resource/csdk/security/unittest/aclresourcetest.cpp

   1 //******************************************************************
   2 //
   3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
   4 //
   5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
   6 //
   7 // Licensed under the Apache License, Version 2.0 (the "License");
   8 // you may not use this file except in compliance with the License.
   9 // You may obtain a copy of the License at
  10 //
  11 //      http://www.apache.org/licenses/LICENSE-2.0
  12 //
  13 // Unless required by applicable law or agreed to in writing, software
  14 // distributed under the License is distributed on an "AS IS" BASIS,
  15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 // See the License for the specific language governing permissions and
  17 // limitations under the License.
  18 //
  19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  20
  21 #include "gtest/gtest.h"
  22 #include <pwd.h>
  23 #include <grp.h>
  24 #include <linux/limits.h>
  25 #include <sys/stat.h>
  26 #include "ocstack.h"
  27 #include "ocpayload.h"
  28 #include "oic_malloc.h"
  29 #include "oic_string.h"
  30 #include "cJSON.h"
  31 #include "cainterface.h"
  32 #include "secureresourcemanager.h"
  33 #include "securevirtualresourcetypes.h"
  34 #include "srmresourcestrings.h"
  35 #include "aclresource.h"
  36 #include "srmtestcommon.h"
  37 #include "srmutility.h"
  38 #include "logger.h"
  39
  40 using namespace std;
  41
  42 #define TAG  PCF("SRM-ACL-UT")
  43
  44 #ifdef __cplusplus
  45 extern "C" {
  46 #endif
  47
  48 extern char * BinToAclJSON(const OicSecAcl_t * acl);
  49 extern OicSecAcl_t * JSONToAclBin(const char * jsonStr);
  50 extern void DeleteACLList(OicSecAcl_t* acl);
  51 OCStackResult  GetDefaultACL(OicSecAcl_t** defaultAcl);
  52 OCEntityHandlerResult ACLEntityHandler (OCEntityHandlerFlag flag,
  53                                         OCEntityHandlerRequest * ehRequest);
  54 #ifdef __cplusplus
  55 }
  56 #endif
  57
  58 const char* JSON_FILE_NAME = "oic_unittest.json";
  59 const char* DEFAULT_ACL_JSON_FILE_NAME = "oic_unittest_default_acl.json";
  60 const char* ACL1_JSON_FILE_NAME = "oic_unittest_acl1.json";
  61
  62 #define NUM_ACE_FOR_WILDCARD_IN_ACL1_JSON (2)
  63
  64 // JSON Marshalling Tests
  65 TEST(ACLResourceTest, JSONMarshallingTests)
  66 {
  67     char *jsonStr1 = ReadFile(ACL1_JSON_FILE_NAME);
  68     if (jsonStr1)
  69     {
  70         cJSON_Minify(jsonStr1);
  71         /* Workaround : cJSON_Minify does not remove all the unwanted characters
  72          from the end. Here is an attempt to remove those characters */
  73         int len = strlen(jsonStr1);
  74         while (len > 0)
  75         {
  76             if (jsonStr1[--len] == '}')
  77             {
  78                 break;
  79             }
  80         }
  81         jsonStr1[len + 1] = 0;
  82
  83         OicSecAcl_t * acl = JSONToAclBin(jsonStr1);
  84         EXPECT_TRUE(NULL != acl);
  85
  86         char * jsonStr2 = BinToAclJSON(acl);
  87         EXPECT_TRUE(NULL != jsonStr2);
  88
  89         EXPECT_STREQ(jsonStr1, jsonStr2);
  90
  91         OICFree(jsonStr1);
  92         OICFree(jsonStr2);
