From 64f05aab8c6dceb78ec6a54d3cc1d20d081174d2 Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Mon, 27 Nov 2023 10:32:00 +0200 Subject: [PATCH 1/2] Use java 17 for SonarCloud WE2-841 Signed-off-by: Raul Metsma --- .github/workflows/sonarcloud-analysis.yml | 8 ++++---- pom.xml | 2 +- src/main/java/eu/webeid/security/util/DateAndTime.java | 6 +++++- .../certvalidators/SubjectCertificateExpiryValidator.java | 2 +- .../SubjectCertificateTrustedValidator.java | 2 +- src/test/java/eu/webeid/security/testutil/Dates.java | 4 +++- .../SubjectCertificateNotRevokedValidatorTest.java | 4 ++-- 7 files changed, 17 insertions(+), 11 deletions(-) diff --git a/.github/workflows/sonarcloud-analysis.yml b/.github/workflows/sonarcloud-analysis.yml index dd85e358..2ed0c3a2 100644 --- a/.github/workflows/sonarcloud-analysis.yml +++ b/.github/workflows/sonarcloud-analysis.yml @@ -9,14 +9,14 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis - - name: Set up JDK 11 + - name: Set up JDK 17 uses: actions/setup-java@v3 with: distribution: zulu - java-version: 11 + java-version: 17 - name: Cache SonarCloud packages uses: actions/cache@v3 with: @@ -28,7 +28,7 @@ jobs: with: path: ~/.m2 key: ${{ runner.os }}-m2-v11-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2-v11 + restore-keys: ${{ runner.os }}-m2-v17 - name: Build and analyze env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any diff --git a/pom.xml b/pom.xml index 66549ade..0f2ff0f9 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 2.22.2 3.3.0 3.6.2 - 0.8.5 + 0.8.8 ${project.basedir}/../jacoco-coverage-report/target/site/jacoco-aggregate/jacoco.xml diff --git a/src/main/java/eu/webeid/security/util/DateAndTime.java b/src/main/java/eu/webeid/security/util/DateAndTime.java index 0e5b0092..470da470 100644 --- a/src/main/java/eu/webeid/security/util/DateAndTime.java +++ b/src/main/java/eu/webeid/security/util/DateAndTime.java @@ -45,7 +45,11 @@ public static void requirePositiveDuration(Duration duration, String fieldName) public static class DefaultClock implements Clock { - public static final Clock INSTANCE = new DefaultClock(); + protected static Clock instance = new DefaultClock(); + + public static Clock getInstance() { + return instance; + } @Override public Date now() { diff --git a/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateExpiryValidator.java b/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateExpiryValidator.java index 90e35076..e24119d2 100644 --- a/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateExpiryValidator.java +++ b/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateExpiryValidator.java @@ -52,7 +52,7 @@ public SubjectCertificateExpiryValidator(Set trustedCACertificateAn */ public void validateCertificateExpiry(X509Certificate subjectCertificate) throws AuthTokenException { // Use the clock instance so that the date can be mocked in tests. - final Date now = DateAndTime.DefaultClock.INSTANCE.now(); + final Date now = DateAndTime.DefaultClock.getInstance().now(); CertificateValidator.trustedCACertificatesAreValidOnDate(trustedCACertificateAnchors, now); LOG.debug("CA certificates are valid."); CertificateValidator.certificateIsValidOnDate(subjectCertificate, now, "User"); diff --git a/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateTrustedValidator.java b/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateTrustedValidator.java index 0471d5a6..91f4c194 100644 --- a/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateTrustedValidator.java +++ b/src/main/java/eu/webeid/security/validator/certvalidators/SubjectCertificateTrustedValidator.java @@ -56,7 +56,7 @@ public SubjectCertificateTrustedValidator(Set trustedCACertificateA */ public void validateCertificateTrusted(X509Certificate subjectCertificate) throws AuthTokenException { // Use the clock instance so that the date can be mocked in tests. - final Date now = DateAndTime.DefaultClock.INSTANCE.now(); + final Date now = DateAndTime.DefaultClock.getInstance().now(); subjectCertificateIssuerCertificate = CertificateValidator.validateIsSignedByTrustedCA( subjectCertificate, trustedCACertificateAnchors, diff --git a/src/test/java/eu/webeid/security/testutil/Dates.java b/src/test/java/eu/webeid/security/testutil/Dates.java index d6179c1c..c19c5244 100644 --- a/src/test/java/eu/webeid/security/testutil/Dates.java +++ b/src/test/java/eu/webeid/security/testutil/Dates.java @@ -47,16 +47,18 @@ public static void resetMockedCertificateValidatorDate() throws NoSuchFieldExcep } private static void setClockField(Class cls, Date date) throws NoSuchFieldException, IllegalAccessException { - final Field clockField = cls.getDeclaredField("INSTANCE"); + final Field clockField = cls.getDeclaredField("instance"); setFinalStaticField(clockField, (Clock) () -> date); } private static void setFinalStaticField(Field field, Object newValue) throws NoSuchFieldException, IllegalAccessException { field.setAccessible(true); + /* https://stackoverflow.com/questions/56039341/get-declared-fields-of-java-lang-reflect-fields-in-jdk12 final Field modifiersField = Field.class.getDeclaredField("modifiers"); modifiersField.setAccessible(true); modifiersField.setInt(field, field.getModifiers() & ~Modifier.FINAL); + */ field.set(null, newValue); } diff --git a/src/test/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.java b/src/test/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.java index b4df0496..faaea759 100644 --- a/src/test/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.java +++ b/src/test/java/eu/webeid/security/validator/certvalidators/SubjectCertificateNotRevokedValidatorTest.java @@ -114,14 +114,14 @@ void whenOcspUrlIsInvalid_thenThrows() throws Exception { @Test void whenOcspRequestFails_thenThrows() throws Exception { - final OcspServiceProvider ocspServiceProvider = getDesignatedOcspServiceProvider("https://web-eid-test.free.beeceptor.com"); + final OcspServiceProvider ocspServiceProvider = getDesignatedOcspServiceProvider("http://demo.sk.ee/ocsps"); final SubjectCertificateNotRevokedValidator validator = new SubjectCertificateNotRevokedValidator(trustedValidator, ocspClient, ocspServiceProvider); assertThatCode(() -> validator.validateCertificateNotRevoked(estEid2018Cert)) .isInstanceOf(UserCertificateOCSPCheckFailedException.class) .cause() .isInstanceOf(IOException.class) - .hasMessageStartingWith("OCSP request was not successful, response: (POST https://web-eid-test.free.beeceptor.com) 404"); + .hasMessageStartingWith("OCSP request was not successful, response: (POST http://demo.sk.ee/ocsps) 404"); } @Test From c36ad582e7f6fb44da21d5ef9dd54cb436f01072 Mon Sep 17 00:00:00 2001 From: Mart Somermaa Date: Fri, 16 Feb 2024 17:36:29 +0200 Subject: [PATCH 2/2] Use Mockito.mockStatic() for mocking DateAndTime.DefaultClock WE2-841 Signed-off-by: Mart Somermaa --- pom.xml | 4 +- .../eu/webeid/security/util/DateAndTime.java | 3 +- .../eu/webeid/security/testutil/Dates.java | 37 +++---------------- .../validator/AuthTokenCertificateTest.java | 33 +++++++++++------ 4 files changed, 31 insertions(+), 46 deletions(-) diff --git a/pom.xml b/pom.xml index 0f2ff0f9..a7403636 100644 --- a/pom.xml +++ b/pom.xml @@ -113,7 +113,7 @@ - + org.apache.maven.plugins maven-javadoc-plugin @@ -152,7 +152,7 @@ -