View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.chemistry.opencmis.tck.tests.basics;
20  
21  import static org.apache.chemistry.opencmis.tck.CmisTestResultStatus.WARNING;
22  
23  import java.util.Locale;
24  import java.util.Map;
25  
26  import org.apache.chemistry.opencmis.client.api.Session;
27  import org.apache.chemistry.opencmis.commons.SessionParameter;
28  import org.apache.chemistry.opencmis.commons.enums.BindingType;
29  import org.apache.chemistry.opencmis.tck.CmisTestResult;
30  import org.apache.chemistry.opencmis.tck.impl.AbstractSessionTest;
31  
32  /**
33   * Tests wether HTTPS is used or not.
34   */
35  public class SecurityTest extends AbstractSessionTest {
36  
37      @Override
38      public void init(Map<String, String> parameters) {
39          super.init(parameters);
40          setName("Security Test");
41          setDescription("Checks if HTTPS is used.");
42      }
43  
44      @Override
45      public void run(Session session) throws Exception {
46          CmisTestResult f;
47  
48          BindingType binding = getBinding();
49  
50          addResult(createInfoResult("Binding: " + binding));
51  
52          f = createResult(WARNING, "HTTPS is not used. Credentials might be transferred as plain text!");
53  
54          switch (binding) {
55          case ATOMPUB:
56              if (!isHttpsUrl(getParameters().get(SessionParameter.ATOMPUB_URL))) {
57                  addResult(f);
58              }
59              break;
60          case WEBSERVICES:
61              if (!isHttpsUrl(getParameters().get(SessionParameter.WEBSERVICES_REPOSITORY_SERVICE))) {
62                  addResult(f);
63              }
64              break;
65          case BROWSER:
66              if (!isHttpsUrl(getParameters().get(SessionParameter.BROWSER_URL))) {
67                  addResult(f);
68              }
69              break;
70          default:
71              // nothing to do
72          }
73      }
74  
75      private static boolean isHttpsUrl(String url) {
76          if (url == null) {
77              return false;
78          }
79  
80          return url.trim().toLowerCase(Locale.ENGLISH).startsWith("https://");
81      }
82  }