Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-11612 Refactored SocketUtilsTest from Groovy to Java 

This closes #7310

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
dan-s1 2023-05-29 21:25:43 +00:00 committed by exceptionfactory
parent 2f8e5b27b0
commit 818747d84b
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
3 changed files with 84 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy
View File

@ -1,111 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.io.socket
import org.apache.nifi.security.util.KeystoreType
import org.apache.nifi.security.util.StandardTlsConfiguration
import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.junit.jupiter.api.BeforeAll
import org.junit.jupiter.api.Test
import org.slf4j.Logger
import org.slf4j.LoggerFactory
import javax.net.ssl.SSLServerSocket
import java.security.Security
import static org.junit.jupiter.api.Assertions.assertArrayEquals
import static org.junit.jupiter.api.Assertions.assertFalse
class SocketUtilsTest {
private static final Logger logger = LoggerFactory.getLogger(SocketUtilsTest.class)
private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks"
private static final String KEYSTORE_PASSWORD = "keystorepassword"
private static final String KEY_PASSWORD = "keypassword"
private static final KeystoreType KEYSTORE_TYPE = KeystoreType.JKS
private static final String TRUSTSTORE_PATH = "src/test/resources/TlsConfigurationTruststore.jks"
private static final String TRUSTSTORE_PASSWORD = "truststorepassword"
private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS
private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion()
private static final Map<String, String> DEFAULT_PROPS = [
(NiFiProperties.SECURITY_KEYSTORE) : KEYSTORE_PATH,
(NiFiProperties.SECURITY_KEYSTORE_PASSWD) : KEYSTORE_PASSWORD,
(NiFiProperties.SECURITY_KEY_PASSWD) : KEY_PASSWORD,
(NiFiProperties.SECURITY_KEYSTORE_TYPE) : KEYSTORE_TYPE.getType(),
(NiFiProperties.SECURITY_TRUSTSTORE) : TRUSTSTORE_PATH,
(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD): TRUSTSTORE_PASSWORD,
(NiFiProperties.SECURITY_TRUSTSTORE_TYPE) : TRUSTSTORE_TYPE.getType(),
]
private NiFiProperties mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, DEFAULT_PROPS)
// A static TlsConfiguration referencing the test resource keystore and truststore
// private static final TlsConfiguration TLS_CONFIGURATION =
// new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH,
// TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL)
// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, ClientAuth.NONE)
@BeforeAll
static void setUpOnce() throws Exception {
Security.addProvider(new BouncyCastleProvider())
logger.metaClass.methodMissing = { String name, args ->
logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
}
}
@Test
void testCreateSSLServerSocketShouldRestrictTlsProtocols() {
// Arrange
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration()
mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties))
// Act
SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration)
logger.info("Created SSL server socket: ${sslServerSocket}")
// Assert
String[] enabledProtocols = sslServerSocket.getEnabledProtocols()
logger.info("Enabled protocols: ${enabledProtocols}")
assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols)
assertFalse(enabledProtocols.contains("TLSv1"))
assertFalse(enabledProtocols.contains("TLSv1.1"))
}
@Test
void testCreateServerSocketShouldRestrictTlsProtocols() {
// Arrange
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration()
mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties))
// Act
SSLServerSocket sslServerSocket = SocketUtils.createServerSocket(0, mockServerSocketConfiguration) as SSLServerSocket
logger.info("Created SSL server socket: ${sslServerSocket}")
// Assert
String[] enabledProtocols = sslServerSocket.getEnabledProtocols()
logger.info("Enabled protocols: ${enabledProtocols}")
assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols)
assertFalse(enabledProtocols.contains("TLSv1"))
assertFalse(enabledProtocols.contains("TLSv1.1"))
}
}

84
nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java Normal file
View File

@ -0,0 +1,84 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.io.socket;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.nifi.security.util.KeystoreType;
import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.security.util.TlsException;
import org.apache.nifi.util.NiFiProperties;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import javax.net.ssl.SSLServerSocket;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
public class SocketUtilsTest {
private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks";
private static final String KEYSTORE_PASSWORD = "keystorepassword";
private static final String KEY_PASSWORD = "keypassword";
private static final KeystoreType KEYSTORE_TYPE = KeystoreType.JKS;
private static final String TRUSTSTORE_PATH = "src/test/resources/TlsConfigurationTruststore.jks";
private static final String TRUSTSTORE_PASSWORD = "truststorepassword";
private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS;
private static NiFiProperties mockNiFiProperties;
@BeforeAll
public static void setUpOnce() throws Exception {
final Map<String, String> defaultProps = new HashMap<>();
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE, KEYSTORE_PATH);
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE_PASSWD, KEYSTORE_PASSWORD);
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEY_PASSWD, KEY_PASSWORD);
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE_TYPE, KEYSTORE_TYPE.getType());
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE, TRUSTSTORE_PATH);
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE_PASSWD, TRUSTSTORE_PASSWORD);
defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE_TYPE, TRUSTSTORE_TYPE.getType());
mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, defaultProps);
}
@Test
public void testCreateSSLServerSocketShouldRestrictTlsProtocols() throws TlsException, IOException {
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration();
mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties));
try (SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration)) {
String[] enabledProtocols = sslServerSocket.getEnabledProtocols();
assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols);
assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1"));
assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1.1"));
}
}
@Test
public void testCreateServerSocketShouldRestrictTlsProtocols() throws TlsException, IOException {
ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration();
mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties));
try (SSLServerSocket sslServerSocket = (SSLServerSocket)SocketUtils.createServerSocket(0, mockServerSocketConfiguration)) {
String[] enabledProtocols = sslServerSocket.getEnabledProtocols();
assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols);
assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1"));
assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1.1"));
}
}
}

36
nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml
View File

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<!-- Appender for printing formatted log statements to the console. -->
<appender name="console" class="org.apache.log4j.ConsoleAppender">
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p [%t] %40.40c - %m%n"/>
</layout>
</appender>
<!-- Logger for managing logging statements for nifi -->
<logger name="nifi">
<level value="debug"/>
</logger>
<root>
<level value="warn"/>
<appender-ref ref="console"/>
</root>
</log4j:configuration>