This is an automated email from the ASF dual-hosted git repository. exceptionfactory pushed a commit to branch support/nifi-1.x in repository https://gitbox.apache.org/repos/asf/nifi.git
commit a75ec445f2d769dd5078b6fc1afe4dcb9bc94b2a Author: dan-s1 <dsti...@gmail.com> AuthorDate: Mon May 29 21:25:43 2023 +0000 NIFI-11612 Refactored SocketUtilsTest from Groovy to Java This closes #7310 Signed-off-by: David Handermann <exceptionfact...@apache.org> (cherry picked from commit 818747d84b8bfca39211a277dbccf10bbbc30c7e) --- .../apache/nifi/io/socket/SocketUtilsTest.groovy | 111 --------------------- .../org/apache/nifi/io/socket/SocketUtilsTest.java | 84 ++++++++++++++++ .../nifi-socket-utils/src/test/resources/log4j.xml | 36 ------- 3 files changed, 84 insertions(+), 147 deletions(-) diff --git a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy b/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy deleted file mode 100644 index 10532204c8..0000000000 --- a/nifi-commons/nifi-socket-utils/src/test/groovy/org/apache/nifi/io/socket/SocketUtilsTest.groovy +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.io.socket - -import org.apache.nifi.security.util.KeystoreType -import org.apache.nifi.security.util.StandardTlsConfiguration -import org.apache.nifi.security.util.TlsConfiguration -import org.apache.nifi.util.NiFiProperties -import org.bouncycastle.jce.provider.BouncyCastleProvider -import org.junit.jupiter.api.BeforeAll -import org.junit.jupiter.api.Test -import org.slf4j.Logger -import org.slf4j.LoggerFactory - -import javax.net.ssl.SSLServerSocket -import java.security.Security - -import static org.junit.jupiter.api.Assertions.assertArrayEquals -import static org.junit.jupiter.api.Assertions.assertFalse - -class SocketUtilsTest { - private static final Logger logger = LoggerFactory.getLogger(SocketUtilsTest.class) - - private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks" - private static final String KEYSTORE_PASSWORD = "keystorepassword" - private static final String KEY_PASSWORD = "keypassword" - private static final KeystoreType KEYSTORE_TYPE = KeystoreType.JKS - - private static final String TRUSTSTORE_PATH = "src/test/resources/TlsConfigurationTruststore.jks" - private static final String TRUSTSTORE_PASSWORD = "truststorepassword" - private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS - - private static final String PROTOCOL = TlsConfiguration.getHighestCurrentSupportedTlsProtocolVersion() - - private static final Map<String, String> DEFAULT_PROPS = [ - (NiFiProperties.SECURITY_KEYSTORE) : KEYSTORE_PATH, - (NiFiProperties.SECURITY_KEYSTORE_PASSWD) : KEYSTORE_PASSWORD, - (NiFiProperties.SECURITY_KEY_PASSWD) : KEY_PASSWORD, - (NiFiProperties.SECURITY_KEYSTORE_TYPE) : KEYSTORE_TYPE.getType(), - (NiFiProperties.SECURITY_TRUSTSTORE) : TRUSTSTORE_PATH, - (NiFiProperties.SECURITY_TRUSTSTORE_PASSWD): TRUSTSTORE_PASSWORD, - (NiFiProperties.SECURITY_TRUSTSTORE_TYPE) : TRUSTSTORE_TYPE.getType(), - ] - - private NiFiProperties mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, DEFAULT_PROPS) - - // A static TlsConfiguration referencing the test resource keystore and truststore -// private static final TlsConfiguration TLS_CONFIGURATION = -// new StandardTlsConfiguration(KEYSTORE_PATH, KEYSTORE_PASSWORD, KEY_PASSWORD, KEYSTORE_TYPE, TRUSTSTORE_PATH, -// TRUSTSTORE_PASSWORD, TRUSTSTORE_TYPE, PROTOCOL) -// private static final SSLContext sslContext = SslContextFactory.createSslContext(TLS_CONFIGURATION, ClientAuth.NONE) - - @BeforeAll - static void setUpOnce() throws Exception { - Security.addProvider(new BouncyCastleProvider()) - - logger.metaClass.methodMissing = { String name, args -> - logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}") - } - } - - @Test - void testCreateSSLServerSocketShouldRestrictTlsProtocols() { - // Arrange - ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration() - mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)) - - // Act - SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration) - logger.info("Created SSL server socket: ${sslServerSocket}") - - // Assert - String[] enabledProtocols = sslServerSocket.getEnabledProtocols() - logger.info("Enabled protocols: ${enabledProtocols}") - assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols) - assertFalse(enabledProtocols.contains("TLSv1")) - assertFalse(enabledProtocols.contains("TLSv1.1")) - } - - @Test - void testCreateServerSocketShouldRestrictTlsProtocols() { - // Arrange - ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration() - mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)) - - // Act - SSLServerSocket sslServerSocket = SocketUtils.createServerSocket(0, mockServerSocketConfiguration) as SSLServerSocket - logger.info("Created SSL server socket: ${sslServerSocket}") - - // Assert - String[] enabledProtocols = sslServerSocket.getEnabledProtocols() - logger.info("Enabled protocols: ${enabledProtocols}") - assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols) - assertFalse(enabledProtocols.contains("TLSv1")) - assertFalse(enabledProtocols.contains("TLSv1.1")) - } -} \ No newline at end of file diff --git a/nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java b/nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java new file mode 100644 index 0000000000..493af11adf --- /dev/null +++ b/nifi-commons/nifi-socket-utils/src/test/java/org/apache/nifi/io/socket/SocketUtilsTest.