Merge pull request #239 from vidhya9lakshmi/master

changed ssl to TLSv1.2

pom.xml

@@ -5,7 +5,7 @@
     <artifactId>api</artifactId>
     <packaging>jar</packaging>
     <name>${project.groupId}:${project.artifactId}</name>
-    <version>3.4.21-SNAPSHOT</version>
+    <version>3.4.22-SNAPSHOT</version>
     <description>Hygieia Rest API Layer</description>
     <url>https://github.com/Hygieia/api</url>
 
@@ -69,7 +69,7 @@
         <commons-lang.version>3.10</commons-lang.version>
         <fongo.version>2.2.0-RC2</fongo.version>
         <guava.version>29.0-jre</guava.version>
-        <hibernate-validator.version>5.4.2.Final</hibernate-validator.version>
+        <hibernate-validator.version>6.1.5.Final</hibernate-validator.version>
         <jackson.version>2.10.3</jackson.version>
         <jasypt.version>1.18</jasypt.version>
         <logback.version>1.2.3</logback.version>

src/main/java/com/capitalone/dashboard/service/UserInfoServiceImpl.java

@@ -5,6 +5,7 @@
 import java.util.Properties;
 
 import com.capitalone.dashboard.auth.AuthProperties;
+import com.capitalone.dashboard.settings.ApiSettings;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -38,12 +39,16 @@ public class UserInfoServiceImpl implements UserInfoService {
 	@Autowired
 	private AuthProperties authProperties;
 
+	private final ApiSettings apiSettings;
+
+
 	private InitialDirContext initialDirContext;
 
 	@Autowired
-	public UserInfoServiceImpl(UserInfoRepository userInfoRepository, AuthProperties authProperties) {
+	public UserInfoServiceImpl(UserInfoRepository userInfoRepository, AuthProperties authProperties, ApiSettings apiSettings) {
 		this.userInfoRepository = userInfoRepository;
 		this.authProperties = authProperties;
+		this.apiSettings = apiSettings;
 	}
 
 	@Override
@@ -199,9 +204,9 @@ public boolean searchLdapUser(String searchId) throws NamingException {
 
 	private Properties setProperties() {
 		Properties props = new Properties();
-		props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-		props.put("java.naming.security.protocol", "ssl");
-		props.put(Context.SECURITY_AUTHENTICATION, "simple");
+		props.put(Context.INITIAL_CONTEXT_FACTORY, apiSettings.getContextFactory());
+		props.put("java.naming.security.protocol", apiSettings.getContextProtocol());
+		props.put(Context.SECURITY_AUTHENTICATION, apiSettings.getContextSecurityAuthentication());
 
 		try {
 			if (!StringUtils.isBlank(authProperties.getAdUrl())) {

src/main/java/com/capitalone/dashboard/settings/ApiSettings.java

@@ -42,6 +42,16 @@ public class ApiSettings {
 
     private String capturePattern;
 
+    @Value("${contextFactory:com.sun.jndi.ldap.LdapCtxFactory}")
+    private String contextFactory;
+
+    @Value("${contextProtocol:ssl}")
+    private String contextProtocol;
+
+    @Value("${contextSecurityAuthentication:simple}")
+    private String contextSecurityAuthentication;
+
+
     private List<String> ignoreEndPoints = new ArrayList();
     private List<String> ignoreApiUsers = new ArrayList();
     private List<String> ignoreBodyEndPoints = new ArrayList();
@@ -222,4 +232,28 @@ public String getBuildCollectorName() {
     public void setBuildCollectorName(String buildCollectorName) {
         this.buildCollectorName = buildCollectorName;
     }
+
+    public String getContextFactory() {
+        return contextFactory;
+    }
+
+    public void setContextFactory(String contextFactory) {
+        this.contextFactory = contextFactory;
+    }
+
+    public String getContextProtocol() {
+        return contextProtocol;
+    }
+
+    public void setContextProtocol(String contextProtocol) {
+        this.contextProtocol = contextProtocol;
+    }
+
+    public String getContextSecurityAuthentication() {
+        return contextSecurityAuthentication;
+    }
+
+    public void setContextSecurityAuthentication(String contextSecurityAuthentication) {
+        this.contextSecurityAuthentication = contextSecurityAuthentication;
+    }
 }

src/test/java/com/capitalone/dashboard/config/TestAuthConfig.java

@@ -55,8 +55,9 @@
 import com.capitalone.dashboard.service.UserInfoService;
 import com.capitalone.dashboard.service.UserInfoServiceImpl;
 import com.capitalone.dashboard.service.InfraStructureService;
-import com.capitalone.dashboard.service.InfraStructureServiceImpl;
+import com.capitalone.dashboard.settings.ApiSettings;
 import com.capitalone.dashboard.util.PaginationHeaderUtility;
+import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
@@ -67,6 +68,8 @@
 @ComponentScan(basePackages = {"com.capitalone.dashboard.auth"})
 public class TestAuthConfig {
 
