Move SSL verification to test
Move the SSL verification to the unit test instead of having it in the
main class
Change-Id: I574a4ba380ef62171cc6ba0c23eb41dee8a8cc18
Issue-ID: CLAMP-74
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
diff --git a/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java b/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java
index 449e364..4886b0d 100644
--- a/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java
+++ b/src/main/java/org/onap/clamp/clds/client/CldsEventDelegate.java
@@ -23,25 +23,23 @@
package org.onap.clamp.clds.client;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+
import org.camunda.bpm.engine.delegate.DelegateExecution;
import org.camunda.bpm.engine.delegate.JavaDelegate;
import org.onap.clamp.clds.dao.CldsDao;
import org.onap.clamp.clds.model.CldsEvent;
import org.springframework.beans.factory.annotation.Autowired;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
/**
* Create CLDS Event.
*/
public class CldsEventDelegate implements JavaDelegate {
-
protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsEventDelegate.class);
protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
-
@Autowired
- private CldsDao cldsDao;
+ private CldsDao cldsDao;
/**
* Insert event using process variables.
@@ -49,20 +47,19 @@
* @param execution
*/
@Override
- public void execute(DelegateExecution execution) throws Exception {
+ public void execute(DelegateExecution execution) {
String controlName = (String) execution.getVariable("controlName");
String actionCd = (String) execution.getVariable("actionCd");
String actionStateCd = (String) execution.getVariable("actionStateCd");
- // Flag indicate whether it is triggered by Validation Test button from UI
+ // Flag indicate whether it is triggered by Validation Test button from
+ // UI
boolean isTest = (boolean) execution.getVariable("isTest");
boolean isInsertTestEvent = (boolean) execution.getVariable("isInsertTestEvent");
String userid = (String) execution.getVariable("userid");
-
// do not insert events for test actions unless flag set to insert them
if (!isTest || isInsertTestEvent) {
// won't really have userid here...
CldsEvent.insEvent(cldsDao, controlName, userid, actionCd, actionStateCd, execution.getProcessInstanceId());
}
}
-
}
diff --git a/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java b/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java
index cff955f..ef472ae 100644
--- a/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java
+++ b/src/main/java/org/onap/clamp/clds/client/DcaeHttpConnectionManager.java
@@ -32,22 +32,18 @@
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import javax.ws.rs.BadRequestException;
import org.apache.commons.io.IOUtils;
import org.onap.clamp.clds.util.LoggingUtils;
+/**
+ *
+ * This class manages the HTTP and HTTPS connections to DCAE.
+ *
+ */
public class DcaeHttpConnectionManager {
protected static final EELFLogger logger = EELFManager.getInstance()
.getLogger(DcaeHttpConnectionManager.class);
@@ -57,39 +53,6 @@
private DcaeHttpConnectionManager() {
}
- static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
- @Override
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- @Override
- public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
- }
-
- @Override
- public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
- }
- } };
-
- private static void enableSslNoCheck() {
- try {
- SSLContext sc = SSLContext.getInstance("SSL");
- sc.init(null, trustAllCerts, new java.security.SecureRandom());
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
- HostnameVerifier allHostsValid = new HostnameVerifier() {
- @Override
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
- };
- // set the allTrusting verifier
- HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
- } catch (KeyManagementException | NoSuchAlgorithmException e) {
- logger.error("Error when disabling security on SSL", e);
- }
- }
-
private static String doHttpsQuery(URL url, String requestMethod, String payload, String contentType)
throws IOException {
logger.info("Using HTTPS URL to contact DCAE:" + url.toString());
@@ -157,7 +120,7 @@
}
/**
- * This method does a HTTP query to DCAE with parameters specified.
+ * This method does a HTTP/HTTPS query to DCAE with parameters specified.
*
* @param url
* The string HTTP or HTTPS that mustr be used to connect
@@ -173,33 +136,8 @@
*/
public static String doDcaeHttpQuery(String url, String requestMethod, String payload, String contentType)
throws IOException {
- return doDcaeHttpQuery(url, requestMethod, payload, contentType, false);
- }
-
- /**
- * This method does a HTTP/HTTPS query to DCAE with parameters specified.
- *
- * @param url
- * The string HTTP or HTTPS that mustr be used to connect
- * @param requestMethod
- * The Request Method (PUT, POST, GET, DELETE, etc ...)
