add tests for dataset reference

neicnordic · Nov 26, 2024 · 823880a · 823880a
1 parent 9a1c554
commit 823880a
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 21 deletions.
diff --git a/docker-compose-posix-outbox.yml b/docker-compose-posix-outbox.yml
@@ -3,12 +3,12 @@ version: '3.3'
 services:
 
   db:
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.23-postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.120-postgres
     ports:
       - 5432:5432
     environment:
-      - DB_LEGA_IN_PASSWORD=password
-      - DB_LEGA_OUT_PASSWORD=password
+      - LEGA_IN_PASSWORD=rootpasswd
+      - LEGA_OUT_PASSWORD=rootpasswd
       - POSTGRES_SERVER_CERT=/etc/ega/pg.cert
       - POSTGRES_SERVER_KEY=/etc/ega/pg.key
       - POSTGRES_SERVER_CACERT=/etc/ega/CA.cert

diff --git a/docker-compose-s3-outbox.yml b/docker-compose-s3-outbox.yml
@@ -3,12 +3,12 @@ version: '3.3'
 services:
 
   db:
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.47-postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.120-postgres
     ports:
       - 5432:5432
     environment:
-      - DB_LEGA_IN_PASSWORD=password
-      - DB_LEGA_OUT_PASSWORD=password
+      - LEGA_IN_PASSWORD=password
+      - LEGA_OUT_PASSWORD=password
       - POSTGRES_SERVER_CERT=/etc/ega/pg.cert
       - POSTGRES_SERVER_KEY=/etc/ega/pg.key
       - POSTGRES_SERVER_CACERT=/etc/ega/CA.cert

diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -9,34 +9,36 @@ logging:
 rest.enabled: ${REST_ENABLED:true}
 
 server.ssl:
-  enabled: ${SSL_ENABLED:true}
+  enabled: ${SSL_ENABLED:false}
   key-store-type: PKCS12
   key-store: file:${KEYSTORE_PATH:/etc/ega/ssl/server.cert}
   key-store-password: ${KEYSTORE_PASSWORD}
 
 spring.rabbitmq:
-  host: ${BROKER_HOST:private-mq}
+  host: ${BROKER_HOST:129.177.177.134}
   port: ${BROKER_PORT:5671}
   virtual-host: ${BROKER_VHOST:sda}
   username: ${BROKER_USERNAME:admin}
   password: ${BROKER_PASSWORD:guest}
   ssl:
     enabled: true
     algorithm: TLSv1.2
-    validate-server-certificate: ${BROKER_VALIDATE:true}
+    validate-server-certificate: ${BROKER_VALIDATE:false}
     trust-store-type: PKCS12
     key-store-type: PKCS12
 
 outbox:
   enabled: ${OUTBOX_ENABLED:true}
   type: ${OUTBOX_TYPE:POSIX}
   queue: ${OUTBOX_QUEUE:exportRequests}
-  location: ${OUTBOX_LOCATION:/ega/outbox/p11-%s/files/}
+  location: ${OUTBOX_LOCATION:%s/files/}
 
 spring:
   datasource:
-    url: jdbc:postgresql://${DB_INSTANCE:db}:${DB_PORT:5432}/${POSTGRES_DB:sda}?sslmode=${SSL_MODE:verify-full}&sslrootcert=${ROOT_CERT_PATH:/etc/ega/ssl/CA.cert}&sslcert=${CERT_PATH:/etc/ega/ssl/client.cert}&sslkey=${CERT_KEY:/etc/ega/ssl/client.key}
-    username: ${POSTGRES_USER:postgres}
+#    url: jdbc:postgresql://${DB_INSTANCE:129.177.177.134}:${DB_PORT:5432}/${POSTGRES_DB:sda}?sslmode=${SSL_MODE:verify-ca}&sslrootcert=${ROOT_CERT_PATH:test/rootCA.pem}&sslcert=${CERT_PATH:test/localhost.pem}&sslkey=${CERT_KEY:test/localhost-client-key.der}
+    url: jdbc:postgresql://${DB_INSTANCE:129.177.177.134}:${DB_PORT:5432}/${POSTGRES_DB:sda}
+
+    username: ${POSTGRES_USER:lega_out}
     password: ${POSTGRES_PASSWORD:rootpasswd}
     driver-class-name: org.postgresql.Driver
   jpa:
@@ -55,13 +57,13 @@ s3:
   root-ca: ${S3_ROOT_CERT_PATH:/etc/ssl/certs/ca-certificates.crt}
 