+    @Mock
+    private ApiSettings apiSettings;
     @Bean
     public DashboardRepository dashboardRepository() {
         return Mockito.mock(DashboardRepository.class);
@@ -94,7 +97,7 @@ public UserInfoRepository userInfoRepository() {
 
     @Bean
     public UserInfoService userInfoService() {
-        return new UserInfoServiceImpl(userInfoRepository(), authProperties());
+        return new UserInfoServiceImpl(userInfoRepository(), authProperties(), apiSettings);
     }
 
     @Bean

src/test/java/com/capitalone/dashboard/config/TestDefaultAuthConfig.java

@@ -53,7 +53,9 @@
 import com.capitalone.dashboard.service.UserInfoService;
 import com.capitalone.dashboard.service.UserInfoServiceImpl;
 import com.capitalone.dashboard.service.InfraStructureService;
+import com.capitalone.dashboard.settings.ApiSettings;
 import com.capitalone.dashboard.util.PaginationHeaderUtility;
+import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
@@ -64,6 +66,9 @@
  @ComponentScan(basePackages = {"com.capitalone.dashboard.auth"})
  public class TestDefaultAuthConfig {
 
+ 	@Mock
+	 private ApiSettings apiSettings;
+
  	@Bean
  	public DashboardRepository dashboardRepository() {
  		return Mockito.mock(DashboardRepository.class);
@@ -86,7 +91,7 @@ public UserInfoRepository userInfoRepository() {
 
  	@Bean
      public UserInfoService userInfoService() {
-         return new UserInfoServiceImpl(userInfoRepository(),authProperties());
+         return new UserInfoServiceImpl(userInfoRepository(),authProperties(), apiSettings);
      }
 
 	 @Bean

src/test/java/com/capitalone/dashboard/rest/DashboardControllerTest.java

@@ -115,12 +115,12 @@ public void createDashboard_nullRequest() throws Exception {
                 .contentType(TestUtil.APPLICATION_JSON_UTF8)
                 .content(TestUtil.convertObjectToJsonBytes(new DashboardRequest())))
             .andExpect(status().isBadRequest())
-            .andExpect(jsonPath("$.fieldErrors.template", hasItems("may not be null")))
+            .andExpect(jsonPath("$.fieldErrors.template", hasItems("must not be null")))
 //            TODO:  These are no longer necessary in all cases.  Potentially add new class-level validator.
 //            .andExpect(jsonPath("$.fieldErrors.componentName", hasItems("may not be null")))
 //            .andExpect(jsonPath("$.fieldErrors.applicationName", hasItems("may not be null")))
-            .andExpect(jsonPath("$.fieldErrors.type", hasItems("may not be null")))
-            .andExpect(jsonPath("$.fieldErrors.dashboardRequestTitle", hasItems("may not be null")));
+            .andExpect(jsonPath("$.fieldErrors.type", hasItems("must not be null")))
+            .andExpect(jsonPath("$.fieldErrors.dashboardRequestTitle", hasItems("must not be null")));
     }
 
     @Test
@@ -308,7 +308,7 @@ public void renameTeamDashboard_nullTitle() throws Exception {
                 .contentType(TestUtil.APPLICATION_JSON_UTF8)
                 .content(TestUtil.convertObjectToJsonBytes(request)))
                 .andExpect(status().isBadRequest())
-                .andExpect(jsonPath("$.fieldErrors.title", hasItems("may not be null")))
+                .andExpect(jsonPath("$.fieldErrors.title", hasItems("must not be null")))
                 ;
     }
 

src/test/java/com/capitalone/dashboard/service/UserInfoServiceImplTest.java

@@ -15,6 +15,7 @@
 import java.util.Collection;
 
 import com.capitalone.dashboard.auth.AuthProperties;
+import com.capitalone.dashboard.settings.ApiSettings;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -57,6 +58,8 @@ public class UserInfoServiceImplTest {
     @InjectMocks
     private UserInfoServiceImpl service;
 
+    @Mock private ApiSettings apiSettings;
+
     @Before
     public void setup(){
         authProperties = new AuthProperties();
@@ -233,7 +236,7 @@ public void shouldSearchLdapUser() throws NamingException {
 
         // setup authProperties
         setup();
-        service = new UserInfoServiceImpl(userInfoRepository,authProperties);
+        service = new UserInfoServiceImpl(userInfoRepository,authProperties, apiSettings);
 
         context = Mockito.mock(InitialDirContext.class);
         service.setInitialContext(context);