Revision 7674
Added by Jing Tao about 11 years ago
| test/edu/ucsb/nceas/metacat/dataone/SolrQueryAccessFilterTest.java | ||
|---|---|---|
| 4 | 4 |
import java.io.File; |
| 5 | 5 |
import java.io.FileInputStream; |
| 6 | 6 |
import java.io.InputStream; |
| 7 |
import java.security.cert.X509Certificate; |
|
| 7 | 8 |
import java.util.ArrayList; |
| 8 | 9 |
import java.util.List; |
| 9 | 10 |
|
| ... | ... | |
| 17 | 18 |
import junit.framework.Test; |
| 18 | 19 |
import junit.framework.TestSuite; |
| 19 | 20 |
|
| 21 |
import org.apache.http.HttpResponse; |
|
| 22 |
import org.dataone.client.D1RestClient; |
|
| 20 | 23 |
import org.dataone.client.ObjectFormatCache; |
| 24 |
import org.dataone.client.RestClient; |
|
| 25 |
import org.dataone.client.auth.CertificateManager; |
|
| 21 | 26 |
import org.dataone.configuration.Settings; |
| 22 | 27 |
import org.dataone.service.types.v1.AccessPolicy; |
| 23 | 28 |
import org.dataone.service.types.v1.AccessRule; |
| ... | ... | |
| 49 | 54 |
private static final String QUERYUSER = "CN=ben leinfelder A756,O=Google,C=US,DC=cilogon,DC=org"; |
| 50 | 55 |
private static final String GROUP1 = "CN=PISCO-data-managers,DC=cilogon,DC=org"; |
| 51 | 56 |
private static final String GROUP2 = "CN=dataone-coredev,DC=cilogon,DC=org"; |
| 57 |
private static final String USERWITHCERT = "CN=Jing Tao,OU=NCEAS,O=UCSB,ST=California,C=US"; |
|
| 52 | 58 |
private static final String EMLFILE = "test/restfiles/knb-lter-gce.109.6.xml"; |
| 59 |
private static final String INTRUSTCERTFILE = "test/test-credentials/ecp.pem"; |
|
| 53 | 60 |
private static final String IDXPATH = "//response/result/doc/str[@name='id']/text()"; |
| 54 | 61 |
|
| 55 | 62 |
/** |
| ... | ... | |
| 59 | 66 |
public static Test suite() {
|
| 60 | 67 |
|
| 61 | 68 |
TestSuite suite = new TestSuite(); |
| 62 |
suite.addTest(new SolrQueryAccessFilterTest("testPublicReadable"));
|
|
| 63 |
suite.addTest(new SolrQueryAccessFilterTest("testOnlyUserReadable"));
|
|
| 64 |
suite.addTest(new SolrQueryAccessFilterTest("testGroupReadable"));
|
|
| 65 |
suite.addTest(new SolrQueryAccessFilterTest("testOnlyRightHolderReadable"));
|
|
| 69 |
//suite.addTest(new SolrQueryAccessFilterTest("testPublicReadable"));
|
|
| 70 |
//suite.addTest(new SolrQueryAccessFilterTest("testOnlyUserReadable"));
|
|
| 71 |
//suite.addTest(new SolrQueryAccessFilterTest("testGroupReadable"));
|
|
| 72 |
//suite.addTest(new SolrQueryAccessFilterTest("testOnlyRightHolderReadable"));
|
|
| 73 |
suite.addTest(new SolrQueryAccessFilterTest("testDistrustCertificate"));
|
|
| 66 | 74 |
|
| 67 | 75 |
return suite; |
| 68 | 76 |
|
| ... | ... | |
| 189 | 197 |
archive(session, id); |
| 190 | 198 |
} |
| 191 | 199 |
|
| 200 |
/** |
|
| 201 |
* Test a user with a distrusted certificate. |
|
| 202 |
* @throws Exception |
|
| 203 |
*/ |
|
| 204 |
public void testDistrustCertificate() throws Exception {
|
|
| 205 |
//create a object only be readable by the USERWITHCERT |
|
| 206 |
Session session = getSession(CREATEUSER, null); |
|
| 207 |
Identifier id = generateIdentifier(); |
|
| 208 |
String[] allowUsers = {USERWITHCERT};
|
|
| 209 |
File object = new File(EMLFILE); |
|
| 210 |
SystemMetadata sysmeta = generateSystemMetadata(id, session.getSubject(), object , allowUsers); |
|
| 211 |
createObject(session, id, object, sysmeta); |
|
| 212 |
Thread.sleep(10000); |
|
| 213 |
|
|
| 214 |
//use faking session, the user can query the document |
|
| 215 |
//Session querySession = getSession(USERWITHCERT, null); |
|
| 216 |
//String resultId = query(querySession, id); |
|
| 217 |
//assertTrue("In the testGroupReadable method, the query result id should be "+id.getValue(), id.getValue().equals(resultId));
|
|
| 218 |
|
|
| 219 |
//Use the libclient without the session, the user shouldn't query the document since its certificate is distrusted and it will be considered as the public. |
|
| 220 |
CertificateManager.getInstance().setCertificateLocation(INTRUSTCERTFILE); |
|
| 221 |
//InputStream input = MNodeService.getInstance(request).query(SOLR, generateQuery(id.getValue())); |
|
| 222 |
D1RestClient client = new D1RestClient(); |
|
| 223 |
String url = "https://chico1.dyndns.org/knb/d1/mn/v1/query/solr/"+generateQuery(id.getValue()); |
|
| 224 |
System.out.println("url is \n"+url);
|
|
| 225 |
InputStream response = client.doGetRequest(url); |
|
| 226 |
String resultId = extractId(response); |
|
| 227 |
System.out.println("The id is "+resultId);
|
|
| 228 |
|
|
| 229 |
archive(session, id); |
|
| 230 |
|
|
| 231 |
} |
|
| 232 |
|
|
| 192 | 233 |
/* |
| 193 | 234 |
* constructs a "fake" session with the specified subject and groups. |
| 194 | 235 |
* If groups is not null, the session will have a subjectinfo which contains the person with the subject and is the member of the groups. |
| ... | ... | |
| 316 | 357 |
String query = "q=id:"+id+"&fl=id,title"; |
| 317 | 358 |
return query; |
| 318 | 359 |
} |
| 360 |
|
|
| 361 |
/* |
|
| 362 |
* Generate a solr query url for the RestClient |
|
| 363 |
*/ |
|
| 364 |
private String generateQueryURL(String id) {
|
|
| 365 |
String url = ""; |
|
| 366 |
return url; |
|
| 367 |
} |
|
| 319 | 368 |
} |
Also available in: Unified diff
Add the code to test the user with a distrusted certificate.