summaryrefslogtreecommitdiffstats
path: root/datafile-app-server
diff options
context:
space:
mode:
authorTomasz Wrobel <tomasz.wrobel@nokia.com>2022-05-13 09:01:26 +0200
committerTomasz Wrobel <tomasz.wrobel@nokia.com>2022-07-06 06:09:50 +0200
commit5da97dc829f00e8549ccf5617b434aa911578d8b (patch)
treefb0a293b051a7f2e46ea736356cd6edf98a9371d /datafile-app-server
parent7fdc015b330cf36d4a272af7e9ce31f60248bfd6 (diff)
Make TLS connection optional1.8.0
Issue-ID: DCAEGEN2-3039 Signed-off-by: Tomasz Wrobel <tomasz.wrobel@nokia.com> Change-Id: Id637ba17c655407009a4f40f6c93f518b99e45ff
Diffstat (limited to 'datafile-app-server')
-rw-r--r--datafile-app-server/pom.xml10
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java8
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java6
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java61
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java10
-rw-r--r--datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java24
-rw-r--r--datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParserTest.java78
-rw-r--r--datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java37
-rw-r--r--datafile-app-server/src/test/resources/datafile_test_config_incorrect_cert_config.json41
-rw-r--r--datafile-app-server/src/test/resources/datafile_test_config_no_tls.json37
-rw-r--r--datafile-app-server/src/test/resources/datafile_test_config_tls.json40
11 files changed, 331 insertions, 21 deletions
diff --git a/datafile-app-server/pom.xml b/datafile-app-server/pom.xml
index c8a0e648..14620ed1 100644
--- a/datafile-app-server/pom.xml
+++ b/datafile-app-server/pom.xml
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ ============LICENSE_START=======================================================
- ~ Copyright (C) 2018-2022 NOKIA Intellectual Property. All rights reserved.
+ ~ Copyright (C) 2018-2022 Nokia. All rights reserved.
~ Copyright (C) 2018-2021 Nordix Foundation. All rights reserved.
~ Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
~ Copyright (c) 2021 Samsung Electronics. All rights reserved.
@@ -27,7 +27,7 @@
<parent>
<groupId>org.onap.dcaegen2.collectors</groupId>
<artifactId>datafile</artifactId>
- <version>1.7.1-SNAPSHOT</version>
+ <version>1.8.0-SNAPSHOT</version>
</parent>
<groupId>org.onap.dcaegen2.collectors.datafile</groupId>
@@ -149,6 +149,12 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.junit.vintage</groupId>
+ <artifactId>junit-vintage-engine</artifactId>
+ <version>5.7.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<scope>test</scope>
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
index f11a85a0..0691d721 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START======================================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -234,6 +234,10 @@ public class AppConfig {
this.certificateConfiguration = certificateConfig;
this.sftpConfiguration = sftpConfig;
+ if (!certificateConfig.enableCertAuth()) {
+ logger.debug("External TLS certificate disabled, skipping setup HTTPS client");
+ return;
+ }
HttpsClientConnectionManagerUtil.setupOrUpdate(certificateConfig.keyCert(), certificateConfig.keyPasswordPath(),
certificateConfig.trustedCa(), certificateConfig.trustedCaPasswordPath(),
certificateConfig.httpsHostnameVerify());
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
index 78be36d3..668fcc77 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CertificateConfig.java
@@ -1,6 +1,7 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2018-2021 NOKIA Intellectual Property, 2019 Nordix Foundation. All rights reserved.
+ * Copyright (C) 2018-2022 Nokia. All rights reserved.
+ * Copyright (C) 2019 Nordix Foundation. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -50,4 +51,7 @@ public abstract class CertificateConfig implements Serializable {
@Value.Parameter
public abstract Boolean httpsHostnameVerify();
+
+ @Value.Parameter
+ public abstract Boolean enableCertAuth();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
index 025166c2..db811fac 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -48,6 +48,8 @@ import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys;
import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore;
import org.onap.dcaegen2.services.sdk.security.ssl.Passwords;
import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Parses the cloud configuration.
