aboutsummaryrefslogtreecommitdiffstats
path: root/gui-server/src/test/java/org/onap/policy/gui/server/config/RestTemplateConfig5Test.java
blob: 5905ebc1ecb5e31a5769451a79f143868f220438 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

/*-
 * ============LICENSE_START=======================================================
 *  Copyright (C) 2022 Nordix Foundation.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 * ============LICENSE_END=========================================================
 */

package org.onap.policy.gui.server.config;

import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import javax.net.ssl.SSLPeerUnverifiedException;
import org.junit.jupiter.api.Test;
import org.onap.policy.gui.server.test.util.RestTemplateConfig;
import org.onap.policy.gui.server.test.util.hello.HelloWorldApplication;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.web.client.RestClientException;

/**
 * In this test, we verify that SSL validation and hostname check are enabled
 * by default. Thus we explicitly set the Spring properties
 * runtime-ui.acm.disable-ssl-validation and runtime-ui.acm.disable-ssl-hostname-check as false.
 * Since our keystore cert has a hostname 'helloworld' and our test request is
 * to localhost, the request will fail with an SSLPeerUnverifiedException, as
 * the SSL cert name does not match the server name 'localhost'.
 */
@SpringBootTest(
    classes = {
        HelloWorldApplication.class,
        AcmRuntimeRestTemplateConfig.class,
        PolicyApiRestTemplateConfig.class
    },
    properties = {
        "server.ssl.enabled=true",
        "server.ssl.key-store=file:src/test/resources/helloworld-keystore.jks",
        "server.ssl.key-store-password=changeit",
        "server.ssl.trust-store=file:src/test/resources/helloworld-truststore.jks",
        "server.ssl.trust-store-password=changeit"
    },
    webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
class RestTemplateConfig5Test {
    @Test
    void testSslValidationIsEnabledByDefault() {
        RestTemplateConfig rtConfig = new RestTemplateConfig();

        rtConfig.getRestTemplateList().forEach(restTemplate -> {
            var helloUrl = "https://localhost:" + rtConfig.getPort() + "/";
            Exception e = assertThrows(RestClientException.class,
                () -> restTemplate.getForEntity(helloUrl, String.class));
            assertTrue(e.getCause() instanceof SSLPeerUnverifiedException);
        });
    }
}