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.io.socket; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.nifi.security.util.KeystoreType; +import org.apache.nifi.security.util.StandardTlsConfiguration; +import org.apache.nifi.security.util.TlsConfiguration; +import org.apache.nifi.security.util.TlsException; +import org.apache.nifi.util.NiFiProperties; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; + +import javax.net.ssl.SSLServerSocket; +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; + +public class SocketUtilsTest { + private static final String KEYSTORE_PATH = "src/test/resources/TlsConfigurationKeystore.jks"; + private static final String KEYSTORE_PASSWORD = "keystorepassword"; + private static final String KEY_PASSWORD = "keypassword"; + private static final KeystoreType KEYSTORE_TYPE = KeystoreType.JKS; + private static final String TRUSTSTORE_PATH = "src/test/resources/TlsConfigurationTruststore.jks"; + private static final String TRUSTSTORE_PASSWORD = "truststorepassword"; + private static final KeystoreType TRUSTSTORE_TYPE = KeystoreType.JKS; + private static NiFiProperties mockNiFiProperties; + + @BeforeAll + public static void setUpOnce() throws Exception { + final Map<String, String> defaultProps = new HashMap<>(); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE, KEYSTORE_PATH); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE_PASSWD, KEYSTORE_PASSWORD); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEY_PASSWD, KEY_PASSWORD); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_KEYSTORE_TYPE, KEYSTORE_TYPE.getType()); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE, TRUSTSTORE_PATH); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE_PASSWD, TRUSTSTORE_PASSWORD); + defaultProps.put(org.apache.nifi.util.NiFiProperties.SECURITY_TRUSTSTORE_TYPE, TRUSTSTORE_TYPE.getType()); + mockNiFiProperties = NiFiProperties.createBasicNiFiProperties(null, defaultProps); + } + + @Test + public void testCreateSSLServerSocketShouldRestrictTlsProtocols() throws TlsException, IOException { + ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration(); + mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)); + + try (SSLServerSocket sslServerSocket = SocketUtils.createSSLServerSocket(0, mockServerSocketConfiguration)) { + String[] enabledProtocols = sslServerSocket.getEnabledProtocols(); + assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1")); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1.1")); + } + } + + @Test + public void testCreateServerSocketShouldRestrictTlsProtocols() throws TlsException, IOException { + ServerSocketConfiguration mockServerSocketConfiguration = new ServerSocketConfiguration(); + mockServerSocketConfiguration.setTlsConfiguration(StandardTlsConfiguration.fromNiFiProperties(mockNiFiProperties)); + + try (SSLServerSocket sslServerSocket = (SSLServerSocket)SocketUtils.createServerSocket(0, mockServerSocketConfiguration)) { + String[] enabledProtocols = sslServerSocket.getEnabledProtocols(); + assertArrayEquals(TlsConfiguration.getCurrentSupportedTlsProtocolVersions(), enabledProtocols); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1")); + assertFalse(ArrayUtils.contains(enabledProtocols, "TLSv1.1")); + } + } +} diff --git a/nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml b/nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml deleted file mode 100644 index 8e9376901f..0000000000 --- a/nifi-commons/nifi-socket-utils/src/test/resources/log4j.xml +++ /dev/null @@ -1,36 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> - -<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"> - - <!-- Appender for printing formatted log statements to the console. --> - <appender name="console" class="org.apache.log4j.ConsoleAppender"> - <layout class="org.apache.log4j.PatternLayout"> - <param name="ConversionPattern" value="%d %-5p [%t] %40.40c - %m%n"/> - </layout> - </appender> - - <!-- Logger for managing logging statements for nifi --> - <logger name="nifi"> - <level value="debug"/> - </logger> - - <root> - <level value="warn"/> - <appender-ref ref="console"/> - </root> -</log4j:configuration> \ No newline at end of file