Improve coverage of cadi-core

author IanHowell <ian.howell@att.com>

Mon, 21 May 2018 16:01:21 +0000 (11:01 -0500)

committer IanHowell <ian.howell@att.com>

Mon, 21 May 2018 16:01:26 +0000 (11:01 -0500)
author IanHowell <ian.howell@att.com>
Mon, 21 May 2018 16:01:21 +0000 (11:01 -0500)
committer IanHowell <ian.howell@att.com>
Mon, 21 May 2018 16:01:26 +0000 (11:01 -0500)
diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java

index 9d555f6..c9ff59d 100644 (file)
--- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java
+++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java
@@ -69,10 +69,10 @@ public class HX509SS implements SecuritySetter<HttpURLConnection> {
         public HX509SS(final String sendAlias, SecurityInfoC<HttpURLConnection> si, boolean asDefault) throws APIException, CadiException {
                 securityInfo = si;
                 if((alias=sendAlias) == null) {
-                       if(si.default_alias == null) {
+                       if(si.defaultAlias == null) {
                                 throw new APIException("JKS Alias is required to use X509SS Security.  Use " + Config.CADI_ALIAS +" to set default alias");
                         } else {
-                               alias = si.default_alias;
+                               alias = si.defaultAlias;
                         }
                 }
                 
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java

index b34d096..f63de20 100644 (file)
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java
@@ -61,23 +61,23 @@ public class SecurityInfo {
  
         public static final String HTTPS_PROTOCOLS_DEFAULT = "TLSv1.1,TLSv1.2";
         public static final String REGEX_COMMA = "\\s*,\\s*";
-       public static final String SslKeyManagerFactoryAlgorithm;
+       public static final String SSL_KEY_MANAGER_FACTORY_ALGORITHM;
         
-       private SSLSocketFactory scf;
-       private X509KeyManager[] km;
-       private X509TrustManager[] tm;
-       public final String default_alias;
+       private SSLSocketFactory socketFactory;
+       private X509KeyManager[] x509KeyManager;
+       private X509TrustManager[] x509TrustManager;
+       public final String defaultAlias;
         private NetMask[] trustMasks;
-       private SSLContext ctx;
+       private SSLContext context;
         private HostnameVerifier maskHV;
         public final Access access;
  
         // Change Key Algorithms for IBM's VM.  Could put in others, if needed.
         static {
-               if(System.getProperty("java.vm.vendor").equalsIgnoreCase("IBM Corporation")) {
-                       SslKeyManagerFactoryAlgorithm = "IbmX509";
+               if ("IBM Corporation".equalsIgnoreCase(System.getProperty("java.vm.vendor"))) {
+                       SSL_KEY_MANAGER_FACTORY_ALGORITHM = "IbmX509";
                 } else {
-                       SslKeyManagerFactoryAlgorithm = "SunX509";
+                       SSL_KEY_MANAGER_FACTORY_ALGORITHM = "SunX509";
                 }
         }
         
@@ -91,23 +91,23 @@ public class SecurityInfo {
                         
                         initializeTrustManager();
                         
-                       default_alias = access.getProperty(Config.CADI_ALIAS, null);
+                       defaultAlias = access.getProperty(Config.CADI_ALIAS, null);
                         
                         initializeTrustMasks();
  
-                       String https_protocols = Config.logProp(access, Config.CADI_PROTOCOLS,
+                       String httpsProtocols = Config.logProp(access, Config.CADI_PROTOCOLS,
                                                 access.getProperty(HTTPS_PROTOCOLS, HTTPS_PROTOCOLS_DEFAULT)
                                                 );
-                       System.setProperty(HTTPS_PROTOCOLS, https_protocols);
-                       System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, https_protocols);
-                       if("1.7".equals(System.getProperty("java.specification.version")) && https_protocols.contains("TLSv1.2")) {
+                       System.setProperty(HTTPS_PROTOCOLS, httpsProtocols);
+                       System.setProperty(JDK_TLS_CLIENT_PROTOCOLS, httpsProtocols);
+                       if ("1.7".equals(System.getProperty("java.specification.version")) && httpsProtocols.contains("TLSv1.2")) {
                                 System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT);
                         }                       
  
