gresockj commented on a change in pull request #5401:
URL: https://github.com/apache/nifi/pull/5401#discussion_r712941338
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
##########
@@ -81,44 +78,41 @@ class JettyServerGroovyTest extends GroovyTestCase {
private static final int HTTPS_PORT = NetworkUtils.getAvailableTcpPort()
private static final String HTTPS_HOSTNAME = "localhost"
- private static final String KEYSTORE_PATH =
"src/test/resources/keystore.jks"
- private static final String TRUSTSTORE_PATH =
"src/test/resources/truststore.jks"
- private static final String STORE_PASSWORD = "passwordpassword"
- private static final String STORE_TYPE = "JKS"
-
private static final String TLS_1_3_PROTOCOL = "TLSv1.3"
private static final List<String> TLS_1_3_CIPHER_SUITES =
["TLS_AES_128_GCM_SHA256"]
+ private static final TlsConfiguration TLS_CONFIGURATION =
KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore()
+
// These protocol versions should not ever be supported
static private final List<String> LEGACY_TLS_PROTOCOLS = ["TLS", "TLSv1",
"TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3"]
NiFiProperties httpsProps = new NiFiProperties(new Properties([
(NiFiProperties.WEB_HTTPS_PORT) : HTTPS_PORT as String,
(NiFiProperties.WEB_HTTPS_HOST) : HTTPS_HOSTNAME,
- (NiFiProperties.SECURITY_KEYSTORE) : KEYSTORE_PATH,
- (NiFiProperties.SECURITY_KEYSTORE_PASSWD) : STORE_PASSWORD,
- (NiFiProperties.SECURITY_KEYSTORE_TYPE) : STORE_TYPE,
- (NiFiProperties.SECURITY_TRUSTSTORE) : TRUSTSTORE_PATH,
- (NiFiProperties.SECURITY_TRUSTSTORE_PASSWD): STORE_PASSWORD,
- (NiFiProperties.SECURITY_TRUSTSTORE_TYPE) : STORE_TYPE,
+ (NiFiProperties.SECURITY_KEYSTORE) :
TLS_CONFIGURATION.keystorePath,
+ (NiFiProperties.SECURITY_KEYSTORE_PASSWD) :
TLS_CONFIGURATION.keystorePassword,
+ (NiFiProperties.SECURITY_KEYSTORE_TYPE) :
TLS_CONFIGURATION.keystoreType.type,
+ (NiFiProperties.SECURITY_TRUSTSTORE) :
TLS_CONFIGURATION.truststorePath,
+ (NiFiProperties.SECURITY_TRUSTSTORE_PASSWD):
TLS_CONFIGURATION.truststorePassword,
+ (NiFiProperties.SECURITY_TRUSTSTORE_TYPE) :
TLS_CONFIGURATION.truststoreType.type,
]))
@BeforeClass
static void setUpOnce() throws Exception {
+ new File(TLS_CONFIGURATION.keystorePath).deleteOnExit()
+ new File(TLS_CONFIGURATION.truststorePath).deleteOnExit()
+
Security.addProvider(new BouncyCastleProvider())
Review comment:
Is this still needed here?
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/test/groovy/org/apache/nifi/web/server/JettyServerGroovyTest.groovy
##########
@@ -143,12 +137,9 @@ class JettyServerGroovyTest extends GroovyTestCase {
// Act
boolean bothConfigsPresent =
JettyServer.bothHttpAndHttpsConnectorsConfigured(mockProps)
logger.info("Both configs present: ${bothConfigsPresent}")
- def log = TestAppender.getLogLines()
// Assert
assert bothConfigsPresent
- assert !log.isEmpty()
- assert log.first() =~ "Both the HTTP and HTTPS connectors are
configured in nifi.properties. Only one of these connectors should be
configured. See the NiFi Admin Guide for more details"
Review comment:
It looks like the spirit of this was to ensure that the user is warned
-- so although you're still testing the return value, someone could
theoretically remove the `logger.warn` statement from the code and this would
still pass. I agree that checking log statements in unit tests is a bit
suspect, and if desired should at least be in an integration test, but just
wanted to acknowledge here that we'd be losing some of the intended regression
test functionality here.
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/groovy/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClientTest.groovy
##########
@@ -18,49 +18,41 @@
package org.apache.nifi.cluster.coordination.http.replication.okhttp
-
+import org.apache.nifi.security.util.KeyStoreUtils
+import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.junit.BeforeClass
import org.junit.Test
import org.junit.runner.RunWith
import org.junit.runners.JUnit4
-import org.slf4j.Logger
-import org.slf4j.LoggerFactory
@RunWith(JUnit4.class)
class OkHttpReplicationClientTest extends GroovyTestCase {
- private static final Logger logger =
LoggerFactory.getLogger(OkHttpReplicationClientTest.class)
+ private static TlsConfiguration tlsConfiguration
@BeforeClass
static void setUpOnce() throws Exception {
- logger.metaClass.methodMissing = { String name, args ->
- logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
- }
+ tlsConfiguration =
KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore()
Review comment:
I notice these 3 lines in many of the refactored test classes. What do
you think about repeating these lines vs. creating a test utility method that
encapsulates them? It may be equally annoying to have to add another
test-scoped dependency, but I wanted to pose the question.
