Skip to content

Commit

Permalink
SONAR-23013 Improve coverage
Browse files Browse the repository at this point in the history
  • Loading branch information
henryju authored and sonartech committed Sep 30, 2024
1 parent c866094 commit 9e1fded
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 7 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,18 +19,24 @@
*/
package org.sonar.scanner.http;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.time.format.DateTimeParseException;
import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.exception.GenericKeyStoreException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonar.api.CoreProperties;
import org.sonar.api.notifications.AnalysisWarnings;
import org.sonar.api.utils.System2;
Expand All @@ -52,6 +58,9 @@
import static org.sonar.core.config.ProxyProperties.HTTP_PROXY_USER;

public class ScannerWsClientProvider {

private static final Logger LOG = LoggerFactory.getLogger(ScannerWsClientProvider.class);

static final int DEFAULT_CONNECT_TIMEOUT = 5;
static final int DEFAULT_RESPONSE_TIMEOUT = 0;
static final String READ_TIMEOUT_SEC_PROPERTY = "sonar.ws.timeout";
Expand Down Expand Up @@ -149,22 +158,27 @@ private static SSLFactory configureSsl(SslConfig sslConfig, System2 system2) {
}
var trustStoreConfig = sslConfig.getTrustStore();
if (trustStoreConfig != null && Files.exists(trustStoreConfig.getPath())) {
KeyStore trustStore = loadKeyStore(
trustStoreConfig.getPath(),
trustStoreConfig.getKeyStorePassword().toCharArray(),
trustStoreConfig.getKeyStoreType());
KeyStore trustStore;
try {
trustStore = loadKeyStoreWithBouncyCastle(
trustStoreConfig.getPath(),
trustStoreConfig.getKeyStorePassword().toCharArray(),
trustStoreConfig.getKeyStoreType());
LOG.debug("Loaded truststore from '{}' containing {} certificates", trustStoreConfig.getPath(), trustStore.size());
} catch (KeyStoreException | IOException | CertificateException | NoSuchAlgorithmException e) {
throw new GenericKeyStoreException("Unable to read truststore from '" + trustStoreConfig.getPath() + "'", e);
}
sslFactoryBuilder.withTrustMaterial(trustStore);
}
return sslFactoryBuilder.build();
}

public static KeyStore loadKeyStore(Path keystorePath, char[] keystorePassword, String keystoreType) {
static KeyStore loadKeyStoreWithBouncyCastle(Path keystorePath, char[] keystorePassword, String keystoreType) throws IOException,
KeyStoreException, CertificateException, NoSuchAlgorithmException {
try (InputStream keystoreInputStream = Files.newInputStream(keystorePath, StandardOpenOption.READ)) {
KeyStore keystore = KeyStore.getInstance(keystoreType, new BouncyCastleProvider());
keystore.load(keystoreInputStream, keystorePassword);
return keystore;
} catch (Exception e) {
throw new GenericKeyStoreException(e);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import nl.altindag.ssl.exception.GenericKeyStoreException;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Tag;
Expand Down Expand Up @@ -319,6 +320,19 @@ void it_should_trust_server_self_signed_certificate_when_certificate_is_in_trust
assertThat(r.content()).isEqualTo("Success");
}
}

@Test
void it_should_fail_if_invalid_truststore_password() {
scannerProps.put("sonar.host.url", sonarqubeMock.baseUrl());
scannerProps.put("sonar.scanner.truststorePath", toPath(requireNonNull(ScannerWsClientProviderTest.class.getResource("/ssl/client-truststore.p12"))).toString());
scannerProps.put("sonar.scanner.truststorePassword", "wrong_password");

var scannerPropsObj = new ScannerProperties(scannerProps);
var thrown = assertThrows(GenericKeyStoreException.class,
() -> underTest.provide(scannerPropsObj, env, GLOBAL_ANALYSIS_MODE, system2, ANALYSIS_WARNINGS, sonarUserHome));

assertThat(thrown).hasStackTraceContaining("Unable to read truststore");
}
}

@Nested
Expand Down

0 comments on commit 9e1fded

Please sign in to comment.