-                       ctx = SSLContext.getInstance("TLS");
-                       ctx.init(km, tm, null);
-                       SSLContext.setDefault(ctx);
-                       scf = ctx.getSocketFactory();
+                       context = SSLContext.getInstance("TLS");
+                       context.init(x509KeyManager, x509TrustManager, null);
+                       SSLContext.setDefault(context);
+                       socketFactory = context.getSocketFactory();
                 } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException | CertificateException | UnrecoverableKeyException | IOException e) {
                         throw new CadiException(e);
                 }
@@ -117,162 +117,168 @@ public class SecurityInfo {
          * @return the scf
          */
         public SSLSocketFactory getSSLSocketFactory() {
-               return scf;
+               return socketFactory;
         }
  
         public SSLContext getSSLContext() {
-               return ctx;
+               return context;
         }
  
         /**
          * @return the km
          */
         public X509KeyManager[] getKeyManagers() {
-               return km;
+               return x509KeyManager;
         }
  
         public void checkClientTrusted(X509Certificate[] certarr) throws CertificateException {
-               for(X509TrustManager xtm : tm) {
+               for (X509TrustManager xtm : x509TrustManager) {
                         xtm.checkClientTrusted(certarr, SECURITY_ALGO);
                 }
         }
  
         public void checkServerTrusted(X509Certificate[] certarr) throws CertificateException {
-               for(X509TrustManager xtm : tm) {
+               for (X509TrustManager xtm : x509TrustManager) {
                         xtm.checkServerTrusted(certarr, SECURITY_ALGO);
                 }
         }
  
         public void setSocketFactoryOn(HttpsURLConnection hsuc) {
-               hsuc.setSSLSocketFactory(scf);
-               if(maskHV != null && !maskHV.equals(hsuc.getHostnameVerifier())) {
+               hsuc.setSSLSocketFactory(socketFactory);
+               if (maskHV != null && !maskHV.equals(hsuc.getHostnameVerifier())) {
                         hsuc.setHostnameVerifier(maskHV);
                 }
         }
         
         protected void initializeKeyManager() throws CadiException, IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException {
                 String keyStore = access.getProperty(Config.CADI_KEYSTORE, null);
-               if(keyStore != null && !new File(keyStore).exists()) {
+               if (keyStore != null && !new File(keyStore).exists()) {
                         throw new CadiException(keyStore + " does not exist");
                 }
  
                 String keyStorePasswd = access.getProperty(Config.CADI_KEYSTORE_PASSWORD, null);
                 keyStorePasswd = (keyStorePasswd == null) ? null : access.decrypt(keyStorePasswd, false);
+               if (keyStore == null || keyStorePasswd == null) { 
+                       x509KeyManager = new X509KeyManager[0];
+                       return;
+               }
  
                 String keyPasswd = access.getProperty(Config.CADI_KEY_PASSWORD, null);
                 keyPasswd = (keyPasswd == null) ? keyStorePasswd : access.decrypt(keyPasswd, false);
  
-               KeyManagerFactory kmf = KeyManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm);
-               if(keyStore == null || keyStorePasswd == null) { 
-                       km = new X509KeyManager[0];
-               } else {
-                       ArrayList<X509KeyManager> kmal = new ArrayList<X509KeyManager>();
-                       File file;
-                       for(String ksname : keyStore.split(REGEX_COMMA)) {
-                               file = new File(ksname);
-                               String keystoreFormat;
-                               if(ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) {
-                                       keystoreFormat = "PKCS12";
-                               } else {
-                                       keystoreFormat = "JKS";
-                               }
-                               if(file.exists()) {
-                                       FileInputStream fis = new FileInputStream(file);
-                                       try {
-                                               KeyStore ks = KeyStore.getInstance(keystoreFormat);
-                                               ks.load(fis, keyStorePasswd.toCharArray());
-                                               kmf.init(ks, keyPasswd.toCharArray());
-                                       } finally {
-                                               fis.close();
-                                       }
-                               }
+               KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM);
+
+               ArrayList<X509KeyManager> keyManagers = new ArrayList<>();
+               File file;
+               for (String ksname : keyStore.split(REGEX_COMMA)) {
+                       String keystoreFormat;
+                       if (ksname.endsWith(".p12") || ksname.endsWith(".pkcs12")) {
+                               keystoreFormat = "PKCS12";
+                       } else {
+                               keystoreFormat = "JKS";
                         }
-                       for(KeyManager km : kmf.getKeyManagers()) {
-                               if(km instanceof X509KeyManager) {
-                                       kmal.add((X509KeyManager)km);
+
+                       file = new File(ksname);
+                       if (file.exists()) {
+                               FileInputStream fis = new FileInputStream(file);
+                               try {
+                                       KeyStore ks = KeyStore.getInstance(keystoreFormat);
+                                       ks.load(fis, keyStorePasswd.toCharArray());
+                                       keyManagerFactory.init(ks, keyPasswd.toCharArray());
+                               } finally {
+                                       fis.close();
                                 }
                         }
-                       km = new X509KeyManager[kmal.size()];
-                       kmal.toArray(km);
                 }
+               for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
+                       if (keyManager instanceof X509KeyManager) {
+                               keyManagers.add((X509KeyManager)keyManager);
+                       }
+               }
+               x509KeyManager = new X509KeyManager[keyManagers.size()];
+               keyManagers.toArray(x509KeyManager);
         }
  