##########
File path:
nifi-nar-bundles/nifi-grpc-bundle/nifi-grpc-processors/src/test/java/org/apache/nifi/processors/grpc/ITListenGRPC.java
##########
@@ -200,195 +168,4 @@ public void testExceedMaxMessageSize() throws Exception {
channel.shutdown();
}
}
-
- @Test
- public void testSecureTwoWaySSL() throws Exception {
Review comment:
What was the rationale for removing these tests?
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/groovy/org/apache/nifi/cluster/coordination/http/replication/okhttp/OkHttpReplicationClientTest.groovy
##########
@@ -18,49 +18,41 @@
package org.apache.nifi.cluster.coordination.http.replication.okhttp
-
+import org.apache.nifi.security.util.KeyStoreUtils
+import org.apache.nifi.security.util.TlsConfiguration
import org.apache.nifi.util.NiFiProperties
import org.junit.BeforeClass
import org.junit.Test
import org.junit.runner.RunWith
import org.junit.runners.JUnit4
-import org.slf4j.Logger
-import org.slf4j.LoggerFactory
@RunWith(JUnit4.class)
class OkHttpReplicationClientTest extends GroovyTestCase {
- private static final Logger logger =
LoggerFactory.getLogger(OkHttpReplicationClientTest.class)
+ private static TlsConfiguration tlsConfiguration
@BeforeClass
static void setUpOnce() throws Exception {
- logger.metaClass.methodMissing = { String name, args ->
- logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
- }
+ tlsConfiguration =
KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore()
+ new File(tlsConfiguration.keystorePath).deleteOnExit()
+ new File(tlsConfiguration.truststorePath).deleteOnExit()
}
private static NiFiProperties mockNiFiProperties() {
- [getClusterNodeConnectionTimeout: { -> "10 ms" },
Review comment:
Out of curiosity, why were these removed? Did this cause intermittent
failures because the timeouts were so small?
##########
File path:
nifi-nar-bundles/nifi-email-bundle/nifi-email-processors/src/test/java/org/apache/nifi/processors/email/TestListenSMTP.java
##########
@@ -19,28 +19,70 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import java.io.File;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.util.Properties;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
+import javax.net.ssl.SSLContext;
+
import org.apache.nifi.remote.io.socket.NetworkUtils;
import org.apache.nifi.reporting.InitializationException;
import org.apache.nifi.security.util.ClientAuth;
+import org.apache.nifi.security.util.KeyStoreUtils;
+import org.apache.nifi.security.util.SslContextFactory;
+import org.apache.nifi.security.util.StandardTlsConfiguration;
import org.apache.nifi.security.util.TlsConfiguration;
+import org.apache.nifi.ssl.RestrictedSSLContextService;
import org.apache.nifi.ssl.SSLContextService;
-import org.apache.nifi.ssl.StandardRestrictedSSLContextService;
-import org.apache.nifi.ssl.StandardSSLContextService;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
+import org.junit.BeforeClass;
import org.junit.Test;
public class TestListenSMTP {
private static final String SSL_SERVICE_IDENTIFIER = "ssl-context";
+ private static TlsConfiguration tlsConfiguration;
+
+ private static SSLContextService sslContextService;
+
+ private static final int MESSAGES = 2;
+
+ @BeforeClass
+ public static void setTlsConfiguration() throws IOException,
GeneralSecurityException {
+ final TlsConfiguration testTlsConfiguration =
KeyStoreUtils.createTlsConfigAndNewKeystoreTruststore();
+ new File(testTlsConfiguration.getKeystorePath()).deleteOnExit();
+ new File(testTlsConfiguration.getTruststorePath()).deleteOnExit();
+
+ tlsConfiguration = new StandardTlsConfiguration(
+ testTlsConfiguration.getKeystorePath(),
+ testTlsConfiguration.getKeystorePassword(),
+ testTlsConfiguration.getKeyPassword(),
+ testTlsConfiguration.getKeystoreType(),
+ testTlsConfiguration.getTruststorePath(),
+ testTlsConfiguration.getTruststorePassword(),
+ testTlsConfiguration.getTruststoreType(),
+ TlsConfiguration.TLS_1_2_PROTOCOL
+ );
+
+ final SSLContext sslContext =
SslContextFactory.createSslContext(tlsConfiguration);
+ sslContextService = mock(RestrictedSSLContextService.class);
+
when(sslContextService.getIdentifier()).thenReturn(SSL_SERVICE_IDENTIFIER);
+ when(sslContextService.createContext()).thenReturn(sslContext);
+
+
Review comment:
Extra line
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
