1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
/*
* ============LICENSE_START=======================================================
* dcaegen2-collectors-veshv
* ================================================================================
* Copyright (C) 2018 NOKIA
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.dcae.collectors.veshv.impl.socket
import io.netty.handler.ssl.ClientAuth
import io.netty.handler.ssl.OpenSslServerContext
import io.netty.handler.ssl.ReferenceCountedOpenSslContext
import io.netty.handler.ssl.SslContextBuilder
import org.assertj.core.api.Assertions.assertThat
import org.jetbrains.spek.api.Spek
import org.jetbrains.spek.api.dsl.describe
import org.jetbrains.spek.api.dsl.it
import org.jetbrains.spek.api.dsl.xit
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import java.nio.file.Paths
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
* @since June 2018
*/
object SslContextFactoryTest : Spek({
describe("SslContextFactory") {
val sampleConfig = SecurityConfiguration(
privateKey = Paths.get("/", "tmp", "pk.pem"),
cert = Paths.get("/", "tmp", "cert.crt"),
trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
val cut = object : SslContextFactory() {
var actualConfig: SecurityConfiguration? = null
override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
actualConfig = secConfig
return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
}
private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
}
val result = cut.createSslContext(sampleConfig)
it("should be server context") {
assertThat(result.isServer).isTrue()
}
it("should use OpenSSL provider") {
assertThat(result).isInstanceOf(OpenSslServerContext::class.java)
}
/*
* It is too important to leave it untested on unit level.
* Because of the Netty API design we need to do it this way.
*/
it("should turn on client authentication") {
val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
.getDeclaredField("clientAuth")
.run {
isAccessible = true
get(result) as ClientAuth
}
assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
}
}
})
|