@@ -74,6 +76,8 @@ public class CloudConfigParser {
private static final int EXPECTED_NUMBER_OF_SOURCE_TOPICS = 1;
private static final int FIRST_SOURCE_INDEX = 0;
+ private static final Logger logger = LoggerFactory.getLogger(CloudConfigParser.class);
+
private final Properties systemEnvironment;
private final JsonObject jsonObject;
@@ -103,10 +107,10 @@ public class CloudConfigParser {
.publishUrl(getAsString(feedConfig, "publish_url")) //
.password(getAsString(feedConfig, "password")) //
.userName(getAsString(feedConfig, "username")) //
- .trustStorePath(getAsString(jsonObject, DMAAP_SECURITY_TRUST_STORE_PATH)) //
- .trustStorePasswordPath(getAsString(jsonObject, DMAAP_SECURITY_TRUST_STORE_PASS_PATH)) //
- .keyStorePath(getAsString(jsonObject, DMAAP_SECURITY_KEY_STORE_PATH)) //
- .keyStorePasswordPath(getAsString(jsonObject, DMAAP_SECURITY_KEY_STORE_PASS_PATH)) //
+ .trustStorePath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_TRUST_STORE_PATH,"")) //
+ .trustStorePasswordPath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_TRUST_STORE_PASS_PATH, "")) //
+ .keyStorePath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_KEY_STORE_PATH,"")) //
+ .keyStorePasswordPath(getAsOptionalStringOrDefault(jsonObject, DMAAP_SECURITY_KEY_STORE_PASS_PATH,"")) //
.enableDmaapCertAuth(get(jsonObject, DMAAP_SECURITY_ENABLE_DMAAP_CERT_AUTH).getAsBoolean()) //
.changeIdentifier(changeIdentifier) //
.logUrl(getAsString(feedConfig, "log_url")) //
@@ -189,12 +193,38 @@ public class CloudConfigParser {
* @throws DatafileTaskException if a member of the configuration is missing.
*/
public @NotNull CertificateConfig getCertificateConfig() throws DatafileTaskException {
+ boolean enableCertAuth = getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.enableCertAuth",
+ Boolean.TRUE);
+
+ String keyCert = "";
+ String keyPasswordPath = "";
+ String trustedCa = "";
+ String trustedCaPasswordPath = "";
+ boolean httpsHostnameVerify = true;
+
+ if (enableCertAuth) {
+ logger.debug("TlS enabled, attempt to read certificates property");
+ try {
+ keyCert = getAsString(jsonObject, "dmaap.certificateConfig.keyCert");
+ keyPasswordPath = getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath");
+ trustedCa = getAsString(jsonObject, "dmaap.certificateConfig.trustedCa");
+ trustedCaPasswordPath = getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath");
+ httpsHostnameVerify = getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify",
+ Boolean.TRUE);
+ } catch (DatafileTaskException e) {
+ throw new DatafileTaskException(
+ "Wrong configuration. External certificate enabled but configs are missing: "
+ + e.getMessage());
+ }
+ }
+
return new ImmutableCertificateConfig.Builder() //
- .keyCert(getAsString(jsonObject, "dmaap.certificateConfig.keyCert"))
- .keyPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.keyPasswordPath"))
- .trustedCa(getAsString(jsonObject, "dmaap.certificateConfig.trustedCa"))
- .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.certificateConfig.trustedCaPasswordPath")) //
- .httpsHostnameVerify(getAsBooleanOrDefault(jsonObject, "dmaap.certificateConfig.httpsHostnameVerify", Boolean.TRUE))
+ .keyCert(keyCert)
+ .keyPasswordPath(keyPasswordPath)
+ .trustedCa(trustedCa)
+ .trustedCaPasswordPath(trustedCaPasswordPath) //
+ .httpsHostnameVerify(httpsHostnameVerify)
+ .enableCertAuth(enableCertAuth)
.build();
}
@@ -219,6 +249,15 @@ public class CloudConfigParser {
return get(obj, memberName).getAsString();
}
+ private static String getAsOptionalStringOrDefault(JsonObject obj, String memberName, String def) {
+ try {
+ return get(obj, memberName).getAsString();
+ } catch (DatafileTaskException e) {
+ return def;
+ }
+ }
+
+
private static @NotNull Boolean getAsBoolean(JsonObject obj, String memberName) throws DatafileTaskException {
return get(obj, memberName).getAsBoolean();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
index 70380437..0df57a2c 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START======================================================================
* Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
- * Copyright (C) 2020-2021 Nokia. All rights reserved.
