summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/main/java/org/onap/clamp/clds/util/CryptoUtils.java2
-rw-r--r--src/main/java/org/onap/clamp/clds/util/XmlTools.java8
-rw-r--r--src/main/java/org/onap/clamp/util/PrincipalUtils.java6
-rw-r--r--src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java2
-rw-r--r--src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java1
-rw-r--r--src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java2
-rw-r--r--src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java48
-rw-r--r--src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java7
-rw-r--r--src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java3
9 files changed, 69 insertions, 10 deletions
diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
index f08bf7b2..85aae0a5 100644
--- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
+++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
@@ -162,7 +162,7 @@ public final class CryptoUtils {
private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
Properties props = new Properties();
try {
- //Workaround fix to make encryption key configurable
+ // Workaround fix to make encryption key configurable
// System environment variable takes precedence for over clds/key.properties
String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
if(encryptionKey != null && encryptionKey.trim().length() > 0) {
diff --git a/src/main/java/org/onap/clamp/clds/util/XmlTools.java b/src/main/java/org/onap/clamp/clds/util/XmlTools.java
index a812fa12..a7d4ed9f 100644
--- a/src/main/java/org/onap/clamp/clds/util/XmlTools.java
+++ b/src/main/java/org/onap/clamp/clds/util/XmlTools.java
@@ -24,6 +24,7 @@
package org.onap.clamp.clds.util;
import java.io.StringWriter;
+import javax.xml.XMLConstants;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
@@ -39,6 +40,12 @@ import org.w3c.dom.Document;
public class XmlTools {
/**
+ * Private constructor to avoid creating instances of util class.
+ */
+ private XmlTools(){
+ }
+
+ /**
* Transforms document to XML string.
*
* @param doc XML document
@@ -47,6 +54,7 @@ public class XmlTools {
public static String exportXmlDocumentAsString(Document doc) {
try {
TransformerFactory tf = TransformerFactory.newInstance();
+ tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
Transformer transformer = tf.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
StringWriter writer = new StringWriter();
diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java
index d6b20f30..d6dfacbd 100644
--- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java
+++ b/src/main/java/org/onap/clamp/util/PrincipalUtils.java
@@ -38,6 +38,12 @@ public class PrincipalUtils {
private static SecurityContext securityContext = SecurityContextHolder.getContext();
/**
+ * Private constructor to avoid creating instances of util class.
+ */
+ private PrincipalUtils(){
+ }
+
+ /**
* Get the Full name.
*
* @return The user name
diff --git a/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java
index 5d891035..1dbea376 100644
--- a/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java
+++ b/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java
@@ -25,8 +25,6 @@ package org.onap.clamp.clds.it;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import javax.ws.rs.core.Response;
-
import org.junit.Test;
import org.junit.runner.RunWith;
import org.onap.clamp.clds.model.CldsHealthCheck;
diff --git a/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java
index 347de4a7..faeb0418 100644
--- a/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java
+++ b/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java
@@ -149,6 +149,7 @@ public class CldsServiceItCase {
Properties prop = new Properties();
InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream("clds-version.properties");
prop.load(in);
+ assertNotNull(in);
in.close();
assertEquals(cldsInfo.getCldsVersion(), prop.getProperty("clds.version"));
assertEquals(cldsInfo.getUserName(), "admin");
diff --git a/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java
index 7d48086c..992c06e8 100644
--- a/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java
+++ b/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java
@@ -69,7 +69,7 @@ public class CldsToscaServiceItCase {
private String toscaModelYaml;
private Authentication authentication;
private CldsToscaModel cldsToscaModel;
- private List<GrantedAuthority> authList = new LinkedList<GrantedAuthority>();
+ private List<GrantedAuthority> authList = new LinkedList<>();
private LoggingUtils util;
/**
diff --git a/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java
index 603d2d28..1e6742c9 100644
--- a/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java
+++ b/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java
@@ -5,7 +5,9 @@
* Copyright (C) 2017 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
@@ -26,17 +28,30 @@ package org.onap.clamp.clds.util;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
+import static org.mockito.Matchers.eq;
+
+import java.security.InvalidKeyException;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.ArrayUtils;
import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PowerMockIgnore;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
-
+@RunWith(PowerMockRunner.class)
+@PowerMockIgnore({"javax.crypto.*"})
public class CryptoUtilsTest {
private final String data = "This is a test string";
@Test
+ @PrepareForTest({CryptoUtils.class})
public final void testEncryption() throws Exception {
String encodedString = CryptoUtils.encrypt(data);
assertNotNull(encodedString);
@@ -44,6 +59,7 @@ public class CryptoUtilsTest {
}
@Test
+ @PrepareForTest({CryptoUtils.class})
public final void testEncryptedStringIsDifferent() throws Exception {
String encodedString1 = CryptoUtils.encrypt(data);
String encodedString2 = CryptoUtils.encrypt(data);
@@ -56,4 +72,30 @@ public class CryptoUtilsTest {
byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length);
assertNotEquals(subData1, subData2);
}
-} \ No newline at end of file
+
+ @Test
+ @PrepareForTest({CryptoUtils.class})
+ public final void testEncryptionBaseOnRandomKey() throws Exception {
+ SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
+ final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded()));
+ setAesEncryptionKeyEnv(encryptionKey);
+
+ String encodedString = CryptoUtils.encrypt(data);
+ String decodedString = CryptoUtils.decrypt(encodedString);
+ assertEquals(data, decodedString);
+ }
+
+ @Test(expected = InvalidKeyException.class)
+ @PrepareForTest({CryptoUtils.class})
+ public final void testEncryptionBadKey() throws Exception {
+ final String badEncryptionKey = "93210sd";
+ setAesEncryptionKeyEnv(badEncryptionKey);
+
+ CryptoUtils.encrypt(data);
+ }
+
+ private static void setAesEncryptionKeyEnv(String value) {
+ PowerMockito.mockStatic(System.class);
+ PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value);
+ }
+}
diff --git a/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java b/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java
index 82c2162a..d1adc166 100644
--- a/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java
+++ b/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java
@@ -5,6 +5,8 @@
* Copyright (C) 2018 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -155,4 +157,9 @@ public class JsonUtilsTest {
// then
assertThat(timeoutValue).isEqualTo(500);
}
+
+ @Test(expected = IllegalArgumentException.class)
+ public void shouldThrowExceptionFileNotExists() throws IOException {
+ ResourceFileUtil.getResourceAsString("example/notExist.json");
+ }
}
diff --git a/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java b/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java
index 6546553c..63a1fa3e 100644
--- a/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java
+++ b/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java
@@ -47,9 +47,6 @@ public class DocumentBuilderTest {
@Mock
private SVGGraphics2D mockG2d;
- @Mock
- private Document mockDomImpl;
-
@Test
public void pushChangestoDocumentTest() throws IOException, ParserConfigurationException, SAXException {
String dataElementId = "someId";