From a75ec445f2d769dd5078b6fc1afe4dcb9bc94b2a Mon Sep 17 00:00:00 2001 From: dan-s1 Date: Mon, 29 May 2023 21:25:43 +0000 Subject: [PATCH] NIFI-11612 Refactored SocketUtilsTest from Groovy to Java This closes #7310 Signed-off-by: David Handermann (cherry picked from commit 818747d84b8bfca39211a277dbccf10bbbc30c7e) --- .../nifi/io/socket/SocketUtilsTest.groovy | 111 ------------------ .../nifi/io/socket/SocketUtilsTest.java | 84 +++++++++++++ .../src/test/resources/log4j.xml | 36 ------ 3 files changed, 84 insertions(+), 147 deletions(-) delete mode 100644 nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy create mode 100644 nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java delete mode 100644 nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml diff --git a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy b/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy deleted file mode 100644 index 10532204c8..0000000000 --- a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.io.socket - -import org.apache.nifi.security.util.KeystoreType -import org.apache.nifi.security.util.StandardTlsConfiguration -import org.apache.nifi.security.util.TlsConfiguration -import org.apache.nifi.util.NiFiProperties -import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.junit.jupiter.api.BeforeAll -import org.junit.jupiter.api.Test -import org.slf4j.Logger -import org.slf4j.LoggerFactory - -import javax.net.ssl.SSLServerSocket -import java.security.Security - -import static org.junit.jupiter.api.Assertions.assertArrayEquals -import static org.junit.jupiter.api.Assertions.assertFalse - -class SocketUtilsTest { - private static final Logger logger = LoggerFactory.getLogger(SocketUtilsTest.class) - - private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks" - private static final String KEYSTORE_PASSWORD = "keystorepassword" - private static final String KEY_PASSWORD = "keypassword" - private static final KeystoreType KEYSTORE_TYPE = KeystoreType.JKS - - private static final String TRUSTSTORE_PATH = "src/test/resources/TlsConfigurationTruststore.jks" - private static final String TRUSTSTORE_PASSWORD = "truststorepassword" - private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS - - private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion() - - private static final Map DEFAULT_PROPS = [ - (NiFiProperties.SECURITY_KEYSTORE) : KEYSTORE_PATH, - (NiFiProperties.SECURITY_KEYSTORE_PASSWD) : KEYSTORE_PASSWORD, - (NiFiProperties.SECURITY_KEY_PASSWD) : KEY_PASSWORD, - (NiFiProperties.SECURITY_KEYSTORE_TYPE) : KEYSTORE_TYPE.getType(), - (NiFiProperties.SECURITY_TRUSTSTORE) : TRUSTSTORE_PATH, - (NiFiProperties.SECURITY_TRUSTSTORE_PASSWD): TRUSTSTORE_PASSWORD, - (NiFiProperties.SECURITY_TRUSTSTORE_TYPE) : TRUSTSTORE_TYPE.getType(), - ] - - private NiFiProperties mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, DEFAULT_PROPS) - - // A static TlsConfiguration referencing the test resource keystore and truststore -// private static final TlsConfiguration TLS_CONFIGURATION = -// new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, -// TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL) -// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, ClientAuth.NONE) - - @BeforeAll - static void setUpOnce() throws Exception { - Security.addProvider(new BouncyCastleProvider()) - - logger.metaClass.methodMissing = { String name, args -> - logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}") - } - } - - @Test - void testCreateSSLServerSocketShouldRestrictTlsProtocols() { - // Arrange - ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration() - mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)) - - // Act - SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration) - logger.info("Created SSL server socket: ${sslServerSocket}") - - // Assert - String[] enabledProtocols = sslServerSocket.getEnabledProtocols() - logger.info("Enabled protocols: ${enabledProtocols}") - assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols) - assertFalse(enabledProtocols.contains("TLSv1")) - assertFalse(enabledProtocols.contains("TLSv1.1")) - } - - @Test - void testCreateServerSocketShouldRestrictTlsProtocols() { - // Arrange - ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration() - mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)) - - // Act - SSLServerSocket sslServerSocket = SocketUtils.createServerSocket(0, mockServerSocketConfiguration) as SSLServerSocket - logger.info("Created SSL server socket: ${sslServerSocket}") - - // Assert - String[] enabledProtocols = sslServerSocket.getEnabledProtocols() - logger.info("Enabled protocols: ${enabledProtocols}") - assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols) - assertFalse(enabledProtocols.contains("TLSv1")) - assertFalse(enabledProtocols.contains("TLSv1.1")) - } -} \ No newline at end of file diff --git a/nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java b/nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java new file mode 100644 index 0000000000..493af11adf --- /dev/null +++ b/nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.io.socket; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.nifi.security.util.KeystoreType; +import org.apache.nifi.security.util.StandardTlsConfiguration; +import org.apache.nifi.security.util.TlsConfiguration; +import org.apache.nifi.security.util.TlsException; +import org.apache.nifi.util.NiFiProperties; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; + +import javax.net.ssl.SSLServerSocket; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; + +public class SocketUtilsTest { + private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks"; + private static final String KEYSTORE_PASSWORD = "keystorepassword"; + private static final String KEY_PASSWORD = "keypassword"; + private static final KeystoreType KEYSTORE_TYPE = KeystoreType.JKS; + private static final String TRUSTSTORE_PATH = "src/test/resources/TlsConfigurationTruststore.jks"; + private static final String TRUSTSTORE_PASSWORD = "truststorepassword"; + private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS; + private static NiFiProperties mockNiFiProperties; + + @BeforeAll + public static void setUpOnce() throws Exception { + final Map defaultProps = new HashMap<>(); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE, KEYSTORE_PATH); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE_PASSWD, KEYSTORE_PASSWORD); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEY_PASSWD, KEY_PASSWORD); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE_TYPE, KEYSTORE_TYPE.getType()); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE, TRUSTSTORE_PATH); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE_PASSWD, TRUSTSTORE_PASSWORD); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE_TYPE, TRUSTSTORE_TYPE.getType()); + mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, defaultProps); + } + + @Test + public void testCreateSSLServerSocketShouldRestrictTlsProtocols() throws TlsException, IOException { + ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration(); + mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)); + + try (SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration)) { + String[] enabledProtocols = sslServerSocket.getEnabledProtocols(); + assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1")); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1.1")); + } + } + + @Test + public void testCreateServerSocketShouldRestrictTlsProtocols() throws TlsException, IOException { + ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration(); + mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)); + + try (SSLServerSocket sslServerSocket = (SSLServerSocket)SocketUtils.createServerSocket(0, mockServerSocketConfiguration)) { + String[] enabledProtocols = sslServerSocket.getEnabledProtocols(); + assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1")); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1.1")); + } + } +} diff --git a/nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml b/nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml deleted file mode 100644 index 8e9376901f..0000000000 --- a/nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml +++ /dev/null @@ -1,36 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file