Fix Sonar Crypto issues

Fix this problem by removing the CryptoUtils that could be replaced by AAF cadi call (this was already in place in the code). The OOM sdc controller password will have to be modified as well.

Issue-ID: POLICY-3201
Issue-ID: POLICY-3200
Change-Id: I6dfd9abb691afb3548d4e68c8759351ad02a30da
Signed-off-by: sebdet <sebastien.determe@intl.att.com>

8 files changed, 54 insertions, 142 deletions

diff --git a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java
index 89178b778..7390b65ba 100644
--- a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java
+++ b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java
@@ -1,8 +1,8 @@
 /*-
  * ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -57,7 +57,8 @@ public class SdcSingleControllerConfigurationTest {
                 StandardCharsets.UTF_8);
         JsonObject jsonNode = JsonUtils.GSON.fromJson(streamReader, JsonObject.class);
 
-        return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName);
+        return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName,
+                "classpath:clds/aaf/org.onap.clamp.keyfile");
     }
 
     @Test
diff --git a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java
index 516fc7a09..70aeccf59 100644
--- a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java
+++ b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java
@@ -1,8 +1,8 @@
 /*-
  * ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -56,7 +56,7 @@ public class SdcControllersConfigurationItCase {
 
     @Test
     public void testGetAllDefinedControllers() throws IOException {
-        loadFile("classpath:/clds/sdc-controllers-config.json");
+        loadFile("classpath:clds/sdc-controllers-config.json");
         Map<String, SdcSingleControllerConfiguration> mapResult = sdcControllersConfiguration
                 .getAllDefinedControllers();
         assertTrue(mapResult.size() == 2);
@@ -66,7 +66,7 @@ public class SdcControllersConfigurationItCase {
 
     @Test
     public void testGetSdcSingleControllerConfiguration() throws IOException {
-        loadFile("classpath:/clds/sdc-controllers-config.json");
+        loadFile("classpath:clds/sdc-controllers-config.json");
         assertEquals("sdc-controller1", sdcControllersConfiguration
                 .getSdcSingleControllerConfiguration("sdc-controller1").getSdcControllerName());
         assertEquals("sdc-controller2", sdcControllersConfiguration
@@ -75,13 +75,13 @@ public class SdcControllersConfigurationItCase {
 
     @Test(expected = JsonSyntaxException.class)
     public void testBadJsonLoading() throws IOException {
-        loadFile("classpath:/clds/sdc-controllers-config-bad.json");
+        loadFile("classpath:clds/sdc-controllers-config-bad.json");
         fail("Should have raised an exception");
     }
 
     @Test(expected = SdcParametersException.class)
     public void testMissingParamInJsonLoading() throws IOException {
-        loadFile("classpath:/clds/sdc-controllers-config-missing-param.json");
+        loadFile("classpath:clds/sdc-controllers-config-missing-param.json");
         sdcControllersConfiguration.getAllDefinedControllers();
         fail("Should have raised an exception");
     }
diff --git a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java
deleted file mode 100644
index 6239fef80..000000000
--- a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- *                             reserved.
- * ================================================================================
- * Modifications Copyright (c) 2019 Samsung
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. 
- * You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- * 
- */
-
-package org.onap.policy.clamp.clds.util;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.mockito.ArgumentMatchers.eq;
-
-import java.security.InvalidKeyException;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang3.ArrayUtils;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.powermock.api.mockito.PowerMockito;
-import org.powermock.core.classloader.annotations.PowerMockIgnore;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-
-@RunWith(PowerMockRunner.class)
-@PowerMockIgnore({ "javax.crypto.*", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*" })
-public class CryptoUtilsTest {
-
-    private final String data = "This is a test string";
-
-    @Test
-    @PrepareForTest({ CryptoUtils.class })
-    public final void testEncryption() throws Exception {
-        String encodedString = CryptoUtils.encrypt(data);
-        assertNotNull(encodedString);
-        assertEquals(data, CryptoUtils.decrypt(encodedString));
-    }
-
-    @Test
-    @PrepareForTest({ CryptoUtils.class })
-    public final void testEncryptedStringIsDifferent() throws Exception {
-        String encodedString1 = CryptoUtils.encrypt(data);
-        String encodedString2 = CryptoUtils.encrypt(data);
-        byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray());
-        byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray());
-        assertNotNull(encryptedMessage1);
-        assertNotNull(encryptedMessage2);
-        assertNotEquals(encryptedMessage1, encryptedMessage2);
-        byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length);
-        byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length);
-        assertNotEquals(subData1, subData2);
-    }
-
-    @Test
-    @PrepareForTest({ CryptoUtils.class })
-    public final void testEncryptionBaseOnRandomKey() throws Exception {
-        SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
-        final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded()));
-        setAesEncryptionKeyEnv(encryptionKey);
-
-        String encodedString = CryptoUtils.encrypt(data);
-        String decodedString = CryptoUtils.decrypt(encodedString);
-        assertEquals(data, decodedString);
-    }
-
-    @Test(expected = InvalidKeyException.class)
-    @PrepareForTest({ CryptoUtils.class })
-    public final void testEncryptionBadKey() throws Exception {
-        final String badEncryptionKey = "93210sd";
-        setAesEncryptionKeyEnv(badEncryptionKey);
-
-        CryptoUtils.encrypt(data);
-    }
-
-    private static void setAesEncryptionKeyEnv(String value) {
-        PowerMockito.mockStatic(System.class);
-        PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value);
-    }
-}
diff --git a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java
index 83e894130..7fd0cb91d 100644
--- a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java
+++ b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java
@@ -1,24 +1,24 @@
 /*-
  * ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
  * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. 
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  * ============LICENSE_END============================================
  * ===================================================================
- * 
+ *
  */
 
