1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.chemistry.opencmis.tck.tests.basics;
20
21 import static org.apache.chemistry.opencmis.tck.CmisTestResultStatus.WARNING;
22
23 import java.util.Locale;
24 import java.util.Map;
25
26 import org.apache.chemistry.opencmis.client.api.Session;
27 import org.apache.chemistry.opencmis.commons.SessionParameter;
28 import org.apache.chemistry.opencmis.commons.enums.BindingType;
29 import org.apache.chemistry.opencmis.tck.CmisTestResult;
30 import org.apache.chemistry.opencmis.tck.impl.AbstractSessionTest;
31
32
33
34
35 public class SecurityTest extends AbstractSessionTest {
36
37 @Override
38 public void init(Map<String, String> parameters) {
39 super.init(parameters);
40 setName("Security Test");
41 setDescription("Checks if HTTPS is used.");
42 }
43
44 @Override
45 public void run(Session session) throws Exception {
46 CmisTestResult f;
47
48 BindingType binding = getBinding();
49
50 addResult(createInfoResult("Binding: " + binding));
51
52 f = createResult(WARNING, "HTTPS is not used. Credentials might be transferred as plain text!");
53
54 switch (binding) {
55 case ATOMPUB:
56 if (!isHttpsUrl(getParameters().get(SessionParameter.ATOMPUB_URL))) {
57 addResult(f);
58 }
59 break;
60 case WEBSERVICES:
61 if (!isHttpsUrl(getParameters().get(SessionParameter.WEBSERVICES_REPOSITORY_SERVICE))) {
62 addResult(f);
63 }
64 break;
65 case BROWSER:
66 if (!isHttpsUrl(getParameters().get(SessionParameter.BROWSER_URL))) {
67 addResult(f);
68 }
69 break;
70 default:
71
72 }
73 }
74
75 private static boolean isHttpsUrl(String url) {
76 if (url == null) {
77 return false;
78 }
79
80 return url.trim().toLowerCase(Locale.ENGLISH).startsWith("https://");
81 }
82 }