/**
* Copyright (c) Codice Foundation
* <p/>
* This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
* General Public License as published by the Free Software Foundation, either version 3 of the
* License, or any later version.
* <p/>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. A copy of the GNU Lesser General Public License
* is distributed along with this program and can be found at
* <http://www.gnu.org/licenses/lgpl.html>.
*/
package org.codice.ddf.admin.insecure.defaults.service;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.codice.ddf.admin.insecure.defaults.service.Alert.Level;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class PlatformGlobalConfigurationValidator implements Validator {
static final String PROTCOL_IN_PLATFORM_GLOBAL_CONFIG_IS_HTTP = "The [%s] in Platform Global Configuration is set to [http].";
private static final Logger LOGGER = LoggerFactory
.getLogger(PlatformGlobalConfigurationValidator.class);
private static final String PLATFORM_GLOBAL_CONFIGURATION_PID = "ddf.platform.config";
private static final String PROTOCOL_PROPERTY = "protocol";
private static final String HTTP_PROTOCOL = "http://";
private ConfigurationAdmin configAdmin;
private List<Alert> alerts;
public PlatformGlobalConfigurationValidator(ConfigurationAdmin configAdmin) {
alerts = new ArrayList<>();
this.configAdmin = configAdmin;
}
public List<Alert> validate() {
alerts = new ArrayList<>();
validateHttpIsDisabled();
return alerts;
}
private void validateHttpIsDisabled() {
try {
if (configAdmin != null) {
Configuration config = configAdmin
.getConfiguration(PLATFORM_GLOBAL_CONFIGURATION_PID);
Dictionary<String, Object> properties = config.getProperties();
LOGGER.debug("props: {}", properties.toString());
String protocol = (String) properties.get(PROTOCOL_PROPERTY);
if (StringUtils.equalsIgnoreCase(protocol, HTTP_PROTOCOL)) {
alerts.add(new Alert(Level.WARN,
String.format(PROTCOL_IN_PLATFORM_GLOBAL_CONFIG_IS_HTTP,
PROTOCOL_PROPERTY)));
}
} else {
String msg = "Unable to determine if Platform Global Configuration has insecure defaults. Cannot access Configuration Admin.";
alerts.add(new Alert(Level.WARN, msg));
}
} catch (IOException e) {
String msg = "Unable to determine if Platform Global Configuration has insecure defaults. ";
LOGGER.warn(msg, e);
alerts.add(new Alert(Level.WARN, msg + e.getMessage()));
}
}
}