This project has retired. For details please refer to its
Attic page.
SecurityTest xref
1/*2 * Licensed to the Apache Software Foundation (ASF) under one3 * or more contributor license agreements. See the NOTICE file4 * distributed with this work for additional information5 * regarding copyright ownership. The ASF licenses this file6 * to you under the Apache License, Version 2.0 (the7 * "License"); you may not use this file except in compliance8 * with the License. You may obtain a copy of the License at9 *10 * http://www.apache.org/licenses/LICENSE-2.011 *12 * Unless required by applicable law or agreed to in writing,13 * software distributed under the License is distributed on an14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY15 * KIND, either express or implied. See the License for the16 * specific language governing permissions and limitations17 * under the License.18 */19package org.apache.chemistry.opencmis.tck.tests.basics;
2021importstatic org.apache.chemistry.opencmis.tck.CmisTestResultStatus.WARNING;
2223import java.util.Map;
2425import org.apache.chemistry.opencmis.client.api.Session;
26import org.apache.chemistry.opencmis.commons.SessionParameter;
27import org.apache.chemistry.opencmis.commons.enums.BindingType;
28import org.apache.chemistry.opencmis.tck.CmisTestResult;
29import org.apache.chemistry.opencmis.tck.impl.AbstractSessionTest;
3031publicclassSecurityTestextendsAbstractSessionTest {
3233 @Override
34publicvoid init(Map<String, String> parameters) {
35super.init(parameters);
36 setName("Security Test");
37 setDescription("Checks if HTTPS is used.");
38 }
3940 @Override
41publicvoid run(Session session) throws Exception {
42CmisTestResult f;
4344 BindingType binding = getBinding();
4546 addResult(createInfoResult("Binding: " + binding));
4748 f = createResult(WARNING, "HTTPS is not used. Credentials might be transferred as plain text!");
4950switch (binding) {
51case ATOMPUB:
52if (!isHttpsUrl(getParameters().get(SessionParameter.ATOMPUB_URL))) {
53 addResult(f);
54 }
55break;
56case WEBSERVICES:
57if (!isHttpsUrl(getParameters().get(SessionParameter.WEBSERVICES_REPOSITORY_SERVICE))) {
58 addResult(f);
59 }
60break;
61default:
62// nothing to do63 }
64 }
6566privatestaticboolean isHttpsUrl(String url) {
67if (url == null) {
68return false;
69 }
7071return url.trim().toLowerCase().startsWith("https://");
72 }
73 }