 package org.onap.policy.clamp.util;
@@ -48,5 +48,8 @@ public class PassDecoderTest {
     public final void testDecryption() throws Exception {
         String decodedPass = PassDecoder.decode(encrypted, "classpath:clds/aaf/org.onap.clamp.keyfile");
         assertEquals(decodedPass, "China in the Spring");
+        assertEquals("Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", PassDecoder
+                .decode("enc:JPV4p067JlSXt2Fet9bfuI8JpkS4ZGYVcgypcPs98gXjgjCjTze_d3JxqmlKaaakdiOjIcEC_MJh6-5pJTLgdc",
+                        "classpath:clds/aaf/org.onap.clamp.keyfile"));
     }
 }
diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties
index d67fe74a3..bc513e9e4 100644
--- a/src/test/resources/application.properties
+++ b/src/test/resources/application.properties
@@ -31,6 +31,8 @@ server.port=${clamp.it.tests.http}
 #server.ssl.key-store-password=pass
 #server.ssl.key-password=pass
 
+clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile
+
 ### In order to be user friendly when HTTPS is enabled,
 ### you can add another HTTP port that will be automatically redirected to HTTPS
 ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)
diff --git a/src/test/resources/clds/sdc-controller-config-TLS.json b/src/test/resources/clds/sdc-controller-config-TLS.json
index 99366b765..4d5f02945 100644
--- a/src/test/resources/clds/sdc-controller-config-TLS.json
+++ b/src/test/resources/clds/sdc-controller-config-TLS.json
@@ -4,11 +4,11 @@
         "consumerId": "consumerId",
         "environmentName": "environmentName",
         "sdcAddress": "hostname:8080",
-        "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
+        "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
         "pollingInterval":10,
         "pollingTimeout":30,
         "activateServerTLSAuth": true,
-        "keyStorePassword":"bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
+        "keyStorePassword":"QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
         "keyStorePath": "/test",
         "messageBusAddresses":["localhost"]
 }
diff --git a/src/test/resources/clds/sdc-controllers-config.json b/src/test/resources/clds/sdc-controllers-config.json
index ce56fef27..75e5be1b9 100644
--- a/src/test/resources/clds/sdc-controllers-config.json
+++ b/src/test/resources/clds/sdc-controllers-config.json
@@ -1,27 +1,30 @@
 {
-  "sdc-connections":{
-    "sdc-controller1":{
-        "user": "User1",
-        "consumerGroup": "consumerGroup1",
-        "consumerId": "consumerId1",
-        "environmentName": "environmentName1",
-        "sdcAddress": "localhost:${docker.http-cache.port.host}",
-        "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
-        "pollingInterval":10,
-        "pollingTimeout":30,
-        "messageBusAddresses":["localhost"]
+  "sdc-connections": {
+    "sdc-controller1": {
+      "user": "User1",
+      "consumerGroup": "consumerGroup1",
+      "consumerId": "consumerId1",
+      "environmentName": "environmentName1",
+      "sdcAddress": "localhost:${docker.http-cache.port.host}",
+      "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
+      "pollingInterval": 10,
+      "pollingTimeout": 30,
+      "messageBusAddresses": [
+        "localhost"
+      ]
     },
-     "sdc-controller2":{
-        "user": "User2",
-        "consumerGroup": "consumerGroup2",
-        "consumerId": "consumerId2",
-        "environmentName": "environmentName2",
-        "sdcAddress": "localhost:${docker.http-cache.port.host}",
-        "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
-        "pollingInterval":10,
-        "pollingTimeout":30,
-        "messageBusAddresses":["localhost"]
-        
+    "sdc-controller2": {
+      "user": "User2",
+      "consumerGroup": "consumerGroup2",
+      "consumerId": "consumerId2",
+      "environmentName": "environmentName2",
+      "sdcAddress": "localhost:${docker.http-cache.port.host}",
+      "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
+      "pollingInterval": 10,
+      "pollingTimeout": 30,
+      "messageBusAddresses": [
+        "localhost"
+      ]
     }
   }
 }
diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties
index a12f052ad..fed074198 100644
--- a/src/test/resources/robotframework/robotframework-test.properties
+++ b/src/test/resources/robotframework/robotframework-test.properties
@@ -31,6 +31,8 @@ server.port=${clamp.it.tests.robotframework.http}
 #server.ssl.key-store-password=pass
 #server.ssl.key-password=pass
 
+clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile
+
 ### In order to be user friendly when HTTPS is enabled,
 ### you can add another HTTP port that will be automatically redirected to HTTPS
 ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)