  93         DeleteACLList(acl);
  94     }
  95 }
  96
  97 // Default ACL tests
  98 TEST(ACLResourceTest, GetDefaultACLTests)
  99 {
 100     // Read default ACL from the file
 101     char *jsonStr = ReadFile(DEFAULT_ACL_JSON_FILE_NAME);
 102     if (jsonStr)
 103     {
 104         OicSecAcl_t * acl = JSONToAclBin(jsonStr);
 105         EXPECT_TRUE(NULL != acl);
 106
 107         // Invoke API to generate default ACL
 108         OicSecAcl_t * defaultAcl = NULL;
 109         OCStackResult ret = GetDefaultACL(&defaultAcl);
 110         EXPECT_TRUE(NULL == defaultAcl);
 111
 112         EXPECT_TRUE(OC_STACK_ERROR == ret);
 113
 114         // Verify if the SRM generated default ACL matches with unit test default
 115         if (acl && defaultAcl)
 116         {
 117             EXPECT_TRUE(memcmp(&(acl->subject), &(defaultAcl->subject), sizeof(OicUuid_t)) == 0);
 118             EXPECT_EQ(acl->resourcesLen, defaultAcl->resourcesLen);
 119             for (size_t i = 0; i < acl->resourcesLen; i++)
 120             {
 121                 EXPECT_EQ(strlen(acl->resources[i]), strlen(defaultAcl->resources[i]));
 122                 EXPECT_TRUE(
 123                         memcmp(acl->resources[i], defaultAcl->resources[i],
 124                                 strlen(acl->resources[i])) == 0);
 125             }
 126             EXPECT_EQ(acl->permission, defaultAcl->permission);
 127         }
 128
 129         // Perform cleanup
 130         DeleteACLList(acl);
 131         DeleteACLList(defaultAcl);
 132         OICFree(jsonStr);
 133     }
 134 }
 135
 136
 137 // 'POST' ACL tests
 138 TEST(ACLResourceTest, ACLPostTest)
 139 {
 140     OCEntityHandlerRequest ehReq =  OCEntityHandlerRequest();
 141
 142     // Read an ACL from the file
 143     char *jsonStr = ReadFile(ACL1_JSON_FILE_NAME);
 144     if (jsonStr)
 145     {
 146         static OCPersistentStorage ps = OCPersistentStorage();
 147
 148         SetPersistentHandler(&ps, true);
 149
 150         // Create Entity Handler POST request payload
 151         ehReq.method = OC_REST_POST;
 152         ehReq.payload = (OCPayload*)OCSecurityPayloadCreate(jsonStr);
 153
 154         OCEntityHandlerResult ehRet = ACLEntityHandler(OC_REQUEST_FLAG, &ehReq);
 155         EXPECT_TRUE(OC_EH_ERROR == ehRet);
 156
 157         // Convert JSON into OicSecAcl_t for verification
 158         OicSecAcl_t * acl = JSONToAclBin(jsonStr);
 159         EXPECT_TRUE(NULL != acl);
 160
 161         // Verify if SRM contains ACL for the subject
 162         OicSecAcl_t* savePtr = NULL;
 163         const OicSecAcl_t* subjectAcl = GetACLResourceData(&(acl->subject), &savePtr);
 164         EXPECT_TRUE(NULL != subjectAcl);
 165
 166         // Perform cleanup
 167         DeleteACLList(acl);
 168         DeInitACLResource();
 169         OCPayloadDestroy(ehReq.payload);
 170         OICFree(jsonStr);
 171     }
 172 }
 173
 174
 175 // GetACLResource tests
 176 TEST(ACLResourceTest, GetACLResourceTests)
 177 {
 178     // gAcl is a pointer to the the global ACL used by SRM
 179     extern OicSecAcl_t  *gAcl;
 180
 181     // Read an ACL from the file
 182     char *jsonStr = ReadFile(ACL1_JSON_FILE_NAME);
 183     if (jsonStr)
 184     {