- * @param payload
- * The payload if any, in that case an ouputstream is opened
- * @param contentType
- * The "application/json or application/xml, or whatever"
- * @param withoutSecurity
- * Disable or not the SSL security (certificate,hostname, etc...)
- * @return The payload of the answer
- * @throws IOException
- * In case of issue with the streams
- */
- public static String doDcaeHttpQuery(String url, String requestMethod, String payload, String contentType,
- boolean withoutSecurity) throws IOException {
URL urlObj = new URL(url);
if (url.contains("https://")) { // Support for HTTPS
- if (withoutSecurity) {
- enableSslNoCheck();
- }
return doHttpsQuery(urlObj, requestMethod, payload, contentType);
} else { // Support for HTTP
return doHttpQuery(urlObj, requestMethod, payload, contentType);
diff --git a/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java b/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java
index 7714270..cf9fa4e 100644
--- a/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java
+++ b/src/test/java/org/onap/clamp/clds/it/DcaeHttpConnectionManagerItCase.java
@@ -28,9 +28,20 @@
import static org.junit.Assert.fail;
import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import javax.ws.rs.BadRequestException;
+import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.onap.clamp.clds.AbstractItCase;
@@ -49,14 +60,49 @@
@TestPropertySource(locations = "classpath:https/https-test.properties")
public class DcaeHttpConnectionManagerItCase extends AbstractItCase {
@Value("${server.port}")
- private String httpsPort;
+ private String httpsPort;
@Value("${server.http-to-https-redirection.port}")
- private String httpPort;
+ private String httpPort;
+ private static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
+ @Override
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+ throws CertificateException {
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] arg0, String arg1)
+ throws CertificateException {
+ }
+ } };
+
+ private void enableSslNoCheck() throws NoSuchAlgorithmException, KeyManagementException {
+ SSLContext sc = SSLContext.getInstance("SSL");
+ sc.init(null, trustAllCerts, new java.security.SecureRandom());
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ HostnameVerifier allHostsValid = new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ };
+ // set the allTrusting verifier
+ HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
+ }
+
+ @Before
+ public void setupEnvBeforeTest() throws KeyManagementException, NoSuchAlgorithmException {
+ enableSslNoCheck();
+ }
@Test
public void testHttpGet() throws Exception {
String response = DcaeHttpConnectionManager
- .doDcaeHttpQuery("http://localhost:" + this.httpPort + "/designer/index.html", "GET", null, null, true);
+ .doDcaeHttpQuery("http://localhost:" + this.httpPort + "/designer/index.html", "GET", null, null);
assertNotNull(response);
// Should be a redirection so 302, so empty
assertTrue(response.isEmpty());
@@ -64,8 +110,8 @@
@Test
public void testHttpsGet() throws Exception {
- String response = DcaeHttpConnectionManager.doDcaeHttpQuery(
- "https://localhost:" + this.httpsPort + "/designer/index.html", "GET", null, null, true);
+ String response = DcaeHttpConnectionManager
+ .doDcaeHttpQuery("https://localhost:" + this.httpsPort + "/designer/index.html", "GET", null, null);
assertNotNull(response);
// Should contain something
assertTrue(!response.isEmpty());
@@ -74,21 +120,21 @@
@Test(expected = BadRequestException.class)
public void testHttpsGet404() throws IOException {
DcaeHttpConnectionManager.doDcaeHttpQuery("https://localhost:" + this.httpsPort + "/designer/index1.html",
- "GET", null, null, true);
+ "GET", null, null);
fail("Should have raised an BadRequestException exception");
}
@Test(expected = BadRequestException.class)
public void testHttpsPost404() throws IOException {
DcaeHttpConnectionManager.doDcaeHttpQuery("https://localhost:" + this.httpsPort + "/designer/index1.html",
- "POST", "", "application/json", true);
+ "POST", "", "application/json");
fail("Should have raised an BadRequestException exception");
}
@Test(expected = IOException.class)
public void testHttpException() throws IOException {
DcaeHttpConnectionManager.doDcaeHttpQuery("http://localhost:" + this.httpsPort + "/designer/index.html", "GET",
- null, null, true);
+ null, null);
fail("Should have raised an IOException exception");
}
}