 s3.out:
-  endpoint: ${S3_OUT_ENDPOINT:outbox}
-  port: ${S3_OUT_PORT:443}
+  endpoint: ${S3_OUT_ENDPOINT:129.177.177.134}
+  port: ${S3_OUT_PORT:9000}
   access-key: ${S3_OUT_ACCESS_KEY:minio}
   secret-key: ${S3_OUT_SECRET_KEY:miniostorage}
   region: ${S3_OUT_REGION:us-west-1}
   bucket: ${S3_OUT_BUCKET:lega}
-  secure: ${S3_OUT_SECURE:true}
+  secure: ${S3_OUT_SECURE:false}
   root-ca: ${S3_OUT_ROOT_CERT_PATH:/etc/ssl/certs/ca-certificates.crt}
 
 archive:
@@ -72,14 +74,14 @@ ga4gh:
     # First, the public key is checked. If present, it's used for validating the token and openid-configuration-url is not used.
     public-key-path: ${PASSPORT_PUBLIC_KEY_PATH:/etc/ega/jwt/passport.pem}
     # If public key is absent, then openid-configuration-url is used to query JWK and fetch the public key.
-    openid-configuration-url: ${OPENID_CONFIGURATION_URL:https://login.elixir-czech.org/oidc/.well-known/openid-configuration}
+    openid-configuration-url: ${OPENID_CONFIGURATION_URL:http://129.177.177.134:8000/openid-configuration}
     # /userinfo endpoint URL for handling opaque access tokens
-    userinfo-endpoint-url: ${USERINFO_ENDPOINT_URL:https://login.elixir-czech.org/oidc/userinfo}
+    userinfo-endpoint-url: ${USERINFO_ENDPOINT_URL:http://129.177.177.134:8000/userinfo}
   visa:
     # First, the public key is checked. If present, it's used for validating the token. Otherwise, JKU is used instead (entry in the header).
     public-key-path: ${VISA_PUBLIC_KEY_PATH:/etc/ega/jwt/visa.pem}
 
 
 crypt4gh:
-  private-key-path: ${CRYPT4GH_PRIVATE_KEY_PATH:/etc/ega/crypt4gh/key.pem}
-  private-key-password-path: ${CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH:/etc/ega/crypt4gh/key.pass}
+  private-key-path: ${CRYPT4GH_PRIVATE_KEY_PATH:test/crypt4gh.sec.pem}
+  private-key-password-path: ${CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH:test/crypt4gh.pass}
diff --git a/src/test/java/no/uio/ifi/localega/doa/LocalEGADOAApplicationTests.java b/src/test/java/no/uio/ifi/localega/doa/LocalEGADOAApplicationTests.java
@@ -78,6 +78,9 @@ public static void setup() {
 
         PreparedStatement dataset_event_released = connection.prepareStatement(prepareInsertQueryDatasetEvent("EGAD00010000919", "released", "release"));
         dataset_event_released.executeUpdate();
+
+        PreparedStatement datasetReferenceInsert = connection.prepareStatement("INSERT INTO sda.dataset_references(dataset_id, reference_id, reference_scheme) values('1', 'GDI-NO-10001','GDI');");
+        datasetReferenceInsert.executeUpdate();
         connection.close();
 
         JSONArray tokens = Unirest.get("http://localhost:8000/tokens").asJson().getBody().getArray();
@@ -272,6 +275,38 @@ void testS3ExportRequestDatasetValidToken() {
         }
     }
 