+ * Copyright (C) 2020-2022 Nokia. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -175,8 +175,11 @@ public class FileCollector {
new SftpClientSettings(datafileAppConfig.getSftpConfiguration()));
}
- protected FtpesClient createFtpesClient(FileData fileData) {
+ protected FtpesClient createFtpesClient(FileData fileData) throws DatafileTaskException {
CertificateConfig config = datafileAppConfig.getCertificateConfiguration();
+ if (!config.enableCertAuth()) {
+ throw new DatafileTaskException("FTPES error: TLS connection is disabled");
+ }
return new FtpesClient(fileData.fileServerData(), Paths.get(config.keyCert()), config.keyPasswordPath(),
Paths.get(config.trustedCa()), config.trustedCaPasswordPath());
}
@@ -186,6 +189,9 @@ public class FileCollector {
}
protected FileCollectClient createHttpsClient(FileData fileData) throws DatafileTaskException {
+ if (!datafileAppConfig.getCertificateConfiguration().enableCertAuth()) {
+ throw new DatafileTaskException("HTTPS error: TLS connection is disabled");
+ }
return new DfcHttpsClient(fileData.fileServerData(), HttpsClientConnectionManagerUtil.instance());
}
}
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java
index 839a9a18..3c940297 100644
--- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START======================================================================
- * Copyright (C) 2018, 2020-2021 NOKIA Intellectual Property, 2018-2019 Nordix Foundation.
- * All rights reserved.
+ * Copyright (C) 2018, 2020-2022 Nokia. All rights reserved.
+ * Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -91,6 +91,7 @@ class AppConfigTest {
.trustedCa("/src/test/resources/cert.jks") //
.trustedCaPasswordPath("/src/test/resources/cert.jks.pass") //
.httpsHostnameVerify(true)
+ .enableCertAuth(true)
.build();
private AppConfig appConfigUnderTest;
@@ -129,6 +130,19 @@ class AppConfigTest {
}
@Test
+ void shouldInitializeApplicationWithoutCertificates() throws IOException {
+ // When
+ doReturn(getCorrectConfigWithoutTLS()).when(appConfigUnderTest).createInputStream(any());
+ appConfigUnderTest.initialize();
+
+ // Then
+ verify(appConfigUnderTest, times(1)).loadConfigurationFromFile();
+
+ CertificateConfig certificateConfig = appConfigUnderTest.getCertificateConfiguration();
+ assertThat(certificateConfig).isNotNull();
+ }
+
+ @Test
void whenTheConfigurationFits_twoProducers() throws IOException, DatafileTaskException {
// When
doReturn(getCorrectJsonTwoProducers()).when(appConfigUnderTest).createInputStream(any());
@@ -293,6 +307,12 @@ class AppConfigTest {
return new ByteArrayInputStream((string.getBytes(StandardCharsets.UTF_8)));
}
+ private static InputStream getCorrectConfigWithoutTLS() throws IOException {
+ URL url = CloudConfigParser.class.getClassLoader().getResource("datafile_test_config_no_tls.json");
+ String string = Resources.toString(url, Charsets.UTF_8);
+ return new ByteArrayInputStream((string.getBytes(StandardCharsets.UTF_8)));
+ }
+
private static InputStream getCorrectJsonTwoProducers() throws IOException {
URL url = CloudConfigParser.class.getClassLoader().getResource("datafile_endpoints_test_2producers.json");
String string = Resources.toString(url, Charsets.UTF_8);
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParserTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParserTest.java
new file mode 100644
index 00000000..e7ef7d79
--- /dev/null
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParserTest.java
@@ -0,0 +1,78 @@
+/*-
+ * ============LICENSE_START======================================================================
+ * Copyright (C) 2022 Nokia. All rights reserved.
