From 5e60216d030f45267124e94b82c0ab8fac3b2958 Mon Sep 17 00:00:00 2001
From: "k.kedron" <k.kedron@partner.samsung.com>
Date: Mon, 29 Apr 2019 11:37:25 +0200
Subject: Improve unit tests and sonar fixes

Add more test to CryptoUtilsTest and JsonUtilsTest.
Correct sonar issue in CldsServiceItCase test - checking if stream is not null.
Remove unused import in CldsHealthcheckServiceItCase.
Remove unused field in DocumentBuilderTest.
Add private constructor in PrincipalUtils and XmlTools.
Add FEATURE_SECURE_PROCESSING feature to TransformerFactory.

Change-Id: Ieeb561352697c131ebf11bc43162f63ea7096e81
Issue-ID: CLAMP-355
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
---
 src/main/java/org/onap/clamp/clds/util/CryptoUtils.java | 2 +-
 src/main/java/org/onap/clamp/clds/util/XmlTools.java    | 8 ++++++++
 src/main/java/org/onap/clamp/util/PrincipalUtils.java   | 6 ++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

(limited to 'src/main/java/org')

diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
index f08bf7b28..85aae0a5d 100644
--- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
+++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
@@ -162,7 +162,7 @@ public final class CryptoUtils {
     private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
         Properties props = new Properties();
         try {
-            //Workaround fix to make encryption key configurable
+            // Workaround fix to make encryption key configurable
             // System environment variable takes precedence for over clds/key.properties
             String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
             if(encryptionKey != null && encryptionKey.trim().length() > 0) {
diff --git a/src/main/java/org/onap/clamp/clds/util/XmlTools.java b/src/main/java/org/onap/clamp/clds/util/XmlTools.java
index a812fa127..a7d4ed9fb 100644
--- a/src/main/java/org/onap/clamp/clds/util/XmlTools.java
+++ b/src/main/java/org/onap/clamp/clds/util/XmlTools.java
@@ -24,6 +24,7 @@
 package org.onap.clamp.clds.util;
 
 import java.io.StringWriter;
+import javax.xml.XMLConstants;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -38,6 +39,12 @@ import org.w3c.dom.Document;
 
 public class XmlTools {
 
+    /**
+     * Private constructor to avoid creating instances of util class.
+     */
+    private XmlTools(){
+    }
+
     /**
      * Transforms document to XML string.
      *
@@ -47,6 +54,7 @@ public class XmlTools {
     public static String exportXmlDocumentAsString(Document doc) {
         try {
             TransformerFactory tf = TransformerFactory.newInstance();
+            tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
             Transformer transformer = tf.newTransformer();
             transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
             StringWriter writer = new StringWriter();
diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java
index d6b20f30b..d6dfacbdb 100644
--- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java
+++ b/src/main/java/org/onap/clamp/util/PrincipalUtils.java
@@ -37,6 +37,12 @@ public class PrincipalUtils {
     private static UserNameHandler userNameHandler = new DefaultUserNameHandler();
     private static SecurityContext securityContext = SecurityContextHolder.getContext();
 
+    /**
+     * Private constructor to avoid creating instances of util class.
+     */
+    private PrincipalUtils(){
+    }
+
     /**
      * Get the Full name.
      *
-- 
cgit 1.2.3-korg