From e2e71040679fc6f305f9cdbe0d9d38c701934dcd Mon Sep 17 00:00:00 2001 From: sebdet Date: Mon, 19 Apr 2021 14:46:45 +0200 Subject: Fix Sonar Crypto issues Fix this problem by removing the CryptoUtils that could be replaced by AAF cadi call (this was already in place in the code). The OOM sdc controller password will have to be modified as well. Issue-ID: POLICY-3201 Issue-ID: POLICY-3200 Change-Id: I6dfd9abb691afb3548d4e68c8759351ad02a30da Signed-off-by: sebdet --- .../sdc/SdcSingleControllerConfigurationTest.java | 7 +- .../config/SdcControllersConfigurationItCase.java | 12 +-- .../policy/clamp/clds/util/CryptoUtilsTest.java | 99 ---------------------- .../onap/policy/clamp/util/PassDecoderTest.java | 23 ++--- src/test/resources/application.properties | 2 + .../resources/clds/sdc-controller-config-TLS.json | 4 +- .../resources/clds/sdc-controllers-config.json | 47 +++++----- .../robotframework/robotframework-test.properties | 2 + 8 files changed, 54 insertions(+), 142 deletions(-) delete mode 100644 src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java (limited to 'src/test') diff --git a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java index 89178b778..7390b65ba 100644 --- a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java +++ b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -57,7 +57,8 @@ public class SdcSingleControllerConfigurationTest { StandardCharsets.UTF_8); JsonObject jsonNode = JsonUtils.GSON.fromJson(streamReader, JsonObject.class); - return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName); + return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName, + "classpath:clds/aaf/org.onap.clamp.keyfile"); } @Test diff --git a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java index 516fc7a09..70aeccf59 100644 --- a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java +++ b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -56,7 +56,7 @@ public class SdcControllersConfigurationItCase { @Test public void testGetAllDefinedControllers() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config.json"); + loadFile("classpath:clds/sdc-controllers-config.json"); Map mapResult = sdcControllersConfiguration .getAllDefinedControllers(); assertTrue(mapResult.size() == 2); @@ -66,7 +66,7 @@ public class SdcControllersConfigurationItCase { @Test public void testGetSdcSingleControllerConfiguration() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config.json"); + loadFile("classpath:clds/sdc-controllers-config.json"); assertEquals("sdc-controller1", sdcControllersConfiguration .getSdcSingleControllerConfiguration("sdc-controller1").getSdcControllerName()); assertEquals("sdc-controller2", sdcControllersConfiguration @@ -75,13 +75,13 @@ public class SdcControllersConfigurationItCase { @Test(expected = JsonSyntaxException.class) public void testBadJsonLoading() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config-bad.json"); + loadFile("classpath:clds/sdc-controllers-config-bad.json"); fail("Should have raised an exception"); } @Test(expected = SdcParametersException.class) public void testMissingParamInJsonLoading() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config-missing-param.json"); + loadFile("classpath:clds/sdc-controllers-config-missing-param.json"); sdcControllersConfiguration.getAllDefinedControllers(); fail("Should have raised an exception"); } diff --git a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java deleted file mode 100644 index 6239fef80..000000000 --- a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.policy.clamp.clds.util; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertNotNull; -import static org.mockito.ArgumentMatchers.eq; - -import java.security.InvalidKeyException; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.ArrayUtils; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PowerMockIgnore; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -@RunWith(PowerMockRunner.class) -@PowerMockIgnore({ "javax.crypto.*", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*" }) -public class CryptoUtilsTest { - - private final String data = "This is a test string"; - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryption() throws Exception { - String encodedString = CryptoUtils.encrypt(data); - assertNotNull(encodedString); - assertEquals(data, CryptoUtils.decrypt(encodedString)); - } - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptedStringIsDifferent() throws Exception { - String encodedString1 = CryptoUtils.encrypt(data); - String encodedString2 = CryptoUtils.encrypt(data); - byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray()); - byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray()); - assertNotNull(encryptedMessage1); - assertNotNull(encryptedMessage2); - assertNotEquals(encryptedMessage1, encryptedMessage2); - byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length); - byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length); - assertNotEquals(subData1, subData2); - } - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptionBaseOnRandomKey() throws Exception { - SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); - final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded())); - setAesEncryptionKeyEnv(encryptionKey); - - String encodedString = CryptoUtils.encrypt(data); - String decodedString = CryptoUtils.decrypt(encodedString); - assertEquals(data, decodedString); - } - - @Test(expected = InvalidKeyException.class) - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptionBadKey() throws Exception { - final String badEncryptionKey = "93210sd"; - setAesEncryptionKeyEnv(badEncryptionKey); - - CryptoUtils.encrypt(data); - } - - private static void setAesEncryptionKeyEnv(String value) { - PowerMockito.mockStatic(System.class); - PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value); - } -} diff --git a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java index 83e894130..7fd0cb91d 100644 --- a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java +++ b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java @@ -1,24 +1,24 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.util; @@ -48,5 +48,8 @@ public class PassDecoderTest { public final void testDecryption() throws Exception { String decodedPass = PassDecoder.decode(encrypted, "classpath:clds/aaf/org.onap.clamp.keyfile"); assertEquals(decodedPass, "China in the Spring"); + assertEquals("Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", PassDecoder + .decode("enc:JPV4p067JlSXt2Fet9bfuI8JpkS4ZGYVcgypcPs98gXjgjCjTze_d3JxqmlKaaakdiOjIcEC_MJh6-5pJTLgdc", + "classpath:clds/aaf/org.onap.clamp.keyfile")); } } diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index d67fe74a3..bc513e9e4 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -31,6 +31,8 @@ server.port=${clamp.it.tests.http} #server.ssl.key-store-password=pass #server.ssl.key-password=pass +clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile + ### In order to be user friendly when HTTPS is enabled, ### you can add another HTTP port that will be automatically redirected to HTTPS ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) diff --git a/src/test/resources/clds/sdc-controller-config-TLS.json b/src/test/resources/clds/sdc-controller-config-TLS.json index 99366b765..4d5f02945 100644 --- a/src/test/resources/clds/sdc-controller-config-TLS.json +++ b/src/test/resources/clds/sdc-controller-config-TLS.json @@ -4,11 +4,11 @@ "consumerId": "consumerId", "environmentName": "environmentName", "sdcAddress": "hostname:8080", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "pollingInterval":10, "pollingTimeout":30, "activateServerTLSAuth": true, - "keyStorePassword":"bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", + "keyStorePassword":"QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "keyStorePath": "/test", "messageBusAddresses":["localhost"] } diff --git a/src/test/resources/clds/sdc-controllers-config.json b/src/test/resources/clds/sdc-controllers-config.json index ce56fef27..75e5be1b9 100644 --- a/src/test/resources/clds/sdc-controllers-config.json +++ b/src/test/resources/clds/sdc-controllers-config.json @@ -1,27 +1,30 @@ { - "sdc-connections":{ - "sdc-controller1":{ - "user": "User1", - "consumerGroup": "consumerGroup1", - "consumerId": "consumerId1", - "environmentName": "environmentName1", - "sdcAddress": "localhost:${docker.http-cache.port.host}", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", - "pollingInterval":10, - "pollingTimeout":30, - "messageBusAddresses":["localhost"] + "sdc-connections": { + "sdc-controller1": { + "user": "User1", + "consumerGroup": "consumerGroup1", + "consumerId": "consumerId1", + "environmentName": "environmentName1", + "sdcAddress": "localhost:${docker.http-cache.port.host}", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", + "pollingInterval": 10, + "pollingTimeout": 30, + "messageBusAddresses": [ + "localhost" + ] }, - "sdc-controller2":{ - "user": "User2", - "consumerGroup": "consumerGroup2", - "consumerId": "consumerId2", - "environmentName": "environmentName2", - "sdcAddress": "localhost:${docker.http-cache.port.host}", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", - "pollingInterval":10, - "pollingTimeout":30, - "messageBusAddresses":["localhost"] - + "sdc-controller2": { + "user": "User2", + "consumerGroup": "consumerGroup2", + "consumerId": "consumerId2", + "environmentName": "environmentName2", + "sdcAddress": "localhost:${docker.http-cache.port.host}", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", + "pollingInterval": 10, + "pollingTimeout": 30, + "messageBusAddresses": [ + "localhost" + ] } } } diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties index a12f052ad..fed074198 100644 --- a/src/test/resources/robotframework/robotframework-test.properties +++ b/src/test/resources/robotframework/robotframework-test.properties @@ -31,6 +31,8 @@ server.port=${clamp.it.tests.robotframework.http} #server.ssl.key-store-password=pass #server.ssl.key-password=pass +clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile + ### In order to be user friendly when HTTPS is enabled, ### you can add another HTTP port that will be automatically redirected to HTTPS ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) -- cgit 1.2.3-korg