You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by da...@apache.org on 2018/07/03 16:21:41 UTC
[trafficcontrol] branch master updated: added null check for tc
issue 2254 when the deliveryservice is missing from the ssl keys
This is an automated email from the ASF dual-hosted git repository.
dangogh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 55b4a6e added null check for tc issue 2254 when the deliveryservice is missing from the ssl keys
55b4a6e is described below
commit 55b4a6e3c5961eac35bf1c4c86fb2f9f03121a58
Author: Dewayne Richardson <de...@apache.org>
AuthorDate: Tue Jun 26 13:53:47 2018 -0600
added null check for tc issue 2254 when the deliveryservice is missing from the ssl keys
---
.../core/config/CertificateChecker.java | 5 +-
.../core/config/CertificateCheckerTest.java | 25 ++++++++-
.../resources/deliveryServices_missingDSName.json | 59 ++++++++++++++++++++++
3 files changed, 87 insertions(+), 2 deletions(-)
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateChecker.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateChecker.java
index a15b21b..913177d 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateChecker.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateChecker.java
@@ -86,7 +86,10 @@ public class CertificateChecker {
}
for (final CertificateData certificateData : certificateDataList) {
- if (certificateData.getDeliveryservice().equals(deliveryServiceId)) {
+ String certificateDeliveryServiceId = certificateData.getDeliveryservice();
+ if (deliveryServiceId == null) {
+ LOGGER.error("Delivery Service name is blank for hostname '" + certificateData.getHostname() + "', skipping.");
+ } else if ((certificateDeliveryServiceId != null) && (deliveryServiceId != null) && (certificateDeliveryServiceId.equals(deliveryServiceId))) {
LOGGER.debug("Delivery Service " + deliveryServiceId + " has certificate data for https");
return true;
}
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateCheckerTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateCheckerTest.java
index 129e8fd..587e64d 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateCheckerTest.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateCheckerTest.java
@@ -33,6 +33,7 @@ public class CertificateCheckerTest {
private JsonNode deliveryServicesJson;
private List<CertificateData> certificateDataList;
+ private CertificateData certificateData;
@Before
public void before() throws Exception {
@@ -40,7 +41,7 @@ public class CertificateCheckerTest {
certificate.setCrt("the-crt");
certificate.setKey("the-key");
- CertificateData certificateData = new CertificateData();
+ certificateData = new CertificateData();
certificateData.setHostname("https-delivery-service.thecdn.example.com");
certificateData.setDeliveryservice("https-delivery-service");
certificateData.setCertificate(certificate);
@@ -52,6 +53,28 @@ public class CertificateCheckerTest {
}
@Test
+ public void itReturnsFalseWhenDeliveryServiceNameIsNull() throws Exception {
+ final File file = new File("src/test/resources/deliveryServices_missingDSName.json");
+ final ObjectMapper mapper = new ObjectMapper();
+ deliveryServicesJson = mapper.readTree(file);
+ CertificateChecker certificateChecker = new CertificateChecker();
+ certificateData.setDeliveryservice(null);
+
+ assertThat(certificateChecker.certificatesAreValid(certificateDataList, deliveryServicesJson), equalTo(false));
+ }
+
+ @Test
+ public void itReturnsFalseWhenDeliveryServiceNameIsBlank() throws Exception {
+ final File file = new File("src/test/resources/deliveryServices_missingDSName.json");
+ final ObjectMapper mapper = new ObjectMapper();
+ deliveryServicesJson = mapper.readTree(file);
+ CertificateChecker certificateChecker = new CertificateChecker();
+ certificateData.setDeliveryservice("");
+
+ assertThat(certificateChecker.certificatesAreValid(certificateDataList, deliveryServicesJson), equalTo(false));
+ }
+
+ @Test
public void itReturnsTrueWhenAllHttpsDeliveryServicesHaveCertificates() throws Exception {
final File file = new File("src/test/resources/deliveryServices.json");
final ObjectMapper mapper = new ObjectMapper();
diff --git a/traffic_router/core/src/test/resources/deliveryServices_missingDSName.json b/traffic_router/core/src/test/resources/deliveryServices_missingDSName.json
new file mode 100644
index 0000000..3c7582f
--- /dev/null
+++ b/traffic_router/core/src/test/resources/deliveryServices_missingDSName.json
@@ -0,0 +1,59 @@
+{
+ "http-delivery-service": {
+ "matchsets": [
+ {
+ "protocol": "HTTP",
+ "matchlist": [
+ {
+ "regex": ".*\\.http-delivery-service\\..*"
+ }
+ ]
+ }
+ ],
+ "protocol": {
+ "acceptHttps": "false"
+ },
+ "sslEnabled": "false",
+ "domains": [
+ "*.http-delivery-service.thecdn.example.com"
+ ]
+ },
+ "": {
+ "matchsets": [
+ {
+ "protocol": "HTTP",
+ "matchlist": [
+ {
+ "regex": ".*\\.https-delivery-service\\..*"
+ }
+ ]
+ }
+ ],
+ "protocol": {
+ "acceptHttps": "true"
+ },
+ "sslEnabled": "true",
+ "domains": [
+ "*.https-delivery-service.thecdn.example.com"
+ ]
+ },
+ "dnssec-delivery-service": {
+ "matchsets": [
+ {
+ "protocol": "DNS",
+ "matchlist": [
+ {
+ "regex": ".*\\.dnssec-delivery-service\\..*"
+ }
+ ]
+ }
+ ],
+ "protocol": {
+ "acceptHttps": "true"
+ },
+ "sslEnabled": "true",
+ "domains": [
+ "*.dnssec-delivery-service.thecdn.example.com"
+ ]
+ }
+}