Skip to content

Commit

Permalink
fix(certificates): Empty cert uploads throw 400 instead of 500 (#605)
Browse files Browse the repository at this point in the history
* Add no cert upload test

* Throw 400 on empty cert upload
  • Loading branch information
Janelle Law authored Jul 27, 2021
1 parent 25456c6 commit 7d1d84e
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
package io.cryostat.net.web.http.api.v2;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
Expand Down Expand Up @@ -154,7 +155,7 @@ public IntermediateResponse<Path> handle(RequestParameters params) throws ApiExc
Collection<? extends Certificate> certificates = certValidator.parseCertificates(fis);

if (certificates.isEmpty()) {
throw new ApiException(500, "No certificates found");
throw new FileNotFoundException("No certificates found");
}

try (FileOutputStream out = outputStreamFunction.apply(filePath.toFile())) {
Expand All @@ -165,6 +166,8 @@ public IntermediateResponse<Path> handle(RequestParameters params) throws ApiExc
}
}

} catch (FileNotFoundException e) {
throw new ApiException(400, e.getMessage(), e);
} catch (IOException ioe) {
throw new ApiException(500, ioe.getMessage(), ioe);
} catch (CertificateEncodingException cee) {
Expand Down
42 changes: 29 additions & 13 deletions src/test/java/itest/UploadCertificateIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -39,14 +39,15 @@

import java.io.File;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.ExecutionException;

import io.vertx.core.buffer.Buffer;
import io.vertx.ext.web.client.HttpResponse;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.web.handler.impl.HttpStatusException;
import io.vertx.ext.web.multipart.MultipartForm;
import itest.bases.StandardSelfTest;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

public class UploadCertificateIT extends StandardSelfTest {
Expand All @@ -55,11 +56,12 @@ public class UploadCertificateIT extends StandardSelfTest {
static final String FILE_NAME = "empty.cer";
static final String TRUSTSTORE_CERT = "truststore/" + FILE_NAME;
static final String MEDIA_TYPE = "application/pkix-cert";
static final String REQ_URL = String.format("/api/v2/certificates");

@Test
public void shouldNotAddEmptyCertToTrustStore() throws Exception {

CompletableFuture<Integer> uploadRespFuture = new CompletableFuture<>();
CompletableFuture<Integer> response = new CompletableFuture<>();
ClassLoader classLoader = getClass().getClassLoader();
File emptyCert = new File(classLoader.getResource(FILE_NAME).getFile());
String path = emptyCert.getAbsolutePath();
Expand All @@ -70,20 +72,34 @@ public void shouldNotAddEmptyCertToTrustStore() throws Exception {
.binaryFileUpload(CERT_NAME, FILE_NAME, path, MEDIA_TYPE);

webClient
.post(String.format("/api/v2/certificates"))
.post(REQ_URL)
.sendMultipartForm(
form,
ar -> {
if (ar.failed()) {
uploadRespFuture.completeExceptionally(ar.cause());
return;
}
HttpResponse<Buffer> result = ar.result();
uploadRespFuture.complete(result.statusCode());
assertRequestStatus(ar, response);
});
ExecutionException ex =
Assertions.assertThrows(ExecutionException.class, () -> response.get());
MatcherAssert.assertThat(
((HttpStatusException) ex.getCause()).getStatusCode(), Matchers.equalTo(400));
MatcherAssert.assertThat(ex.getCause().getMessage(), Matchers.equalTo("Bad Request"));
}

@Test
public void shouldThrowWhenPostingWithoutCert() throws Exception {

int statusCode = uploadRespFuture.get(REQUEST_TIMEOUT_SECONDS, TimeUnit.SECONDS);
CompletableFuture<JsonObject> response = new CompletableFuture<>();

MatcherAssert.assertThat(statusCode, Matchers.equalTo(500));
webClient
.post(REQ_URL)
.send(
ar -> {
assertRequestStatus(ar, response);
});
ExecutionException ex =
Assertions.assertThrows(ExecutionException.class, () -> response.get());
MatcherAssert.assertThat(
((HttpStatusException) ex.getCause()).getStatusCode(), Matchers.equalTo(400));
MatcherAssert.assertThat(ex.getCause().getMessage(), Matchers.equalTo("Bad Request"));
}
}

0 comments on commit 7d1d84e

Please sign in to comment.