+ * ===============================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ * ============LICENSE_END========================================================================
+ */
+
+package org.onap.dcaegen2.collectors.datafile.configuration;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import org.junit.jupiter.api.Test;
+import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException;
+
+class CloudConfigParserTest {
+
+ public static final String CONFIG_TLS_JSON = "src/test/resources/datafile_test_config_tls.json";
+ public static final String CONFIG_NO_TLS_JSON = "src/test/resources/datafile_test_config_no_tls.json";
+ public static final String INCORRECT_CERT_CONFIG_JSON = "src/test/resources/datafile_test_config_incorrect_cert_config.json";
+ public static final String EXPECTED_EXCEPTION_MESSAGE = "Wrong configuration. External certificate enabled but configs are missing: Could not find member: dmaap.certificateConfig.keyCert";
+
+ @Test
+ public void shouldCorrectReadCertificateConfigWithTLS () throws IOException, DatafileTaskException {
+
+ CloudConfigParser parser = getCloudConfigParser(CONFIG_TLS_JSON);
+ CertificateConfig certificateConfig = parser.getCertificateConfig();
+
+ assertEquals(true, certificateConfig.enableCertAuth());
+ assertEquals("/src/test/resources/dfc.jks", certificateConfig.keyCert());
+ assertEquals("/src/test/resources/dfc.jks.pass", certificateConfig.keyPasswordPath());
+ assertEquals("/src/test/resources/cert.jks", certificateConfig.trustedCa());
+ assertEquals("/src/test/resources/cert.jks.pass", certificateConfig.trustedCaPasswordPath());
+ assertEquals(true, certificateConfig.httpsHostnameVerify());
+ }
+
+ @Test
+ public void shouldCorrectReadCertificateConfigWithoutTLS () throws IOException, DatafileTaskException {
+ CloudConfigParser parser = getCloudConfigParser(CONFIG_NO_TLS_JSON);
+ CertificateConfig certificateConfig = parser.getCertificateConfig();
+
+ assertEquals(false, certificateConfig.enableCertAuth());
+ assertEquals("", certificateConfig.keyCert());
+ assertEquals("", certificateConfig.keyPasswordPath());
+ assertEquals("", certificateConfig.trustedCa());
+ assertEquals("", certificateConfig.trustedCaPasswordPath());
+ }
+
+ @Test
+ public void shouldThrowExceptionWhenCertAuthIsEnabledButPathsPropertyIsMissing () throws IOException {
+ CloudConfigParser parser = getCloudConfigParser(INCORRECT_CERT_CONFIG_JSON);
+
+ DatafileTaskException exception = assertThrows(DatafileTaskException.class, parser::getCertificateConfig);
+ assertTrue(exception.getMessage().contains(EXPECTED_EXCEPTION_MESSAGE));
+ }
+
+ private CloudConfigParser getCloudConfigParser(String configPath) throws IOException {
+ String jsonStr = Files.readString(Path.of(configPath));
+ JsonObject jsonObject = JsonParser.parseString(jsonStr).getAsJsonObject();
+
+ return new CloudConfigParser(jsonObject,null);
+ }
+}
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java
index ceb8a989..917055cf 100644
--- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java
@@ -1,7 +1,7 @@
/*-
* ============LICENSE_START======================================================================
* Copyright (C) 2018-2019 Nordix Foundation. All rights reserved.
- * Copyright (C) 2020 Nokia. All rights reserved.
+ * Copyright (C) 2020-2022 Nokia. All rights reserved.