         protected void initializeTrustManager() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException, CadiException {
                 String trustStore = access.getProperty(Config.CADI_TRUSTSTORE, null);
-               if(trustStore != null && !new File(trustStore).exists()) {
+               if (trustStore != null && !new File(trustStore).exists()) {
                         throw new CadiException(trustStore + " does not exist");
                 }
  
+               if (trustStore == null) {
+                       return;
+               }
+
                 String trustStorePasswd = access.getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null);
                 trustStorePasswd = (trustStorePasswd == null) ? "changeit"/*defacto Java Trust Pass*/ : access.decrypt(trustStorePasswd, false);
  
-               TrustManagerFactory tmf = TrustManagerFactory.getInstance(SslKeyManagerFactoryAlgorithm);
-               if(trustStore != null) {
-                       File file;
-                       for(String tsname : trustStore.split(REGEX_COMMA)) {
-                               file = new File(tsname);
-                               if(file.exists()) {
-                                       FileInputStream fis = new FileInputStream(file);
-                                       try {
-                                               KeyStore ts = KeyStore.getInstance("JKS");
-                                               ts.load(fis, trustStorePasswd.toCharArray());
-                                               tmf.init(ts); 
-                                       } finally {
-                                               fis.close();
-                                       }
+               TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(SSL_KEY_MANAGER_FACTORY_ALGORITHM);
+               File file;
+               for (String trustStoreName : trustStore.split(REGEX_COMMA)) {
+                       file = new File(trustStoreName);
+                       if (file.exists()) {
+                               FileInputStream fis = new FileInputStream(file);
+                               try {
+                                       KeyStore ts = KeyStore.getInstance("JKS");
+                                       ts.load(fis, trustStorePasswd.toCharArray());
+                                       trustManagerFactory.init(ts); 
+                               } finally {
+                                       fis.close();
                                 }
                         }
+               }
  
-                       TrustManager tms[] = tmf.getTrustManagers();
-                       if(tms != null && tms.length>0) {
-                               tm = new X509TrustManager[tms.length];
-                               for(int i = 0; i < tms.length; ++i) {
-                                       try {
-                                               tm[i] = (X509TrustManager)tms[i];
-                                       } catch (ClassCastException e) {
-                                               access.log(Level.WARN, "Non X509 TrustManager", tm[i].getClass().getName(), "skipped in SecurityInfo");
-                                       }
-                               }
-                       }
+               TrustManager trustManagers[] = trustManagerFactory.getTrustManagers();
+               if (trustManagers == null || trustManagers.length == 0) {
+                       return;
                 }
  
+               x509TrustManager = new X509TrustManager[trustManagers.length];
+               for (int i = 0; i < trustManagers.length; ++i) {
+                       try {
+                               x509TrustManager[i] = (X509TrustManager)trustManagers[i];
+                       } catch (ClassCastException e) {
+                               access.log(Level.WARN, "Non X509 TrustManager", x509TrustManager[i].getClass().getName(), "skipped in SecurityInfo");
+                       }
+               }
         }
         
