Custom detekt rule for logger usage check

Check if logger invocations don't use unoptimal invocations, eg.
concatenation `debug("a=" + a)` instead of lambda use `debug {"a=" + a}`

Unfortunately to avoid defining dependencies in many places and having
circural dependencies it was necessarry to reorganize the maven module
structure. The goal was to have `sources` module with production code and
`build` module with build-time tooling (detekt rules among them).

Issue-ID: DCAEGEN2-1002
Change-Id: I36e677b98972aaae6905d722597cbce5e863d201
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>

1 files changed, 160 insertions, 0 deletions

diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt
new file mode 100644
index 00000000..7e0bc609
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt
@@ -0,0 +1,160 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.Some
+import arrow.core.toOption
+import io.netty.handler.ssl.ClientAuth
+import io.netty.handler.ssl.JdkSslContext
+import io.netty.handler.ssl.ReferenceCountedOpenSslContext
+import io.netty.handler.ssl.SslContextBuilder
+import org.assertj.core.api.Assertions
+import org.assertj.core.api.Assertions.assertThat
+import org.jetbrains.spek.api.Spek
+import org.jetbrains.spek.api.dsl.describe
+import org.jetbrains.spek.api.dsl.given
+import org.jetbrains.spek.api.dsl.it
+import org.jetbrains.spek.api.dsl.on
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import java.nio.file.Paths
+import kotlin.test.assertTrue
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since June 2018
+ */
+object ServerSslContextFactoryTest : Spek({
+    val PASSWORD = "onap"
+
+    describe("SslContextFactory (OpenSSL)") {
+        val keys = OpenSslKeys(
+                privateKey = Paths.get("/", "tmp", "pk.pem"),
+                cert = Paths.get("/", "tmp", "cert.crt"),
+                trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
+
+        given("config with security enabled") {
+            val sampleConfig = SecurityConfiguration(keys = Some(keys))
+
+            val cut = object : ServerSslContextFactory() {
+                override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration) =
+                    SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key")).toOption()
+
+                private fun resource(path: String) = ServerSslContextFactoryTest.javaClass.getResourceAsStream(path)
+            }
+
+            on("creation of SSL context") {
+                val result = cut.createSslContext(sampleConfig)
+
+                it("should be server context") {
+                    assertTrue(result.exists {
+                        it.isServer
+                    })
+                }
+
+                it("should use OpenSSL provider") {
+                    assertTrue(result.isDefined())
+                }
+
+                /*
+                 * It is too important to leave it untested on unit level.
+                 * Because of the Netty API design we need to do it this way.
+                 */
+                it("should turn on client authentication") {
+                    val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
+                            .getDeclaredField("clientAuth")
+                            .run {
+                                isAccessible = true
+                                get(result.orNull()) as ClientAuth
+                            }
+                    Assertions.assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+                }
+            }
+        }
+
+        given("config with SSL disabled") {
+            val securityConfiguration = SecurityConfiguration(
+                    sslDisable = true,
+                    keys = Some(keys)
+            )
+            val cut = ServerSslContextFactory()
+
+            on("creation of SSL context") {
+                val result = cut.createSslContext(securityConfiguration)
+
+                it("should not create any SSL context ") {
+                    assertThat(result.isDefined()).isFalse()
+                }
+            }
+        }
+    }
+
+    describe("SslContextFactory (JDK)") {
+        val keys = JdkKeys(
+                keyStore = resourceStreamProvider("/ssl/server.ks.pkcs12"),
+                keyStorePassword = PASSWORD.toCharArray(),
+                trustStore = resourceStreamProvider("/ssl/trust.pkcs12"),
+                trustStorePassword = PASSWORD.toCharArray()
+        )
+
+        given("config without disabled SSL") {
+            val sampleConfig = SecurityConfiguration(keys = Some(keys))
+            val cut = ServerSslContextFactory()
+
+            on("creation of SSL context") {
+                val result = cut.createSslContext(sampleConfig)
+
+                it("should work") {
+                    assertTrue(result.isDefined())
+                }
+
+                it("should be server context") {
+                    assertTrue(result.exists {
+                        it.isServer
+                    })
+                }
+
+                /*
+                 * It is too important to leave it untested on unit level.
+                 * Because of the Netty API design we need to do it this way.
+                 */
+                it("should turn on client authentication") {
+                    val clientAuth: ClientAuth = JdkSslContext::class.java
+                            .getDeclaredField("clientAuth")
+                            .run {
+                                isAccessible = true
+                                get(result.orNull()) as ClientAuth
+                            }
+                    Assertions.assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+                }
+
+                it("should clear passwords so heap dumps won't contain them") {
+                    val xedPassword = PASSWORD.toCharArray()
+                    xedPassword.fill('x')
+                    Assertions.assertThat(keys.keyStorePassword).isEqualTo(xedPassword)
+                    Assertions.assertThat(keys.trustStorePassword).isEqualTo(xedPassword)
+                }
+            }
+        }
+    }
+})
+
+fun resourceStreamProvider(resource: String) = { ServerSslContextFactoryTest::class.java.getResourceAsStream(resource) }