 185         gAcl = JSONToAclBin(jsonStr);
 186         EXPECT_TRUE(NULL != gAcl);
 187
 188         // Verify that ACL file contains 2 ACE entries for 'WILDCARD' subject
 189         const OicSecAcl_t* acl = NULL;
 190         OicSecAcl_t* savePtr = NULL;
 191         OicUuid_t subject = WILDCARD_SUBJECT_ID;
 192         int count = 0;
 193
 194         do
 195         {
 196             acl = GetACLResourceData(&subject, &savePtr);
 197             count = (NULL != acl) ? count + 1 : count;
 198         } while (acl != NULL);
 199
 200         EXPECT_EQ(count, NUM_ACE_FOR_WILDCARD_IN_ACL1_JSON);
 201
 202         /* Perform cleanup */
 203         DeleteACLList(gAcl);
 204         gAcl = NULL;
 205         OICFree(jsonStr);
 206     }
 207 }
 208 //'DELETE' ACL test
 209 TEST(ACLResourceTest, ACLDeleteWithSingleResourceTest)
 210 {
 211     OCEntityHandlerRequest ehReq = OCEntityHandlerRequest();
 212     static OCPersistentStorage ps = OCPersistentStorage();
 213     char *jsonStr = NULL;
 214     OicSecAcl_t acl = OicSecAcl_t();
 215     OicSecAcl_t* savePtr = NULL;
 216     const OicSecAcl_t* subjectAcl1 = NULL;
 217     const OicSecAcl_t* subjectAcl2 = NULL;
 218     OCEntityHandlerResult ehRet = OC_EH_ERROR;
 219     char query[] = "sub=MjIyMjIyMjIyMjIyMjIyMg==;rsrc=/a/led";
 220
 221     SetPersistentHandler(&ps, true);
 222
 223     //ACE to POST
 224     memcpy(acl.subject.id, "2222222222222222", sizeof(acl.subject.id));
 225     acl.resourcesLen = 1;
 226     acl.resources = (char**)OICCalloc(acl.resourcesLen, sizeof(char*));
 227     VERIFY_NON_NULL(TAG, acl.resources, ERROR);
 228     acl.resources[0] = (char*)OICMalloc(strlen("/a/led")+1);
 229     VERIFY_NON_NULL(TAG, acl.resources[0], ERROR);
 230     OICStrcpy(acl.resources[0], sizeof(acl.resources[0]), "/a/led");
 231     acl.permission = 6;
 232     acl.ownersLen = 1;
 233     acl.owners = (OicUuid_t*)OICCalloc(acl.ownersLen, sizeof(OicUuid_t));
 234     VERIFY_NON_NULL(TAG, acl.owners, ERROR);
 235     memcpy(acl.owners->id, "1111111111111111", sizeof(acl.owners->id));
 236
 237     //GET json POST payload
 238     jsonStr = BinToAclJSON(&acl);
 239     VERIFY_NON_NULL(TAG, jsonStr, ERROR);
 240
 241     // Create Entity Handler POST request payload
 242     ehReq.method = OC_REST_POST;
 243     ehReq.payload = (OCPayload*)OCSecurityPayloadCreate(jsonStr);
 244     ehRet = ACLEntityHandler(OC_REQUEST_FLAG, &ehReq);
 245     EXPECT_TRUE(OC_EH_ERROR == ehRet);
 246
 247     // Verify if SRM contains ACE for the subject
 248     savePtr = NULL;
 249     subjectAcl1 = GetACLResourceData(&acl.subject, &savePtr);
 250     EXPECT_TRUE(NULL != subjectAcl1);
 251
 252     // Create Entity Handler DELETE request
 253     ehReq.method = OC_REST_DELETE;
 254     ehReq.query = (char*)OICMalloc(strlen(query)+1);
 255     VERIFY_NON_NULL(TAG, ehReq.query, ERROR);
 256     OICStrcpy(ehReq.query, strlen(query)+1, query);
 257     ehRet = ACLEntityHandler(OC_REQUEST_FLAG, &ehReq);
 258     EXPECT_TRUE(OC_EH_ERROR == ehRet);
 259
 260     // Verify if SRM has deleted ACE for the subject
 261     savePtr = NULL;
 262     subjectAcl2 = GetACLResourceData(&acl.subject, &savePtr);
 263     EXPECT_TRUE(NULL == subjectAcl2);
 264