         protected void initializeTrustMasks() throws AccessException {
                 String tips = access.getProperty(Config.CADI_TRUST_MASKS, null);
-               if(tips != null) {
-                       access.log(Level.INIT, "Explicitly accepting valid X509s from", tips);
-                       String[] ipsplit = tips.split(REGEX_COMMA);
-                       trustMasks = new NetMask[ipsplit.length];
-                       for(int i = 0; i < ipsplit.length; ++i) {
-                               try {
-                                       trustMasks[i] = new NetMask(ipsplit[i]);
-                               } catch (MaskFormatException e) {
-                                       throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e);
-                               }
+               if (tips == null) {
+                       return;
+               }
+
+               access.log(Level.INIT, "Explicitly accepting valid X509s from", tips);
+               String[] ipsplit = tips.split(REGEX_COMMA);
+               trustMasks = new NetMask[ipsplit.length];
+               for (int i = 0; i < ipsplit.length; ++i) {
+                       try {
+                               trustMasks[i] = new NetMask(ipsplit[i]);
+                       } catch (MaskFormatException e) {
+                               throw new AccessException("Invalid IP Mask in " + Config.CADI_TRUST_MASKS, e);
                         }
                 }
-               
-               if(trustMasks != null) {
-                       final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier();
-                       HttpsURLConnection.setDefaultHostnameVerifier(maskHV = new HostnameVerifier() {
-                               @Override
-                               public boolean verify(final String urlHostName, final SSLSession session) {
-                                       try {
-                                               // This will pick up /etc/host entries as well as DNS
-                                               InetAddress ia = InetAddress.getByName(session.getPeerHost());
-                                               for(NetMask tmask : trustMasks) {
-                                                       if(tmask.isInNet(ia.getHostAddress())) {
-                                                               return true;
-                                                       }
+       
+               final HostnameVerifier origHV = HttpsURLConnection.getDefaultHostnameVerifier();
+               maskHV = new HostnameVerifier() {
+                       @Override
+                       public boolean verify(final String urlHostName, final SSLSession session) {
+                               try {
+                                       // This will pick up /etc/host entries as well as DNS
+                                       InetAddress ia = InetAddress.getByName(session.getPeerHost());
+                                       for (NetMask tmask : trustMasks) {
+                                               if (tmask.isInNet(ia.getHostAddress())) {
+                                                       return true;
                                                 }
-                                       } catch (UnknownHostException e) {
-                                               // It's ok. do normal Verify
                                         }
-                                       return origHV.verify(urlHostName, session);
-                               };
-                       });
-               }
+                               } catch (UnknownHostException e) {
+                                       // It's ok. do normal Verify
+                               }
+                               return origHV.verify(urlHostName, session);
+                       };
+               };
+               HttpsURLConnection.setDefaultHostnameVerifier(maskHV);
         }
         
  }
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java

index 4411a85..66683dc 100644 (file)
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java
@@ -70,7 +70,7 @@ public class X509Taf implements HttpTaf {
                 try {
                         certFactory = CertificateFactory.getInstance("X.509");
                         messageDigest = MessageDigest.getInstance("SHA-256"); // use this to clone
-                       tmf = TrustManagerFactory.getInstance(SecurityInfoC.SslKeyManagerFactoryAlgorithm);
+                       tmf = TrustManagerFactory.getInstance(SecurityInfoC.SSL_KEY_MANAGER_FACTORY_ALGORITHM);
                 } catch (Exception e) {
                         throw new RuntimeException("X.509 and SHA-256 are required for X509Taf",e);
                 }
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java

index 842a709..001d0fe 100644 (file)
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java
@@ -97,6 +97,9 @@ public class JU_SecurityInfo {
                 assertNotNull(si.getSSLSocketFactory());
                 assertNotNull(si.getSSLContext());
                 assertNotNull(si.getKeyManagers());
+               
+               access.setProperty(Config.CADI_TRUST_MASKS, "123.123.123.123");
+               si = new SecurityInfo(access);
         }
  
         @Test(expected = CadiException.class)
@@ -112,6 +115,14 @@ public class JU_SecurityInfo {
                 @SuppressWarnings("unused")
                 SecurityInfo si = new SecurityInfo(access);
         }
+       
+       
+       @Test(expected = NumberFormatException.class)
+       public void badTrustMaskTest() throws CadiException {
+               access.setProperty(Config.CADI_TRUST_MASKS, "trustMask");
+               @SuppressWarnings("unused")
+               SecurityInfo si = new SecurityInfo(access);
+       }
  
         @Test
         public void coverageTest() throws CadiException {
author	IanHowell <ian.howell@att.com>
	Mon, 21 May 2018 16:01:21 +0000 (11:01 -0500)
committer	IanHowell <ian.howell@att.com>
	Mon, 21 May 2018 16:01:26 +0000 (11:01 -0500)
cadi/client/src/main/java/org/onap/aaf/cadi/http/HX509SS.java		patch \| blob \| history
cadi/core/src/main/java/org/onap/aaf/cadi/config/SecurityInfo.java		patch \| blob \| history
cadi/core/src/main/java/org/onap/aaf/cadi/taf/cert/X509Taf.java		patch \| blob \| history
cadi/core/src/test/java/org/onap/aaf/cadi/config/test/JU_SecurityInfo.java		patch \| blob \| history