From 78c8b0e7fc7e6d707190202cac4b8f2ad03828dc Mon Sep 17 00:00:00 2001 From: "Determe, Sebastien (sd378r)" Date: Thu, 16 Nov 2017 12:43:55 +0100 Subject: Move SSL verification to test Move the SSL verification to the unit test instead of having it in the main class Change-Id: I574a4ba380ef62171cc6ba0c23eb41dee8a8cc18 Issue-ID: CLAMP-74 Signed-off-by: Determe, Sebastien (sd378r) --- .../onap/clamp/clds/client/CldsEventDelegate.java | 17 ++--- .../clds/client/DcaeHttpConnectionManager.java | 74 ++-------------------- .../clds/it/DcaeHttpConnectionManagerItCase.java | 62 +++++++++++++++--- 3 files changed, 67 insertions(+), 86 deletions(-) diff --git a/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java b/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java index 449e364b..4886b0de 100644 --- a/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java +++ b/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java @@ -23,25 +23,23 @@ package org.onap.clamp.clds.client; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + import org.camunda.bpm.engine.delegate.DelegateExecution; import org.camunda.bpm.engine.delegate.JavaDelegate; import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.model.CldsEvent; import org.springframework.beans.factory.annotation.Autowired; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - /** * Create CLDS Event. */ public class CldsEventDelegate implements JavaDelegate { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsEventDelegate.class); protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - @Autowired - private CldsDao cldsDao; + private CldsDao cldsDao; /** * Insert event using process variables. @@ -49,20 +47,19 @@ public class CldsEventDelegate implements JavaDelegate { * @param execution */ @Override - public void execute(DelegateExecution execution) throws Exception { + public void execute(DelegateExecution execution) { String controlName = (String) execution.getVariable("controlName"); String actionCd = (String) execution.getVariable("actionCd"); String actionStateCd = (String) execution.getVariable("actionStateCd"); - // Flag indicate whether it is triggered by Validation Test button from UI + // Flag indicate whether it is triggered by Validation Test button from + // UI boolean isTest = (boolean) execution.getVariable("isTest"); boolean isInsertTestEvent = (boolean) execution.getVariable("isInsertTestEvent"); String userid = (String) execution.getVariable("userid"); - // do not insert events for test actions unless flag set to insert them if (!isTest || isInsertTestEvent) { // won't really have userid here... CldsEvent.insEvent(cldsDao, controlName, userid, actionCd, actionStateCd, execution.getProcessInstanceId()); } } - } diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java b/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java index cff955f1..ef472ae1 100644 --- a/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java +++ b/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java @@ -32,22 +32,18 @@ import java.io.IOException; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; import javax.ws.rs.BadRequestException; import org.apache.commons.io.IOUtils; import org.onap.clamp.clds.util.LoggingUtils; +/** + * + * This class manages the HTTP and HTTPS connections to DCAE. + * + */ public class DcaeHttpConnectionManager { protected static final EELFLogger logger = EELFManager.getInstance() .getLogger(DcaeHttpConnectionManager.class); @@ -57,39 +53,6 @@ public class DcaeHttpConnectionManager { private DcaeHttpConnectionManager() { } - static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - - @Override - public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { - } - - @Override - public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { - } - } }; - - private static void enableSslNoCheck() { - try { - SSLContext sc = SSLContext.getInstance("SSL"); - sc.init(null, trustAllCerts, new java.security.SecureRandom()); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - HostnameVerifier allHostsValid = new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - }; - // set the allTrusting verifier - HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); - } catch (KeyManagementException | NoSuchAlgorithmException e) { - logger.error("Error when disabling security on SSL", e); - } - } - private static String doHttpsQuery(URL url, String requestMethod, String payload, String contentType) throws IOException { logger.info("Using HTTPS URL to contact DCAE:" + url.toString()); @@ -157,7 +120,7 @@ public class DcaeHttpConnectionManager { } /** - * This method does a HTTP query to DCAE with parameters specified. + * This method does a HTTP/HTTPS query to DCAE with parameters specified. * * @param url * The string HTTP or HTTPS that mustr be used to connect @@ -173,33 +136,8 @@ public class DcaeHttpConnectionManager { */ public static String doDcaeHttpQuery(String url, String requestMethod, String payload, String contentType) throws IOException { - return doDcaeHttpQuery(url, requestMethod, payload, contentType, false); - } - - /** - * This method does a HTTP/HTTPS query to DCAE with parameters specified. - * - * @param url - * The string HTTP or HTTPS that mustr be used to connect - * @param requestMethod - * The Request Method (PUT, POST, GET, DELETE, etc ...) - * @param payload - * The payload if any, in that case an ouputstream is opened - * @param contentType - * The "application/json or application/xml, or whatever" - * @param withoutSecurity - * Disable or not the SSL security (certificate,hostname, etc...) - * @return The payload of the answer - * @throws IOException - * In case of issue with the streams - */ - public static String doDcaeHttpQuery(String url, String requestMethod, String payload, String contentType, - boolean withoutSecurity) throws IOException { URL urlObj = new URL(url); if (url.contains("https://")) { // Support for HTTPS - if (withoutSecurity) { - enableSslNoCheck(); - } return doHttpsQuery(urlObj, requestMethod, payload, contentType); } else { // Support for HTTP return doHttpQuery(urlObj, requestMethod, payload, contentType); diff --git a/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java b/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java index 7714270d..cf9fa4e2 100644 --- a/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java @@ -28,9 +28,20 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.io.IOException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import javax.ws.rs.BadRequestException; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.onap.clamp.clds.AbstractItCase; @@ -49,14 +60,49 @@ import org.springframework.test.context.junit4.SpringRunner; @TestPropertySource(locations = "classpath:https/https-test.properties") public class DcaeHttpConnectionManagerItCase extends AbstractItCase { @Value("${server.port}") - private String httpsPort; + private String httpsPort; @Value("${server.http-to-https-redirection.port}") - private String httpPort; + private String httpPort; + private static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { + } + + @Override + public void checkServerTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { + } + } }; + + private void enableSslNoCheck() throws NoSuchAlgorithmException, KeyManagementException { + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + HostnameVerifier allHostsValid = new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; + // set the allTrusting verifier + HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); + } + + @Before + public void setupEnvBeforeTest() throws KeyManagementException, NoSuchAlgorithmException { + enableSslNoCheck(); + } @Test public void testHttpGet() throws Exception { String response = DcaeHttpConnectionManager - .doDcaeHttpQuery("http://localhost:" + this.httpPort + "/designer/index.html", "GET", null, null, true); + .doDcaeHttpQuery("http://localhost:" + this.httpPort + "/designer/index.html", "GET", null, null); assertNotNull(response); // Should be a redirection so 302, so empty assertTrue(response.isEmpty()); @@ -64,8 +110,8 @@ public class DcaeHttpConnectionManagerItCase extends AbstractItCase { @Test public void testHttpsGet() throws Exception { - String response = DcaeHttpConnectionManager.doDcaeHttpQuery( - "https://localhost:" + this.httpsPort + "/designer/index.html", "GET", null, null, true); + String response = DcaeHttpConnectionManager + .doDcaeHttpQuery("https://localhost:" + this.httpsPort + "/designer/index.html", "GET", null, null); assertNotNull(response); // Should contain something assertTrue(!response.isEmpty()); @@ -74,21 +120,21 @@ public class DcaeHttpConnectionManagerItCase extends AbstractItCase { @Test(expected = BadRequestException.class) public void testHttpsGet404() throws IOException { DcaeHttpConnectionManager.doDcaeHttpQuery("https://localhost:" + this.httpsPort + "/designer/index1.html", - "GET", null, null, true); + "GET", null, null); fail("Should have raised an BadRequestException exception"); } @Test(expected = BadRequestException.class) public void testHttpsPost404() throws IOException { DcaeHttpConnectionManager.doDcaeHttpQuery("https://localhost:" + this.httpsPort + "/designer/index1.html", - "POST", "", "application/json", true); + "POST", "", "application/json"); fail("Should have raised an BadRequestException exception"); } @Test(expected = IOException.class) public void testHttpException() throws IOException { DcaeHttpConnectionManager.doDcaeHttpQuery("http://localhost:" + this.httpsPort + "/designer/index.html", "GET", - null, null, true); + null, null); fail("Should have raised an IOException exception"); } } -- cgit 1.2.3-korg