 265 exit:
 266     // Perform cleanup
 267     if(NULL != subjectAcl1)
 268     {
 269         DeInitACLResource();
 270     }
 271     OCPayloadDestroy(ehReq.payload);
 272     OICFree(ehReq.query);
 273     OICFree(jsonStr);
 274
 275 }
 276
 277 TEST(ACLResourceTest, ACLDeleteWithMultiResourceTest)
 278 {
 279     OCEntityHandlerRequest ehReq = OCEntityHandlerRequest();
 280     static OCPersistentStorage ps = OCPersistentStorage();
 281     OicSecAcl_t acl = OicSecAcl_t();
 282     char *jsonStr = NULL;
 283     OicSecAcl_t* savePtr = NULL;
 284     const OicSecAcl_t* subjectAcl1 = NULL;
 285     const OicSecAcl_t* subjectAcl2 = NULL;
 286     OCEntityHandlerResult ehRet = OC_EH_ERROR;
 287     char query[] = "sub=MjIyMjIyMjIyMjIyMjIyMg==;rsrc=/a/led";
 288
 289     SetPersistentHandler(&ps, true);
 290
 291     memcpy(acl.subject.id, "2222222222222222", sizeof(acl.subject.id));
 292     acl.resourcesLen = 2;
 293     acl.resources = (char**)OICCalloc(acl.resourcesLen, sizeof(char*));
 294     VERIFY_NON_NULL(TAG, acl.resources, ERROR);
 295     acl.resources[0] = (char*)OICMalloc(strlen("/a/led")+1);
 296     VERIFY_NON_NULL(TAG, acl.resources[0], ERROR);
 297     OICStrcpy(acl.resources[0], sizeof(acl.resources[0]), "/a/led");
 298     acl.resources[1] = (char*)OICMalloc(strlen("/a/fan")+1);
 299     VERIFY_NON_NULL(TAG, acl.resources[1], ERROR);
 300     OICStrcpy(acl.resources[1], sizeof(acl.resources[1]), "/a/fan");
 301     acl.permission = 6;
 302     acl.ownersLen = 1;
 303     acl.owners = (OicUuid_t*)OICCalloc(acl.ownersLen, sizeof(OicUuid_t));
 304     VERIFY_NON_NULL(TAG, acl.owners, ERROR);
 305     memcpy(acl.owners->id, "1111111111111111", sizeof(acl.owners->id));
 306
 307     jsonStr = BinToAclJSON(&acl);
 308     VERIFY_NON_NULL(TAG, jsonStr, ERROR);
 309
 310     // Create Entity Handler POST request payload
 311     ehReq.method = OC_REST_POST;
 312     ehReq.payload = (OCPayload*)OCSecurityPayloadCreate(jsonStr);
 313     ehRet = ACLEntityHandler(OC_REQUEST_FLAG, &ehReq);
 314     EXPECT_TRUE(OC_EH_ERROR == ehRet);
 315
 316     // Verify if SRM contains ACE for the subject with two resources
 317     savePtr = NULL;
 318     subjectAcl1 = GetACLResourceData(&acl.subject, &savePtr);
 319     EXPECT_TRUE(NULL != subjectAcl1);
 320     EXPECT_TRUE(subjectAcl1->resourcesLen == 2);
 321
 322     // Create Entity Handler DELETE request
 323     ehReq.method = OC_REST_DELETE;
 324     ehReq.query = (char*)OICMalloc(strlen(query)+1);
 325     VERIFY_NON_NULL(TAG, ehReq.query, ERROR);
 326     OICStrcpy(ehReq.query, strlen(query)+1, query);
 327
 328     ehRet = ACLEntityHandler(OC_REQUEST_FLAG, &ehReq);
 329     EXPECT_TRUE(OC_EH_ERROR == ehRet);
 330
 331     // Verify if SRM contains ACL for the subject but only with one resource
 332     savePtr = NULL;
 333     subjectAcl2 = GetACLResourceData(&acl.subject, &savePtr);
 334     EXPECT_TRUE(NULL != subjectAcl2);
 335     EXPECT_TRUE(subjectAcl2->resourcesLen == 1);
 336
 337 exit:
 338     // Perform cleanup
 339     if(NULL != subjectAcl1)
 340     {
 341         DeInitACLResource();
 342     }
 343     OCPayloadDestroy(ehReq.payload);
 344     OICFree(ehReq.query);
 345     OICFree(jsonStr);
 346 }
 347