diff options
author | tkogut <tomasz.kogut@nokia.com> | 2020-10-16 13:01:29 +0200 |
---|---|---|
committer | Adam Wudzinski <adam.wudzinski@nokia.com> | 2020-10-21 20:11:48 +0200 |
commit | 384b7b14722c5a2e351d61b3779869d680cebf8f (patch) | |
tree | b22cdd6ebe422728bc462a774c3af6f79de7e036 /pnfsimulator/src/test/java | |
parent | 9d44aaf054a1746149ce3bbc4c1e54e68d25f712 (diff) |
Adjust PNF simulator to use strict hostname checking.
Use separate keystore/truststore for ves.
Add network for communication between ves and pnfsim.
Issue-ID: INT-1744
Signed-off-by: tkogut <tomasz.kogut@nokia.com>
Change-Id: I6626ac6d6f74e739aeb93879eddfd44f9e9383ea
Diffstat (limited to 'pnfsimulator/src/test/java')
5 files changed, 282 insertions, 52 deletions
diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacadeTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacadeTest.java new file mode 100644 index 0000000..e6d3d03 --- /dev/null +++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacadeTest.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.security.GeneralSecurityException; + +import static org.junit.Assert.assertNotNull; + +class HttpClientFactoryFacadeTest { + @Test + void shouldSuccessfullyCreateHttpClient() throws GeneralSecurityException, IOException { + assertNotNull(HttpClientFactoryFacade.create("http://example.com", new SslAuthenticationHelper())); + } +} diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryTest.java new file mode 100644 index 0000000..c213982 --- /dev/null +++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryTest.java @@ -0,0 +1,143 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import org.hamcrest.CoreMatchers; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.security.GeneralSecurityException; +import java.security.KeyStoreException; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.Assert.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +class HttpClientFactoryTest { + private static final String HTTPS_URL = "https://example.com"; + private static final String HTTP_URL = "http://example.com"; + + private SSLContextFactory sslContextFactoryMock; + private HttpClientFactory httpClientFactory; + private SslAuthenticationHelper sslAuthenticationHelper; + + @BeforeEach + public void setup() { + sslContextFactoryMock = mock(SSLContextFactory.class); + httpClientFactory = new HttpClientFactory(sslContextFactoryMock); + sslAuthenticationHelper = new SslAuthenticationHelper(); + } + + @Test + void shouldCreateHttpsClient_whenClientCertificationDisabled() throws GeneralSecurityException, IOException { + // given + sslAuthenticationHelper.setClientCertificateEnabled(false); + + // when + final var httpClient = httpClientFactory.create(HTTPS_URL, sslAuthenticationHelper); + + // then + assertNotNull(httpClient); + verifySslContextFactoryMockCalls(0, 1); + } + + @Test + void shouldCreateHttpsClient_whenClientCertificationDisabled_AndCannotCreateTrustAlwaysSslContext() throws GeneralSecurityException, IOException { + // given + sslAuthenticationHelper.setClientCertificateEnabled(false); + when(sslContextFactoryMock.createTrustAlways()).thenThrow(KeyStoreException.class); + + // when + final var httpClient = httpClientFactory.create(HTTPS_URL, sslAuthenticationHelper); + + // then + assertNotNull(httpClient); + verifySslContextFactoryMockCalls(0, 1); + } + + @Test + void shouldCreateHttpClient_whenClientCertificationDisabled() throws GeneralSecurityException, IOException { + // given + sslAuthenticationHelper.setClientCertificateEnabled(false); + + // when + final var httpClient = httpClientFactory.create(HTTP_URL, sslAuthenticationHelper); + + // then + assertNotNull(httpClient); + verifySslContextFactoryMockCalls(0, 0); + } + + + @Test + void shouldCreateHttpClient_whenClientCertificationAndStrictHostnameVerificationAreEnabled() throws GeneralSecurityException, IOException { + // given + sslAuthenticationHelper.setClientCertificateEnabled(true); + sslAuthenticationHelper.setStrictHostnameVerification(true); + + // when + final var httpClient = httpClientFactory.create(HTTP_URL, sslAuthenticationHelper); + + // then + assertNotNull(httpClient); + verifySslContextFactoryMockCalls(1, 0); + } + + @Test + void shouldCreateHttpClient_whenClientCertificationEnabledAndStrictHostnameVerificationDisabled() throws GeneralSecurityException, IOException { + // given + sslAuthenticationHelper.setClientCertificateEnabled(true); + sslAuthenticationHelper.setStrictHostnameVerification(false); + + // when + final var httpClient = httpClientFactory.create(HTTP_URL, sslAuthenticationHelper); + + // then + assertNotNull(httpClient); + verifySslContextFactoryMockCalls(1, 0); + } + + @Test + void shouldThrowMalformedURLException_whenInvalidUrl() throws GeneralSecurityException, IOException { + // given + var invalidUrl = "invalid"; + + // when + final var exception = assertThrows(MalformedURLException.class, + () -> httpClientFactory.create(invalidUrl, sslAuthenticationHelper)); + + // then + assertThat(exception.getMessage(), CoreMatchers.containsString("invalid")); + } + + private void verifySslContextFactoryMockCalls(int createCalls, int createTrustAlwaysCalls) throws GeneralSecurityException, IOException { + verify(sslContextFactoryMock, times(createCalls)).create(any()); + verify(sslContextFactoryMock, times(createTrustAlwaysCalls)).createTrustAlways(); + } + +} diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/PasswordConverterTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/PasswordConverterTest.java new file mode 100644 index 0000000..fddfc5f --- /dev/null +++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/PasswordConverterTest.java @@ -0,0 +1,44 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +class PasswordConverterTest { + + @Test + void shouldSuccessfullyConvert() { + // given, when + final char[] result = PasswordConverter.convert("sw ./#%"); + + // then + assertArrayEquals(new char[]{'s', 'w', ' ', '.', '/', '#', '%'}, result); + } + + @Test + void shouldReturnNull_whenNullPasswordUsed() { + // given, when, then + assertNull(PasswordConverter.convert(null)); + } +} diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java new file mode 100644 index 0000000..8e82706 --- /dev/null +++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java @@ -0,0 +1,60 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import java.io.IOException; +import java.security.GeneralSecurityException; + +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; + +class SSLContextFactoryTest { + private CertificateReader certificateReaderMock; + private SSLContextFactory sslContextFactory; + + @BeforeEach + void setup() { + certificateReaderMock = mock(CertificateReader.class); + sslContextFactory = new SSLContextFactory(certificateReaderMock); + } + + @Test + void shouldSuccessfullyCreateTrustAlwaysSSLContext() throws GeneralSecurityException, IOException { + // given, when, then + assertNotNull(sslContextFactory.createTrustAlways()); + verify(certificateReaderMock, times(0)).read(any(), any(), any()); + } + + @Test + void shouldSuccessfullyCreateSSLContext() throws GeneralSecurityException, IOException { + // given, when, then + assertNotNull(sslContextFactory.create(new SslAuthenticationHelper())); + verify(certificateReaderMock, times(2)).read(any(), any(), any()); + } + +} + diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevelTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevelTest.java deleted file mode 100644 index 3a7dbf2..0000000 --- a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslSupportLevelTest.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PNF-REGISTRATION-HANDLER - * ================================================================================ - * Copyright (C) 2018 Nokia. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.pnfsimulator.simulator.client.utils.ssl; - -import org.junit.jupiter.api.Test; - -import java.net.MalformedURLException; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; - -class SslSupportLevelTest { - - private static final String HTTPS_URL = "https://127.0.0.1:8443/"; - private static final String HTTP_URL = "http://127.0.0.1:8080/"; - - @Test - void testShouldReturnAlwaysTrustSupportLevelForHttpsUrl() throws MalformedURLException { - SslSupportLevel actualSupportLevel = SslSupportLevel.getSupportLevelBasedOnProtocol(HTTPS_URL); - assertEquals(SslSupportLevel.ALWAYS_TRUST, actualSupportLevel); - } - - @Test - void testShouldReturnNoneSupportLevelForHttpUrl() throws MalformedURLException { - SslSupportLevel actualSupportLevel = SslSupportLevel.getSupportLevelBasedOnProtocol(HTTP_URL); - assertEquals(SslSupportLevel.NONE, actualSupportLevel); - } - - @Test - void testShouldRaiseExceptionWhenInvalidUrlPassed() { - assertThrows(MalformedURLException.class, () -> SslSupportLevel.getSupportLevelBasedOnProtocol("http://bla:VES-PORT/")); - } - -} |