+    @SneakyThrows
+    @Test
+    void testS3ExportRequestReferenceValidToken() {
+        if (System.getenv("OUTBOX_TYPE").equals("POSIX")) {
+            Assertions.assertTrue(true);
+            return;
+        }
+        export("GDI-NO-10001", true);
+        PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray());
+        try (InputStream byteArrayInputStream = getMinioClient().getObject(GetObjectArgs.builder().bucket("lega").object("[email protected]/body.enc").build());
+             Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) {
+            byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream);
+            Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes));
+        }
+    }
+
+    @SneakyThrows
+    @Test
+    void testPOSIXExportRequestReferenceValidToken() {
+        if (System.getenv("OUTBOX_TYPE").equals("S3")) {
+            Assertions.assertTrue(true);
+            return;
+        }
+        export("GDI-NO-10001", true);
+        PrivateKey privateKey = KeyUtils.getInstance().readPrivateKey(new File("test/my.sec.pem"), "passw0rd".toCharArray());
+        try (InputStream byteArrayInputStream = new FileInputStream("[email protected]/files/body.enc");
+             Crypt4GHInputStream crypt4GHInputStream = new Crypt4GHInputStream(byteArrayInputStream, privateKey)) {
+            byte[] bytes = IOUtils.toByteArray(crypt4GHInputStream);
+            Assertions.assertEquals("2aef808fb42fa7b1ba76cb16644773f9902a3fdc2569e8fdc049f38280c4577e", DigestUtils.sha256Hex(bytes));
+        }
+    }
+
     @SneakyThrows
     void export(String id, boolean dataset) {
         String mqConnectionString = "amqps://admin:guest@localhost:5671/sda";

diff --git a/test/mock_auth.py b/test/mock_auth.py
@@ -102,6 +102,20 @@ def generate_token():
         "exp": 99999999999,
         "jti": "9fa600d6-4148-47c1-b708-36c4ba2e980e"
     }
+    passport_dataset_gdi = {
+        "iss": "http://129.177.177.134:8000/",
+        "sub": "[email protected]",
+        "ga4gh_visa_v1": {
+            "type": "ControlledAccessGrants",
+            "value": "https://www.ebi.ac.uk/ega/GDI-NO-10001",
+            "source": "https://ga4gh.org/duri/no_org",
+            "by": "dac",
+            "asserted": 1568699331
+        },
+        "iat": 1571144438,
+        "exp": 99999999999,
+        "jti": "2b322848-506b-492c-914f-47f9da967cdd"
+    }
     public_jwk = jwk.dumps(public_key, kty='RSA')
     private_jwk = jwk.dumps(pem, kty='RSA')
     dataset_encoded = jwt.encode(header, dataset_payload, private_jwk).decode('utf-8')
@@ -110,8 +124,9 @@ def generate_token():
     passport_status_encoded = jwt.encode(header, passport_status, private_jwk).decode('utf-8')
     passport_dataset1_encoded = jwt.encode(header, passport_dataset1, private_jwk).decode('utf-8')
     passport_dataset2_encoded = jwt.encode(header, passport_dataset2, private_jwk).decode('utf-8')
+    passport_dataset_gdi_encoded = jwt.encode(header, passport_dataset_gdi, private_jwk).decode('utf-8')
     return (public_jwk, dataset_encoded, empty_encoded, passport_terms_encoded, passport_status_encoded,
-            passport_dataset1_encoded, passport_dataset2_encoded)
+            passport_dataset1_encoded, passport_dataset2_encoded, passport_dataset_gdi_encoded)
 
 
 DATA = generate_token()
@@ -143,7 +158,8 @@ async def userinfo(request):
                 DATA[3],
                 DATA[4],
                 DATA[5],
-                DATA[6]
+                DATA[6],
+                DATA[7]
             ]
         }
     return web.json_response(data)