/**
* This method tests the ACL check without ActiveACL, it needs to guarantee the following
* invariant.
*
* <p>The invariant of ACL is:
*
* <p>When the whitelist of a field Y.F exists, then a GUID X can read Y.F if and only if X
* belongs to the whitelist of Y.F
*
* <p>When the whitelist of a field Y.F does not exist, then any GUID X can read Y.F
*
* @throws IOException
* @throws InterruptedException
*/
@Test
public void test_01_checkWithoutActiveACL() throws IOException, InterruptedException {
System.out.println(">>>>>>>>>> Test without ActiveACL >>>>>>>>>>");
String response1 = null;
try {
response1 = client.fieldRead(entries[0].getGuid(), someField, entries[2]);
} catch (Exception e1) {
}
assertEquals(response1, someValue);
String response2 = null;
System.out.println("GUID_1 reads the field GUID_0_FIELD of GUID_0");
try {
response2 = client.fieldRead(entries[0].getGuid(), someField, entries[1]);
fail(
"GUID_1 should not be able to access to the field GUID_0_FIELD and see the response :\""
+ response2
+ "\"");
} catch (Exception e) {
}
}
/**
* This method tests the ACL check with ActiveACL, it needs to guarantee the following invariant.
*
* <p>The invariant of ACL is:
*
* <p>A GUID X can read Y.F if and only if X satisfies the condition defined by Y
*
* <p>Let A be the access GUID, L is the whitelist of Y.F, C is the code of Y We are going to test
* the following cases:
*
* <p>A is in L, and C allows A to access F, then A should be able to access F
*
* <p>A is in L, and C does not allow A to access F, then A should not be able to access F
*
* <p>A is not in L, and C allow F to access F, then A should be able to access F
*
* @throws Exception
*/
@Test
public void test_02_checkWithActiveACL() throws Exception {
System.out.println(">>>>>>>>>> Test with ActiveACL >>>>>>>>>>");
/** Prepare code and set up whitelist */
client.aclAdd(AclAccessType.READ_WHITELIST, entries[0], someField, entries[1].getGuid());
String allowed_code =
new String(Files.readAllBytes(Paths.get("scripts/activeCode/aclAllowAccess.js")));
String unallowed_code =
new String(Files.readAllBytes(Paths.get("scripts/activeCode/aclNotAllowAccess.js")));
allowed_code =
allowed_code
.replace("//replace with guid", "\"" + entries[1].getGuid() + "\"")
.replace("//replace with public key", "\"" + entries[1].getPublicKeyString() + "\"");
unallowed_code =
unallowed_code.replace("//replace with guid", "\"" + entries[2].getGuid() + "\"");
System.out.println("The allowed code is:\n" + allowed_code);
System.out.println("The unallowed code is:\n" + unallowed_code);
/*
JSONArray list = client.aclGet(AclAccessType.READ_WHITELIST, entries[0], someField, entries[0].getGuid());
System.out.println("The whitelist of the field contains the following guids:");
for (int i=0; i<list.length(); i++){
System.out.println(list.get(i));
}
System.out.println("The public key of GUID_1 is "+entries[1].getPublicKeyString());
*/
client.activeCodeSet(entries[0].getGuid(), ActiveCode.ON_READ, allowed_code, entries[0]);
/** Test 1: A is in L, and C allows A to access F, then A should be able to access F */
String response1 = client.fieldRead(entries[0].getGuid(), someField, entries[1]);
assertEquals(response1, someValue);
/**
* Test 2: A is in L, and C does not allow A to access F, then A should not be able to access F
*/
// First, update the code
client.activeCodeSet(entries[0].getGuid(), ActiveCode.ON_READ, unallowed_code, entries[0]);
try {
String response2 = client.fieldRead(entries[0].getGuid(), someField, entries[2]);
fail(
"GUID_1 should not be able to access to the field GUID_0_FIELD and see the response :\""
+ response2
+ "\"");
} catch (Exception e) {
}
/** Test 3:A is not in L, and C allow F to access F, then A should be able to access F */
// First, remove GUID_1 from the whitelist
client.activeCodeSet(entries[0].getGuid(), ActiveCode.ON_READ, allowed_code, entries[0]);
client.aclRemove(AclAccessType.READ_WHITELIST, entries[0], someField, entries[1].getGuid());
Thread.sleep(1000);
String response3 = client.fieldRead(entries[0].getGuid(), someField, entries[1]);
assertEquals(response3, someValue);
}