Add command line option to disable SSL/TLS

Closes ONAP-508

Change-Id: If6c3935ede7b00dea9b36747c6cd1422c1c8d330
Signed-off-by: kjaniak <kornel.janiak@nokia.com>
Issue-ID: DCAEGEN2-601

1 files changed, 55 insertions, 30 deletions

diff --git a/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt b/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt
index 26a25d33..deb4e183 100644
--- a/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt
+++ b/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt
@@ -20,15 +20,17 @@
 package org.onap.dcae.collectors.veshv.impl.socket
 
 import io.netty.handler.ssl.ClientAuth
-import io.netty.handler.ssl.OpenSslServerContext
 import io.netty.handler.ssl.ReferenceCountedOpenSslContext
 import io.netty.handler.ssl.SslContextBuilder
 import org.assertj.core.api.Assertions.assertThat
 import org.jetbrains.spek.api.Spek
 import org.jetbrains.spek.api.dsl.describe
+import org.jetbrains.spek.api.dsl.given
 import org.jetbrains.spek.api.dsl.it
+import org.jetbrains.spek.api.dsl.on
 import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
 import java.nio.file.Paths
+import kotlin.test.assertTrue
 
 /**
  * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
@@ -36,43 +38,66 @@ import java.nio.file.Paths
  */
 object SslContextFactoryTest : Spek({
     describe("SslContextFactory") {
-        val sampleConfig = SecurityConfiguration(
-                privateKey = Paths.get("/", "tmp", "pk.pem"),
-                cert = Paths.get("/", "tmp", "cert.crt"),
-                trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
+        given("config without disabled SSL") {
+            val sampleConfig = SecurityConfiguration(
+                    privateKey = Paths.get("/", "tmp", "pk.pem"),
+                    cert = Paths.get("/", "tmp", "cert.crt"),
+                    trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
 
-        val cut = object : SslContextFactory() {
-            var actualConfig: SecurityConfiguration? = null
-            override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
-                actualConfig = secConfig
-                return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
+            val cut = object : SslContextFactory() {
+                override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
+                    return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
+                }
+
+                private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
             }
 
-            private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
-        }
+            on("creation of SSL context") {
+                val result = cut.createSslContext(sampleConfig)
 
-        val result = cut.createSslContext(sampleConfig)
+                it("should be server context") {
+                    assertTrue(result.exists {
+                        it.isServer
+                    })
+                }
 
-        it("should be server context") {
-            assertThat(result.isServer).isTrue()
-        }
+                it("should use OpenSSL provider") {
+                    assertTrue(result.isDefined())
+                }
 
-        it("should use OpenSSL provider") {
-            assertThat(result).isInstanceOf(OpenSslServerContext::class.java)
+                /*
+                 * It is too important to leave it untested on unit level.
+                 * Because of the Netty API design we need to do it this way.
+                 */
+                it("should turn on client authentication") {
+                    val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
+                            .getDeclaredField("clientAuth")
+                            .run {
+                                isAccessible = true
+                                get(result.orNull()) as ClientAuth
+                            }
+                    assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+                }
+            }
         }
 
-        /*
-         * It is too important to leave it untested on unit level.
-         * Because of the Netty API design we need to do it this way.
-         */
-        it("should turn on client authentication") {
-            val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
-                    .getDeclaredField("clientAuth")
-                    .run {
-                        isAccessible = true
-                        get(result) as ClientAuth
-                    }
-            assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+        given("config with SSL disabled") {
+            val securityConfiguration = SecurityConfiguration(
+                    sslDisable = true,
+                    privateKey = Paths.get("sample", "key"),
+                    cert = Paths.get("sample", "cert"),
+                    trustedCert = Paths.get("/", "sample", "trusted", "cert")
+            )
+            val cut = SslContextFactory()
+
+            on("creation of SSL context") {
+                val result = cut.createSslContext(securityConfiguration)
+
+                it("should not create any SSL context ") {
+                    assertThat(result.isDefined()).isFalse()
+                }
+            }
         }
+
     }
 })