cassandra-analytics-core/src/test/java/org/apache/cassandra/clients/SslConfigTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.cassandra.clients;

import java.util.Collections;
import java.util.Map;
import java.util.TreeMap;

import org.junit.Test;

import static org.apache.cassandra.clients.SslConfig.KEYSTORE_BASE64_ENCODED;
import static org.apache.cassandra.clients.SslConfig.KEYSTORE_PASSWORD;
import static org.apache.cassandra.clients.SslConfig.KEYSTORE_PATH;
import static org.apache.cassandra.clients.SslConfig.TRUSTSTORE_BASE64_ENCODED;
import static org.apache.cassandra.clients.SslConfig.TRUSTSTORE_PASSWORD;
import static org.apache.cassandra.clients.SslConfig.TRUSTSTORE_PATH;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;

/**
 * Unit tests for the {@link SslConfig} class
 */
public class SslConfigTest
{
    @Test
    public void testEmptyConfiguration()
    {
        assertNull(SslConfig.create(Collections.emptyMap()));
    }

    @Test
    public void validationFailsWhenBothKeyStorePathAndEncodedKeyStoreAreProvided()
    {
        try
        {
            new SslConfig.Builder<>()
            .keyStorePath("/foo")
            .base64EncodedKeyStore("a")
            .validate();
            fail("validation should fail when both key store path and encoded key store are provided");
        }
        catch (IllegalArgumentException exception)
        {
            assertEquals("Both 'KEYSTORE_PATH' and 'KEYSTORE_BASE64_ENCODED' options were provided. "
                       + "Only one of the options can be provided", exception.getMessage());
        }
    }

    @Test
    public void validationFailsWhenKeystorePasswordIsNotProvided1()
    {
        try
        {
            new SslConfig.Builder<>()
            .keyStorePath("/foo")
            .validate();
            fail("validation should fail the keystore path is provided and the keystore password is not provided");
        }
        catch (IllegalArgumentException exception)
        {
            assertEquals("The 'KEYSTORE_PASSWORD' option must be provided when either the 'KEYSTORE_PATH'"
                       + " or 'KEYSTORE_BASE64_ENCODED' options are provided", exception.getMessage());
        }
    }

    @Test
    public void validationFailsWhenKeystorePasswordIsNotProvided2()
    {
        try
        {
            new SslConfig.Builder<>()
            .base64EncodedKeyStore("a")
            .validate();
            fail("validation should fail when the encoded keystore is provided and the keystore password is not provided");
        }
        catch (IllegalArgumentException exception)
        {
            assertEquals("The 'KEYSTORE_PASSWORD' option must be provided when either the 'KEYSTORE_PATH'"
                       + " or 'KEYSTORE_BASE64_ENCODED' options are provided", exception.getMessage());
        }
    }

    @Test
    public void validationFailsWhenBothTrustStorePathAndEncodedTrustStoreAreProvided()
    {
        try
        {
            new SslConfig.Builder<>()
            .keyStorePath("/foo")
            .keyStorePassword("pass")
            .trustStorePath("/bar")
            .base64EncodedTrustStore("a")
            .trustStorePassword("pass")
            .validate();
            fail("validation should fail when both trust store path and encoded trust store are provided");
        }
        catch (IllegalArgumentException exception)
        {
            assertEquals("Both 'TRUSTSTORE_PATH' and 'TRUSTSTORE_BASE64_ENCODED' options were provided. "
                       + "Only one of the options can be provided", exception.getMessage());
        }
    }

    @Test
    public void validationFailsTrustStorePasswordIsNotProvided1()
    {
        try
        {
            new SslConfig.Builder<>()
            .keyStorePath("/foo")
            .keyStorePassword("pass")
            .trustStorePath("/bar")
            .validate();
            fail("validation should fail when trust store path is provided and trust store password is not provided");
        }
        catch (IllegalArgumentException exception)
        {
            assertEquals("The 'TRUSTSTORE_PASSWORD' option must be provided when either the 'TRUSTSTORE_PATH'"
                       + " or 'TRUSTSTORE_BASE64_ENCODED' options are provided", exception.getMessage());
        }
    }

    @Test
    public void validationFailsTrustStorePasswordIsNotProvided2()
    {
        try
        {
            new SslConfig.Builder<>()
            .keyStorePath("/foo")
            .keyStorePassword("pass")
            .base64EncodedTrustStore("a")
            .validate();
            fail("validation should fail when encoded trust store is provided and trust store password is not provided");
        }
        catch (IllegalArgumentException exception)
        {
            assertEquals("The 'TRUSTSTORE_PASSWORD' option must be provided when either the 'TRUSTSTORE_PATH'"
                       + " or 'TRUSTSTORE_BASE64_ENCODED' options are provided", exception.getMessage());
        }
    }

    @Test
    public void buildWithKeyStorePathAndPassword()
    {
        Map<String, String> options = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        options.put(KEYSTORE_PATH, "/foo");
        options.put(KEYSTORE_PASSWORD, "pass");
        SslConfig config = SslConfig.create(options);
        assertNotNull(config);
        assertEquals("/foo", config.keyStorePath());
        assertEquals("pass", config.keyStorePassword());
    }

    @Test
    public void buildWithEncodedKeyStoreAndPassword()
    {
        Map<String, String> options = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        options.put(KEYSTORE_BASE64_ENCODED, "AA");
        options.put(KEYSTORE_PASSWORD, "pass");
        SslConfig config = SslConfig.create(options);
        assertNotNull(config);
        assertEquals("AA", config.base64EncodedKeyStore());
        assertEquals("pass", config.keyStorePassword());
    }

    @Test
    public void buildWithTrustStorePathAndPassword()
    {
        Map<String, String> options = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        options.put(KEYSTORE_PATH, "/foo");
        options.put(KEYSTORE_PASSWORD, "pass");
        options.put(TRUSTSTORE_PATH, "/bar");
        options.put(TRUSTSTORE_PASSWORD, "passs");
        SslConfig config = SslConfig.create(options);
        assertNotNull(config);
        assertEquals("/foo", config.keyStorePath());
        assertEquals("pass", config.keyStorePassword());
        assertEquals("/bar", config.trustStorePath());
        assertEquals("passs", config.trustStorePassword());
    }

    @Test
    public void buildWithEncodedTrustStoreAndPassword()
    {
        Map<String, String> options = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        options.put(KEYSTORE_PATH, "/foo");
        options.put(KEYSTORE_PASSWORD, "pass");
        options.put(TRUSTSTORE_BASE64_ENCODED, "AAA");
        options.put(TRUSTSTORE_PASSWORD, "passs");
        SslConfig config = SslConfig.create(options);
        assertNotNull(config);
        assertEquals("/foo", config.keyStorePath());
        assertEquals("pass", config.keyStorePassword());
        assertEquals("AAA", config.base64EncodedTrustStore());
        assertEquals("passs", config.trustStorePassword());
    }
}