#36 Add tests for auth header generation

Weltraumschaf · Weltraumschaf · commit d68a4ab29190 · 2023-09-05T13:49:18.000+02:00
Signed-off-by: Sven Strittmatter &lt;sven.strittmatter@iteratec.com&gt;
diff --git a/src/main/java/io/securecodebox/persistence/defectdojo/config/Config.java b/src/main/java/io/securecodebox/persistence/defectdojo/config/Config.java
@@ -52,6 +52,16 @@ public final class Config {
      */
     private final int maxPageCountForGets;
 
+    /**
+     * Convenience constructor which sets {@link #DEFAULT_MAX_PAGE_COUNT_FOR_GETS}
+     *
+     * @param url    not {@code null}
+     * @param apiKey not {@code null}
+     */
+    public Config(final @NonNull String url, final @NonNull String apiKey) {
+        this(url, apiKey, DEFAULT_MAX_PAGE_COUNT_FOR_GETS);
+    }
+
     /**
      * Dedicated constructor
      *
diff --git a/src/main/java/io/securecodebox/persistence/defectdojo/http/Foo.java b/src/main/java/io/securecodebox/persistence/defectdojo/http/Foo.java
@@ -26,27 +26,37 @@
  */
 public final class Foo {
     private final Config config;
+    private final ProxyConfig proxyConfig;
 
-    public Foo(@NonNull final Config config) {
+    public Foo(@NonNull final Config config, @NonNull final ProxyConfig proxyConfig) {
         super();
         this.config = config;
+        this.proxyConfig = proxyConfig;
     }
 
-    public HttpHeaders getDefectDojoAuthorizationHeaders() {
+    /**
+     * This method generates appropriate authorization headers
+     *
+     * @return never {@code null}
+     */
+    public HttpHeaders generateAuthorizationHeaders() {
         HttpHeaders headers = new HttpHeaders();
-        headers.set("Authorization", "Token " + this.config.getApiKey());
+        headers.set(HttpHeaders.AUTHORIZATION, "Token " + this.config.getApiKey());
 
-        String username = System.getProperty("http.proxyUser", "");
-        String password = System.getProperty("http.proxyPassword", "");
-
-        if (!username.isEmpty() || !password.isEmpty()) {
+        if (proxyConfig.isComplete()) {
+            // FIXME: System.out logging is a real bad code smell. Standard loging should be used.
             System.out.println("Setting Proxy Auth Header...");
-            headers.set(HttpHeaders.PROXY_AUTHORIZATION, "Basic " + Base64.getEncoder().encodeToString((username + ':' + password).getBytes(StandardCharsets.UTF_8)));
+            headers.set(HttpHeaders.PROXY_AUTHORIZATION, "Basic " + encodeProxyCredentials(proxyConfig));
         }
 
         return headers;
     }
 
+    static String encodeProxyCredentials(@NonNull final ProxyConfig cfg) {
+        final var credential = String.format("%s:%s", cfg.getUser(), cfg.getPassword());
+        return Base64.getEncoder().encodeToString(credential.getBytes(StandardCharsets.UTF_8));
+    }
+
     public RestTemplate setupRestTemplate() {
         RestTemplate restTemplate;
 
diff --git a/src/main/java/io/securecodebox/persistence/defectdojo/service/GenericDefectDojoService.java b/src/main/java/io/securecodebox/persistence/defectdojo/service/GenericDefectDojoService.java
@@ -13,6 +13,7 @@
 import io.securecodebox.persistence.defectdojo.config.Config;
 import io.securecodebox.persistence.defectdojo.exception.LoopException;
 import io.securecodebox.persistence.defectdojo.http.Foo;
+import io.securecodebox.persistence.defectdojo.http.ProxyConfigFactory;
 import io.securecodebox.persistence.defectdojo.model.BaseModel;
 import io.securecodebox.persistence.defectdojo.model.Engagement;
 import io.securecodebox.persistence.defectdojo.model.Response;
@@ -66,11 +67,11 @@ public GenericDefectDojoService(Config config) {
      * @return The DefectDojo Authentication Header
      */
     private HttpHeaders getDefectDojoAuthorizationHeaders() {
-        return new Foo(config).getDefectDojoAuthorizationHeaders();
+        return new Foo(config, new ProxyConfigFactory().create()).generateAuthorizationHeaders();
     }
 