* ===============================================================================================
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
@@ -18,6 +18,7 @@
package org.onap.dcaegen2.collectors.datafile.tasks;
import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.doThrow;
@@ -197,6 +198,8 @@ public class FileCollectorTest {
assertEquals(0, counters.getNoOfFailedHttpAttempts(),"failedHttpAttempts should have been 0");
}
+
+
@Test
public void whenSftpFile_returnCorrectResponse() throws Exception {
FileCollector collectorUndetTest = spy(new FileCollector(appConfigMock, counters));
@@ -291,6 +294,38 @@ public class FileCollectorTest {
}
@Test
+ public void whenTlsDisabled_ThrowExceptionForHttpsFile() {
+ when(appConfigMock.getCertificateConfiguration().enableCertAuth()).thenReturn(false);
+ FileCollector collectorUndetTest = spy(new FileCollector(appConfigMock, counters));
+ FileData fileData = createFileData(HTTPS_LOCATION, Scheme.HTTPS);
+
+ StepVerifier.create(collectorUndetTest.collectFile(fileData, 3, Duration.ofSeconds(0), contextMap))
+ .expectErrorMessage("Retries exhausted: 3/3")
+ .verify();
+
+ StepVerifier.create(collectorUndetTest.collectFile(fileData, 3, Duration.ofSeconds(0), contextMap))
+ .consumeErrorWith(throwable ->
+ assertEquals("HTTPS error: TLS connection is disabled", throwable.getCause().getMessage()))
+ .verify();
+ }
+
+ @Test
+ public void whenTlsDisabled_ThrowExceptionForFtpesFile() {
+ when(appConfigMock.getCertificateConfiguration().enableCertAuth()).thenReturn(false);
+ FileCollector collectorUndetTest = spy(new FileCollector(appConfigMock, counters));
+ FileData fileData = createFileData(FTPES_LOCATION, Scheme.FTPES);
+
+ StepVerifier.create(collectorUndetTest.collectFile(fileData, 3, Duration.ofSeconds(0), contextMap))
+ .expectErrorMessage("Retries exhausted: 3/3")
+ .verify();
+
+ StepVerifier.create(collectorUndetTest.collectFile(fileData, 3, Duration.ofSeconds(0), contextMap))
+ .consumeErrorWith(throwable ->
+ assertEquals("FTPES error: TLS connection is disabled", throwable.getCause().getMessage()))
+ .verify();
+ }
+
+ @Test
public void whenFtpesFileAlwaysFail_retryAndFail() throws Exception {
FileCollector collectorUndetTest = spy(new FileCollector(appConfigMock, counters));
doReturn(ftpesClientMock).when(collectorUndetTest).createFtpesClient(any());
diff --git a/datafile-app-server/src/test/resources/datafile_test_config_incorrect_cert_config.json b/datafile-app-server/src/test/resources/datafile_test_config_incorrect_cert_config.json
new file mode 100644
index 00000000..a282c5c7
--- /dev/null
+++ b/datafile-app-server/src/test/resources/datafile_test_config_incorrect_cert_config.json
@@ -0,0 +1,41 @@
+{
+ "config": {
+ "dmaap.certificateConfig.enableCertAuth": true,
+ "dmaap.certificateConfig.keyCert.missing": "/src/test/resources/dfc.jks",
+ "dmaap.certificateConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass",
+ "dmaap.certificateConfig.trustedCa": "/src/test/resources/cert.jks",
+ "dmaap.certificateConfig.trustedCaPasswordPath": "/src/test/resources/cert.jks.pass",
+ "dmaap.certificateConfig.httpsHostnameVerify": true,
+ "dmaap.security.trustStorePath": "src/test/resources/trust.jks",
+ "dmaap.security.trustStorePasswordPath": "src/test/resources/trust.pass",
+ "dmaap.security.keyStorePath": "src/test/resources/cert.jks",
+ "dmaap.security.keyStorePasswordPath": "src/test/resources/jks.pass",
+ "dmaap.security.enableDmaapCertAuth": "true",
+ "dmaap.dmaapConsumerConfiguration.consumerGroup": "OpenDcae-c12",
+ "dmaap.dmaapConsumerConfiguration.consumerId": "C12",
+ "dmaap.dmaapConsumerConfiguration.timeoutMs": 1000,
+ "sftp.security.strictHostKeyChecking": "false",
