SecurityTest xref

This project has retired. For details please refer to its Attic page.
SecurityTest xref

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.chemistry.opencmis.tck.tests.basics;
20  
21  import static org.apache.chemistry.opencmis.tck.CmisTestResultStatus.WARNING;
22  
23  import java.util.Map;
24  
25  import org.apache.chemistry.opencmis.client.api.Session;
26  import org.apache.chemistry.opencmis.commons.SessionParameter;
27  import org.apache.chemistry.opencmis.commons.enums.BindingType;
28  import org.apache.chemistry.opencmis.tck.CmisTestResult;
29  import org.apache.chemistry.opencmis.tck.impl.AbstractSessionTest;
30  
31  public class SecurityTest extends AbstractSessionTest {
32  
33      @Override
34      public void init(Map<String, String> parameters) {
35          super.init(parameters);
36          setName("Security Test");
37          setDescription("Checks if HTTPS is used.");
38      }
39  
40      @Override
41      public void run(Session session) throws Exception {
42          CmisTestResult f;
43  
44          BindingType binding = getBinding();
45  
46          addResult(createInfoResult("Binding: " + binding));
47  
48          f = createResult(WARNING, "HTTPS is not used. Credentials might be transferred as plain text!");
49  
50          switch (binding) {
51          case ATOMPUB:
52              if (!isHttpsUrl(getParameters().get(SessionParameter.ATOMPUB_URL))) {
53                  addResult(f);
54              }
55              break;
56          case WEBSERVICES:
57              if (!isHttpsUrl(getParameters().get(SessionParameter.WEBSERVICES_REPOSITORY_SERVICE))) {
58                  addResult(f);
59              }
60              break;
61          default:
62              // nothing to do
63          }
64      }
65  
66      private static boolean isHttpsUrl(String url) {
67          if (url == null) {
68              return false;
69          }
70  
71          return url.trim().toLowerCase().startsWith("https://");
72      }
73  }