     private RestTemplate setupRestTemplate() {
-        RestTemplate restTemplate = new Foo(config).setupRestTemplate();
+        RestTemplate restTemplate = new Foo(config, new ProxyConfigFactory().create()).setupRestTemplate();
         MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
         converter.setObjectMapper(this.objectMapper);
         restTemplate.setMessageConverters(List.of(
diff --git a/src/main/java/io/securecodebox/persistence/defectdojo/service/ImportScanService2.java b/src/main/java/io/securecodebox/persistence/defectdojo/service/ImportScanService2.java
@@ -9,6 +9,7 @@
 import io.securecodebox.persistence.defectdojo.config.Config;
 import io.securecodebox.persistence.defectdojo.exception.PersistenceException;
 import io.securecodebox.persistence.defectdojo.http.Foo;
+import io.securecodebox.persistence.defectdojo.http.ProxyConfigFactory;
 import io.securecodebox.persistence.defectdojo.model.ScanFile;
 import lombok.Data;
 import org.springframework.core.io.ByteArrayResource;
@@ -49,11 +50,11 @@ public ImportScanService2(Config config) {
      * @return The DefectDojo Authentication Header
      */
     private HttpHeaders getDefectDojoAuthorizationHeaders() {
-        return new Foo(config).getDefectDojoAuthorizationHeaders();
+        return new Foo(config, new ProxyConfigFactory().create()).generateAuthorizationHeaders();
     }
 
     protected RestTemplate setupRestTemplate() {
-        return new Foo(config).setupRestTemplate();
+        return new Foo(config, new ProxyConfigFactory().create()).setupRestTemplate();
     }
 
     /**
diff --git a/src/test/java/io/securecodebox/persistence/defectdojo/http/FooTest.java b/src/test/java/io/securecodebox/persistence/defectdojo/http/FooTest.java
@@ -0,0 +1,69 @@
+// SPDX-FileCopyrightText: the secureCodeBox authors
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package io.securecodebox.persistence.defectdojo.http;
+
+import io.securecodebox.persistence.defectdojo.config.Config;
+import lombok.NonNull;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpHeaders;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.*;
+
+/**
+ * Tests for {@link Foo}
+ */
+class FooTest {
+    private final Config config = new Config("url", "apikey");
+
+    @Test
+    void generateAuthorizationHeaders_withoutProxyAuth() {
+        final var incompleteProxyConfig = ProxyConfig.NULL;
+
+        final var sut = new Foo(config, incompleteProxyConfig);
+
+        assertAll(
+            () -> assertThat(
+                sut.generateAuthorizationHeaders().get(HttpHeaders.AUTHORIZATION),
+                contains("Token apikey")),
+            () -> assertThat(
+                sut.generateAuthorizationHeaders().get(HttpHeaders.PROXY_AUTHORIZATION),
+                not(contains("Basic dXNlcjpwdw==")))
+        );
+    }
+
+    @Test
+    void generateAuthorizationHeaders_withProxyAuth() {
+        final var completeProxyConfig = ProxyConfig.builder()
+            .user("user")
+            .password("pw")
+            .host("host")
+            .port(42)
+            .build();
+
+        final var sut = new Foo(config, completeProxyConfig);
+
+        assertAll(
+            () -> assertThat(
+                sut.generateAuthorizationHeaders().get(HttpHeaders.AUTHORIZATION),
+                contains("Token apikey")),
+            () -> assertThat(
+                sut.generateAuthorizationHeaders().get(HttpHeaders.PROXY_AUTHORIZATION),
+                contains("Basic dXNlcjpwdw=="))
+        );
+    }
+
+    @Test
+    void encodeProxyCredentials() {
+        final var proxyConfig = ProxyConfig.builder()
+            .user("bärtram")
+            .password("gohze8Ae")
+            .build();
+
+        assertThat(Foo.encodeProxyCredentials(proxyConfig), is("YsOkcnRyYW06Z29oemU4QWU="));
+    }
+}
