From d76ee008a7724a68a84090d252c2ab5b085f41c8 Mon Sep 17 00:00:00 2001
From: Ryan Liang <jiallian@amazon.com>
Date: Mon, 2 Oct 2023 12:33:55 -0700
Subject: [PATCH] Add AuthTokenUtilsTest

Signed-off-by: Ryan Liang <jiallian@amazon.com>
---
 .../authtoken/jwt/AuthTokenUtilsTest.java     | 67 +++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 src/test/java/org/opensearch/security/authtoken/jwt/AuthTokenUtilsTest.java

diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/AuthTokenUtilsTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/AuthTokenUtilsTest.java
new file mode 100644
index 0000000000..34486ce847
--- /dev/null
+++ b/src/test/java/org/opensearch/security/authtoken/jwt/AuthTokenUtilsTest.java
@@ -0,0 +1,67 @@
+package org.opensearch.security.authtoken.jwt;
+
+import org.opensearch.common.settings.Settings;
+import org.opensearch.core.xcontent.NamedXContentRegistry;
+import org.opensearch.rest.RestRequest;
+import org.opensearch.security.util.AuthTokenUtils;
+import org.opensearch.test.rest.FakeRestRequest;
+import org.junit.Test;
+
+import java.util.Collections;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+public class AuthTokenUtilsTest {
+
+    @Test
+    public void testIsAccessToRestrictedEndpointsForOnBehalfOfToken() {
+        NamedXContentRegistry namedXContentRegistry = new NamedXContentRegistry(Collections.emptyList());
+
+        FakeRestRequest request = new FakeRestRequest.Builder(namedXContentRegistry).withPath("/api/generateonbehalfoftoken")
+            .withMethod(RestRequest.Method.POST)
+            .build();
+
+        assertTrue(AuthTokenUtils.isAccessToRestrictedEndpoints(request, "api/generateonbehalfoftoken"));
+    }
+
+    @Test
+    public void testIsAccessToRestrictedEndpointsForAccount() {
+        NamedXContentRegistry namedXContentRegistry = new NamedXContentRegistry(Collections.emptyList());
+
+        FakeRestRequest request = new FakeRestRequest.Builder(namedXContentRegistry).withPath("/api/account")
+            .withMethod(RestRequest.Method.PUT)
+            .build();
+
+        assertTrue(AuthTokenUtils.isAccessToRestrictedEndpoints(request, "api/account"));
+    }
+
+    @Test
+    public void testIsAccessToRestrictedEndpointsFalseCase() {
+        NamedXContentRegistry namedXContentRegistry = new NamedXContentRegistry(Collections.emptyList());
+
+        FakeRestRequest request = new FakeRestRequest.Builder(namedXContentRegistry).withPath("/api/someotherendpoint")
+            .withMethod(RestRequest.Method.GET)
+            .build();
+
+        assertFalse(AuthTokenUtils.isAccessToRestrictedEndpoints(request, "api/someotherendpoint"));
+    }
+
+    @Test
+    public void testIsKeyNullWithNullValue() {
+        Settings settings = Settings.builder().put("someKey", (String) null).build();
+        assertTrue(AuthTokenUtils.isKeyNull(settings, "someKey"));
+    }
+
+    @Test
+    public void testIsKeyNullWithNonNullValue() {
+        Settings settings = Settings.builder().put("someKey", "value").build();
+        assertFalse(AuthTokenUtils.isKeyNull(settings, "someKey"));
+    }
+
+    @Test
+    public void testIsKeyNullWithAbsentKey() {
+        Settings settings = Settings.builder().build();
+        assertTrue(AuthTokenUtils.isKeyNull(settings, "absentKey"));
+    }
+}