+ "streams_publishes": {
+ "PM_MEAS_FILES": {
+ "type": "data_router",
+ "dmaap_info": {
+ "username": "CYE9fl40",
+ "location": "loc00",
+ "log_url": "https://localhost:3907/feedlog/1",
+ "publisher_id": "4.307dw",
+ "password": "izBJD8nLjawq0HMG",
+ "publish_url": "https://localhost:3907/publish/1"
+ }
+ }
+ },
+ "streams_subscribes": {
+ "dmaap_subscriber": {
+ "dmaap_info": {
+ "topic_url": "http://localhost:2222/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ }
+ }
+}
+
diff --git a/datafile-app-server/src/test/resources/datafile_test_config_no_tls.json b/datafile-app-server/src/test/resources/datafile_test_config_no_tls.json
new file mode 100644
index 00000000..e51b5cd7
--- /dev/null
+++ b/datafile-app-server/src/test/resources/datafile_test_config_no_tls.json
@@ -0,0 +1,37 @@
+{
+ "config": {
+ "dmaap.certificateConfig.enableCertAuth": false,
+ "dmaap.certificateConfig.httpsHostnameVerify": false,
+ "dmaap.security.trustStorePath": "src/test/resources/trust.jks",
+ "dmaap.security.trustStorePasswordPath": "src/test/resources/trust.pass",
+ "dmaap.security.keyStorePath": "src/test/resources/cert.jks",
+ "dmaap.security.keyStorePasswordPath": "src/test/resources/jks.pass",
+ "dmaap.security.enableDmaapCertAuth": "true",
+ "dmaap.dmaapConsumerConfiguration.consumerGroup": "OpenDcae-c12",
+ "dmaap.dmaapConsumerConfiguration.consumerId": "C12",
+ "dmaap.dmaapConsumerConfiguration.timeoutMs": 1000,
+ "sftp.security.strictHostKeyChecking": "false",
+ "streams_publishes": {
+ "PM_MEAS_FILES": {
+ "type": "data_router",
+ "dmaap_info": {
+ "username": "CYE9fl40",
+ "location": "loc00",
+ "log_url": "https://localhost:3907/feedlog/1",
+ "publisher_id": "4.307dw",
+ "password": "izBJD8nLjawq0HMG",
+ "publish_url": "https://localhost:3907/publish/1"
+ }
+ }
+ },
+ "streams_subscribes": {
+ "dmaap_subscriber": {
+ "dmaap_info": {
+ "topic_url": "http://localhost:2222/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ }
+ }
+}
+
diff --git a/datafile-app-server/src/test/resources/datafile_test_config_tls.json b/datafile-app-server/src/test/resources/datafile_test_config_tls.json
new file mode 100644
index 00000000..54f75816
--- /dev/null
+++ b/datafile-app-server/src/test/resources/datafile_test_config_tls.json
@@ -0,0 +1,40 @@
+{
+ "config": {
+ "dmaap.certificateConfig.keyCert": "/src/test/resources/dfc.jks",
+ "dmaap.certificateConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass",
+ "dmaap.certificateConfig.trustedCa": "/src/test/resources/cert.jks",
+ "dmaap.certificateConfig.trustedCaPasswordPath": "/src/test/resources/cert.jks.pass",
+ "dmaap.certificateConfig.httpsHostnameVerify": true,
+ "dmaap.security.trustStorePath": "src/test/resources/trust.jks",
+ "dmaap.security.trustStorePasswordPath": "src/test/resources/trust.pass",
+ "dmaap.security.keyStorePath": "src/test/resources/cert.jks",
+ "dmaap.security.keyStorePasswordPath": "src/test/resources/jks.pass",
+ "dmaap.security.enableDmaapCertAuth": "true",
+ "dmaap.dmaapConsumerConfiguration.consumerGroup": "OpenDcae-c12",
+ "dmaap.dmaapConsumerConfiguration.consumerId": "C12",
+ "dmaap.dmaapConsumerConfiguration.timeoutMs": 1000,
+ "sftp.security.strictHostKeyChecking": "false",
+ "streams_publishes": {
+ "PM_MEAS_FILES": {
+ "type": "data_router",
+ "dmaap_info": {
+ "username": "CYE9fl40",
+ "location": "loc00",
+ "log_url": "https://localhost:3907/feedlog/1",
+ "publisher_id": "4.307dw",
+ "password": "izBJD8nLjawq0HMG",
+ "publish_url": "https://localhost:3907/publish/1"
+ }
+ }
+ },
+ "streams_subscribes": {
+ "dmaap_subscriber": {
+ "dmaap_info": {
+ "topic_url": "http://localhost:2222/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ }
+ }
+}
+