optional; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.mockito.Mockito.mock; /** * @author bjorncs @@ -26,7 +26,7 @@ public class JsonSecurityRequestFilterBaseTest { void filter_renders_errors_as_json() throws IOException { int statusCode = 403; String message = "Forbidden"; - DiscFilterRequest request = mock(DiscFilterRequest.class); + DiscFilterRequest request = FilterTestUtils.newRequestBuilder().build(); SimpleSecurityRequestFilter filter = new SimpleSecurityRequestFilter(new JsonSecurityRequestFilterBase.ErrorResponse(statusCode, message)); RequestHandlerTestDriver.MockResponseHandler responseHandler = new RequestHandlerTestDriver.MockResponseHandler(); diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java index 7ba050b7cc0..576b04e23b6 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cors/CorsPreflightRequestFilterTest.java @@ -8,6 +8,7 @@ import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; import com.yahoo.jdisc.http.filter.security.cors.CorsFilterConfig.Builder; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import org.junit.jupiter.api.Test; import java.util.Arrays; @@ -19,7 +20,6 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertNull; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; /** @@ -70,10 +70,7 @@ public class CorsPreflightRequestFilterTest { } private static DiscFilterRequest newOptionsRequest(String origin) { - DiscFilterRequest request = mock(DiscFilterRequest.class); - when(request.getHeader("Origin")).thenReturn(origin); - when(request.getMethod()).thenReturn(OPTIONS.name()); - return request; + return FilterTestUtils.newRequestBuilder().withHeader("Origin", origin).withMethod(OPTIONS).build(); } private static CorsPreflightRequestFilter newRequestFilter(String... allowedOriginUrls) { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilterTest.java index aaf6ebf1aee..5b9f143a72b 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/LocalhostFilterTest.java @@ -4,14 +4,11 @@ package com.yahoo.jdisc.http.filter.security.misc; import com.yahoo.container.jdisc.RequestHandlerTestDriver; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; - -import java.net.URI; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; -import static org.mockito.Mockito.when; /** * @author mpolden @@ -34,12 +31,10 @@ public class LocalhostFilterTest { } private static DiscFilterRequest createRequest(String remoteAddr, String localAddr) { - DiscFilterRequest request = Mockito.mock(DiscFilterRequest.class); - when(request.getRemoteAddr()).thenReturn(remoteAddr); - when(request.getLocalAddr()).thenReturn(localAddr); - when(request.getMethod()).thenReturn("GET"); - when(request.getUri()).thenReturn(URI.create("http://localhost:8080/")); - return request; + return FilterTestUtils.newRequestBuilder() + .withUri("http://%s:8080/".formatted(localAddr)) + .withRemoteAddress(remoteAddr, 12345) + .build(); } private static void assertUnauthorized(DiscFilterRequest request) { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/VespaTlsFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/VespaTlsFilterTest.java index 95bc1f92572..2dd243618c9 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/VespaTlsFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/misc/VespaTlsFilterTest.java @@ -5,16 +5,15 @@ package com.yahoo.jdisc.http.filter.security.misc; import com.yahoo.container.jdisc.RequestHandlerTestDriver; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; import com.yahoo.security.SignatureAlgorithm; import com.yahoo.security.X509CertificateBuilder; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; import javax.security.auth.x500.X500Principal; import java.math.BigInteger; -import java.net.URI; import java.security.cert.X509Certificate; import java.time.Instant; import java.time.temporal.ChronoUnit; @@ -23,7 +22,6 @@ import java.util.List; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; -import static org.mockito.Mockito.when; public class VespaTlsFilterTest { @@ -43,11 +41,7 @@ public class VespaTlsFilterTest { } private static DiscFilterRequest createRequest(List<X509Certificate> certChain) { - DiscFilterRequest request = Mockito.mock(DiscFilterRequest.class); - when(request.getClientCertificateChain()).thenReturn(certChain); - when(request.getMethod()).thenReturn("GET"); - when(request.getUri()).thenReturn(URI.create("http://localhost:8080/")); - return request; + return FilterTestUtils.newRequestBuilder().withClientCertificate(certChain).withUri("http://localhost:8080/").build(); } private static void assertForbidden(DiscFilterRequest request) { diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java index 4ad593efe82..c4a78a2d962 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/rule/RuleBasedRequestFilterTest.java @@ -8,13 +8,13 @@ import com.yahoo.container.jdisc.RequestHandlerTestDriver.MockResponseHandler; import com.yahoo.jdisc.Metric; import com.yahoo.jdisc.Response; import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.util.FilterTestUtils; import com.yahoo.vespa.config.jdisc.http.filter.RuleBasedFilterConfig; import com.yahoo.vespa.config.jdisc.http.filter.RuleBasedFilterConfig.DefaultRule; import com.yahoo.vespa.config.jdisc.http.filter.RuleBasedFilterConfig.Rule; import org.junit.jupiter.api.Test; import java.io.IOException; -import java.net.URI; import java.util.List; import java.util.Set; @@ -25,7 +25,6 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; /** * @author bjorncs @@ -218,10 +217,7 @@ class RuleBasedRequestFilterTest { } private static DiscFilterRequest request(String method, String uri) { - DiscFilterRequest request = mock(DiscFilterRequest.class); - when(request.getMethod()).thenReturn(method); - when(request.getUri()).thenReturn(URI.create(uri)); - return request; + return FilterTestUtils.newRequestBuilder().withMethod(method).withUri(uri).build(); } private static void assertAllowed(MockResponseHandler handler, Metric metric) { |