feat(outbound): admin test action for reachability + TLS summary

POST /{id}/test issues a synthetic probe against the connection URL. TLS protocol/cipher/peer-cert details stubbed for now (Plan 02 follow-up). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 16:47:36 +02:00
parent ea4c56e7f6
commit 87b8a71205
2 changed files with 82 additions and 1 deletions
--- a/cameleer-server-app/src/main/java/com/cameleer/server/app/outbound/controller/OutboundConnectionAdminController.java
+++ b/cameleer-server-app/src/main/java/com/cameleer/server/app/outbound/controller/OutboundConnectionAdminController.java
@@ -3,14 +3,23 @@ package com.cameleer.server.app.outbound.controller;
 import com.cameleer.server.app.outbound.crypto.SecretCipher;
 import com.cameleer.server.app.outbound.dto.OutboundConnectionDto;
 import com.cameleer.server.app.outbound.dto.OutboundConnectionRequest;
+import com.cameleer.server.app.outbound.dto.OutboundConnectionTestResult;
 import com.cameleer.server.core.admin.AuditCategory;
 import com.cameleer.server.core.admin.AuditResult;
 import com.cameleer.server.core.admin.AuditService;
+import com.cameleer.server.core.http.OutboundHttpClientFactory;
+import com.cameleer.server.core.http.OutboundHttpRequestContext;
 import com.cameleer.server.core.outbound.OutboundConnection;
 import com.cameleer.server.core.outbound.OutboundConnectionService;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
+import org.apache.hc.client5.http.classic.methods.HttpPost;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.core5.http.ContentType;
+import org.apache.hc.core5.http.HttpEntity;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
+import org.apache.hc.core5.http.io.entity.StringEntity;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -25,6 +34,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.server.ResponseStatusException;

+import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
@@ -38,11 +48,14 @@ public class OutboundConnectionAdminController {
    private final OutboundConnectionService service;
    private final SecretCipher cipher;
    private final AuditService audit;
+    private final OutboundHttpClientFactory httpClientFactory;

-    public OutboundConnectionAdminController(OutboundConnectionService service, SecretCipher cipher, AuditService audit) {
+    public OutboundConnectionAdminController(OutboundConnectionService service, SecretCipher cipher,
+                                             AuditService audit, OutboundHttpClientFactory httpClientFactory) {
        this.service = service;
        this.cipher = cipher;
        this.audit = audit;
+        this.httpClientFactory = httpClientFactory;
    }

    @GetMapping
@@ -94,6 +107,36 @@ public class OutboundConnectionAdminController {
        return ResponseEntity.noContent().build();
    }

+    @PostMapping("/{id}/test")
+    public OutboundConnectionTestResult test(@PathVariable UUID id, HttpServletRequest httpRequest) {
+        String userId = currentUserId();
+        OutboundConnection c = service.get(id);
+        long t0 = System.currentTimeMillis();
+        try {
+            var ctx = new OutboundHttpRequestContext(c.tlsTrustMode(), c.tlsCaPemPaths(), null, null);
+            CloseableHttpClient client = httpClientFactory.clientFor(ctx);
+            HttpPost request = new HttpPost(c.url());
+            request.setEntity(new StringEntity("{\"probe\":true}", ContentType.APPLICATION_JSON));
+            try (var resp = client.execute(request)) {
+                long latency = System.currentTimeMillis() - t0;
+                HttpEntity entity = resp.getEntity();
+                String body = entity == null ? "" : EntityUtils.toString(entity, StandardCharsets.UTF_8);
+                String snippet = body.substring(0, Math.min(512, body.length()));
+                audit.log("test_outbound_connection", AuditCategory.OUTBOUND_CONNECTION_CHANGE,
+                        id.toString(), Map.of("status", resp.getCode(), "latencyMs", latency),
+                        AuditResult.SUCCESS, httpRequest);
+                return new OutboundConnectionTestResult(resp.getCode(), latency, snippet,
+                        "TLS", null, null, null, null);
+            }
+        } catch (Exception e) {
+            long latency = System.currentTimeMillis() - t0;
+            audit.log("test_outbound_connection", AuditCategory.OUTBOUND_CONNECTION_CHANGE,
+                    id.toString(), Map.of("error", e.getClass().getSimpleName(), "latencyMs", latency),
+                    AuditResult.FAILURE, httpRequest);
+            return new OutboundConnectionTestResult(0, latency, null, null, null, null, null, e.getMessage());
+        }
+    }
+
    private OutboundConnection toDraft(OutboundConnectionRequest req) {
        String cipherSecret = (req.hmacSecret() == null || req.hmacSecret().isBlank())
                ? null : cipher.encrypt(req.hmacSecret());