Skip to content

Commit

Permalink
added null check for tc issue 2254 when the deliveryservice is missin…
Browse files Browse the repository at this point in the history 
…g from the ssl keys
  • Loading branch information
@dewrich @dangogh
dewrich authored and dangogh committed Jul 3, 2018
1 parent e8fa8ea commit 55b4a6e
Show file tree
Hide file tree
Showing 3 changed files with 87 additions and 2 deletions.
5 changes: 4 additions & 1 deletion ...n/java/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateChecker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,10 @@ private Boolean deliveryServiceHasValidCertificates(final List<CertificateData>
}

for (final CertificateData certificateData : certificateDataList) {
if (certificateData.getDeliveryservice().equals(deliveryServiceId)) {
String certificateDeliveryServiceId = certificateData.getDeliveryservice();
if (deliveryServiceId == null) {
LOGGER.error("Delivery Service name is blank for hostname '" + certificateData.getHostname() + "', skipping.");
} else if ((certificateDeliveryServiceId != null) && (deliveryServiceId != null) && (certificateDeliveryServiceId.equals(deliveryServiceId))) {
LOGGER.debug("Delivery Service " + deliveryServiceId + " has certificate data for https");
return true;
}
Expand Down
25 changes: 24 additions & 1 deletion ...va/com/comcast/cdn/traffic_control/traffic_router/core/config/CertificateCheckerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,15 @@ public class CertificateCheckerTest {

private JsonNode deliveryServicesJson;
private List<CertificateData> certificateDataList;
private CertificateData certificateData;

@Before
public void before() throws Exception {
Certificate certificate = new Certificate();
certificate.setCrt("the-crt");
certificate.setKey("the-key");

CertificateData certificateData = new CertificateData();
certificateData = new CertificateData();
certificateData.setHostname("https-delivery-service.thecdn.example.com");
certificateData.setDeliveryservice("https-delivery-service");
certificateData.setCertificate(certificate);
Expand All @@ -51,6 +52,28 @@ public void before() throws Exception {

}

@Test
public void itReturnsFalseWhenDeliveryServiceNameIsNull() throws Exception {
final File file = new File("src/test/resources/deliveryServices_missingDSName.json");
final ObjectMapper mapper = new ObjectMapper();
deliveryServicesJson = mapper.readTree(file);
CertificateChecker certificateChecker = new CertificateChecker();
certificateData.setDeliveryservice(null);

assertThat(certificateChecker.certificatesAreValid(certificateDataList, deliveryServicesJson), equalTo(false));
}

@Test
public void itReturnsFalseWhenDeliveryServiceNameIsBlank() throws Exception {
final File file = new File("src/test/resources/deliveryServices_missingDSName.json");
final ObjectMapper mapper = new ObjectMapper();
deliveryServicesJson = mapper.readTree(file);
CertificateChecker certificateChecker = new CertificateChecker();
certificateData.setDeliveryservice("");

assertThat(certificateChecker.certificatesAreValid(certificateDataList, deliveryServicesJson), equalTo(false));
}

@Test
public void itReturnsTrueWhenAllHttpsDeliveryServicesHaveCertificates() throws Exception {
final File file = new File("src/test/resources/deliveryServices.json");
Expand Down
59 changes: 59 additions & 0 deletions traffic_router/core/src/test/resources/deliveryServices_missingDSName.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"http-delivery-service": {
"matchsets": [
{
"protocol": "HTTP",
"matchlist": [
{
"regex": ".*\\.http-delivery-service\\..*"
}
]
}
],
"protocol": {
"acceptHttps": "false"
},
"sslEnabled": "false",
"domains": [
"*.http-delivery-service.thecdn.example.com"
]
},
"": {
"matchsets": [
{
"protocol": "HTTP",
"matchlist": [
{
"regex": ".*\\.https-delivery-service\\..*"
}
]
}
],
"protocol": {
"acceptHttps": "true"
},
"sslEnabled": "true",
"domains": [
"*.https-delivery-service.thecdn.example.com"
]
},
"dnssec-delivery-service": {
"matchsets": [
{
"protocol": "DNS",
"matchlist": [
{
"regex": ".*\\.dnssec-delivery-service\\..*"
}
]
}
],
"protocol": {
"acceptHttps": "true"
},
"sslEnabled": "true",
"domains": [
"*.dnssec-delivery-service.thecdn.example.com"
]
}
}

0 comments on commit 55b4a6e

Please sign in to comment.