diff options
9 files changed, 69 insertions, 10 deletions
diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java index f08bf7b28..85aae0a5d 100644 --- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java @@ -162,7 +162,7 @@ public final class CryptoUtils { private static SecretKeySpec readSecretKeySpec(String propertiesFileName) { Properties props = new Properties(); try { - //Workaround fix to make encryption key configurable + // Workaround fix to make encryption key configurable // System environment variable takes precedence for over clds/key.properties String encryptionKey = System.getenv(AES_ENCRYPTION_KEY); if(encryptionKey != null && encryptionKey.trim().length() > 0) { diff --git a/src/main/java/org/onap/clamp/clds/util/XmlTools.java b/src/main/java/org/onap/clamp/clds/util/XmlTools.java index a812fa127..a7d4ed9fb 100644 --- a/src/main/java/org/onap/clamp/clds/util/XmlTools.java +++ b/src/main/java/org/onap/clamp/clds/util/XmlTools.java @@ -24,6 +24,7 @@ package org.onap.clamp.clds.util; import java.io.StringWriter; +import javax.xml.XMLConstants; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -39,6 +40,12 @@ import org.w3c.dom.Document; public class XmlTools { /** + * Private constructor to avoid creating instances of util class. + */ + private XmlTools(){ + } + + /** * Transforms document to XML string. * * @param doc XML document @@ -47,6 +54,7 @@ public class XmlTools { public static String exportXmlDocumentAsString(Document doc) { try { TransformerFactory tf = TransformerFactory.newInstance(); + tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = tf.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); StringWriter writer = new StringWriter(); diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java index d6b20f30b..d6dfacbdb 100644 --- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java +++ b/src/main/java/org/onap/clamp/util/PrincipalUtils.java @@ -38,6 +38,12 @@ public class PrincipalUtils { private static SecurityContext securityContext = SecurityContextHolder.getContext(); /** + * Private constructor to avoid creating instances of util class. + */ + private PrincipalUtils(){ + } + + /** * Get the Full name. * * @return The user name diff --git a/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java index 5d8910352..1dbea376d 100644 --- a/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/CldsHealthcheckServiceItCase.java @@ -25,8 +25,6 @@ package org.onap.clamp.clds.it; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; -import javax.ws.rs.core.Response; - import org.junit.Test; import org.junit.runner.RunWith; import org.onap.clamp.clds.model.CldsHealthCheck; diff --git a/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java index 347de4a78..faeb04182 100644 --- a/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java @@ -149,6 +149,7 @@ public class CldsServiceItCase { Properties prop = new Properties(); InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream("clds-version.properties"); prop.load(in); + assertNotNull(in); in.close(); assertEquals(cldsInfo.getCldsVersion(), prop.getProperty("clds.version")); assertEquals(cldsInfo.getUserName(), "admin"); diff --git a/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java index 7d48086cb..992c06e8c 100644 --- a/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/CldsToscaServiceItCase.java @@ -69,7 +69,7 @@ public class CldsToscaServiceItCase { private String toscaModelYaml; private Authentication authentication; private CldsToscaModel cldsToscaModel; - private List<GrantedAuthority> authList = new LinkedList<GrantedAuthority>(); + private List<GrantedAuthority> authList = new LinkedList<>(); private LoggingUtils util; /** diff --git a/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java index 603d2d28f..1e6742c98 100644 --- a/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java +++ b/src/test/java/org/onap/clamp/clds/util/CryptoUtilsTest.java @@ -5,7 +5,9 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * @@ -26,17 +28,30 @@ package org.onap.clamp.clds.util; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotEquals; import static org.junit.Assert.assertNotNull; +import static org.mockito.Matchers.eq; + +import java.security.InvalidKeyException; + +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.ArrayUtils; import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.api.mockito.PowerMockito; +import org.powermock.core.classloader.annotations.PowerMockIgnore; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.powermock.modules.junit4.PowerMockRunner; - +@RunWith(PowerMockRunner.class) +@PowerMockIgnore({"javax.crypto.*"}) public class CryptoUtilsTest { private final String data = "This is a test string"; @Test + @PrepareForTest({CryptoUtils.class}) public final void testEncryption() throws Exception { String encodedString = CryptoUtils.encrypt(data); assertNotNull(encodedString); @@ -44,6 +59,7 @@ public class CryptoUtilsTest { } @Test + @PrepareForTest({CryptoUtils.class}) public final void testEncryptedStringIsDifferent() throws Exception { String encodedString1 = CryptoUtils.encrypt(data); String encodedString2 = CryptoUtils.encrypt(data); @@ -56,4 +72,30 @@ public class CryptoUtilsTest { byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length); assertNotEquals(subData1, subData2); } -}
\ No newline at end of file + + @Test + @PrepareForTest({CryptoUtils.class}) + public final void testEncryptionBaseOnRandomKey() throws Exception { + SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); + final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded())); + setAesEncryptionKeyEnv(encryptionKey); + + String encodedString = CryptoUtils.encrypt(data); + String decodedString = CryptoUtils.decrypt(encodedString); + assertEquals(data, decodedString); + } + + @Test(expected = InvalidKeyException.class) + @PrepareForTest({CryptoUtils.class}) + public final void testEncryptionBadKey() throws Exception { + final String badEncryptionKey = "93210sd"; + setAesEncryptionKeyEnv(badEncryptionKey); + + CryptoUtils.encrypt(data); + } + + private static void setAesEncryptionKeyEnv(String value) { + PowerMockito.mockStatic(System.class); + PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value); + } +} diff --git a/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java b/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java index 82c2162a5..d1adc166f 100644 --- a/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java +++ b/src/test/java/org/onap/clamp/clds/util/JsonUtilsTest.java @@ -5,6 +5,8 @@ * Copyright (C) 2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -155,4 +157,9 @@ public class JsonUtilsTest { // then assertThat(timeoutValue).isEqualTo(500); } + + @Test(expected = IllegalArgumentException.class) + public void shouldThrowExceptionFileNotExists() throws IOException { + ResourceFileUtil.getResourceAsString("example/notExist.json"); + } } diff --git a/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java b/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java index 6546553c7..63a1fa3e7 100644 --- a/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java +++ b/src/test/java/org/onap/clamp/clds/util/drawing/DocumentBuilderTest.java @@ -47,9 +47,6 @@ public class DocumentBuilderTest { @Mock private SVGGraphics2D mockG2d; - @Mock - private Document mockDomImpl; - @Test public void pushChangestoDocumentTest() throws IOException, ParserConfigurationException, SAXException { String dataElementId = "someId"; |