diff options
author | ecaiyanlinux <martin.c.yan@est.tech> | 2019-09-06 15:24:59 +0000 |
---|---|---|
committer | ecaiyanlinux <martin.c.yan@est.tech> | 2019-09-06 15:24:59 +0000 |
commit | 6c925362213b8f05612b309fb50fa4c0b5650224 (patch) | |
tree | 50b91263d7d457721627b87e7ac6e8f9a81c740d /datafile-app-server/src | |
parent | e92d9f47629e635ae70c856615556476d266cb3f (diff) |
TLS init container usage
Change-Id: Iec51c722f6a3a519fd7eb0f37f8b801eebbc039b
Issue-ID: DCAEGEN2-1702
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Diffstat (limited to 'datafile-app-server/src')
14 files changed, 60 insertions, 46 deletions
diff --git a/datafile-app-server/src/main/docker/Dockerfile b/datafile-app-server/src/main/docker/Dockerfile index 7343128a..bfd952e0 100644 --- a/datafile-app-server/src/main/docker/Dockerfile +++ b/datafile-app-server/src/main/docker/Dockerfile @@ -24,18 +24,13 @@ RUN mkdir -p /var/log/ONAP ADD /target/datafile-app-server.jar /opt/app/datafile/ ADD /config/application.yaml /opt/app/datafile/config/ -ADD /config/dfc.jks.b64 /opt/app/datafile/config/ -ADD /config/ftp.jks.b64 /opt/app/datafile/config/ EXPOSE 8100 8433 RUN addgroup -S onap && adduser -S datafile -G onap -RUN chown -R datafile:onap /opt/app/datafile RUN chown -R datafile:onap /var/log/ONAP -RUN base64 -d /opt/app/datafile/config/dfc.jks.b64 > /opt/app/datafile/config/dfc.jks && base64 -d /opt/app/datafile/config/ftp.jks.b64 > /opt/app/datafile/config/ftp.jks -RUN chown -R datafile:onap /opt/app/datafile/config/* -RUN chmod -R 755 /opt/app/datafile/config/ +RUN chmod -R 777 /opt/app/datafile/config/ USER datafile -ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"] +ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"]
\ No newline at end of file diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java index 58081a89..21c51566 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java @@ -217,7 +217,7 @@ public class AppConfig { } private synchronized void setConfiguration(@NotNull ConsumerConfiguration consumerConfiguration, - @NotNull Map<String, PublisherConfiguration> publisherConfiguration, @NotNull FtpesConfig ftpesConfig) { + @NotNull Map<String, PublisherConfiguration> publisherConfiguration, @NotNull FtpesConfig ftpesConfig) { this.dmaapConsumerConfiguration = consumerConfiguration; this.publishingConfigurations = publisherConfiguration; this.ftpesConfiguration = ftpesConfig; diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java index fc550ab0..23197025 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java @@ -25,11 +25,10 @@ import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; +import java.util.Set; import javax.validation.constraints.NotNull; -import java.util.Set; - import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException; /** @@ -56,7 +55,8 @@ public class CloudConfigParser { /** * Get the publisher configurations. * - * @return a map with change identifier as key and the connected publisher configuration as value. + * @return a map with change identifier as key and the connected publisher configuration as + * value. * * @throws DatafileTaskException if a member of the configuration is missing. */ @@ -122,9 +122,9 @@ public class CloudConfigParser { public @NotNull FtpesConfig getFtpesConfig() throws DatafileTaskException { return new ImmutableFtpesConfig.Builder() // .keyCert(getAsString(jsonObject, "dmaap.ftpesConfig.keyCert")) - .keyPassword(getAsString(jsonObject, "dmaap.ftpesConfig.keyPassword")) + .keyPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.keyPasswordPath")) .trustedCa(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCa")) - .trustedCaPassword(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPassword")) // + .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPasswordPath")) // .build(); } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java index e12365e4..e7107976 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java @@ -39,12 +39,12 @@ public abstract class FtpesConfig implements Serializable { @Value.Parameter @Value.Redacted - public abstract String keyPassword(); + public abstract String keyPasswordPath(); @Value.Parameter public abstract String trustedCa(); @Value.Parameter @Value.Redacted - public abstract String trustedCaPassword(); + public abstract String trustedCaPasswordPath(); } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java index 2d126ff8..76eb8637 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java @@ -21,7 +21,9 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -58,34 +60,34 @@ public class FtpsClient implements FileCollectClient { private static TrustManager theTrustManager = null; private final String keyCertPath; - private final String keyCertPassword; + private final String keyCertPasswordPath; private final Path trustedCaPath; - private final String trustedCaPassword; + private final String trustedCaPasswordPath; /** * Constructor. * * @param fileServerData info needed to connect to the PNF. * @param keyCertPath path to DFC's key cert. - * @param keyCertPassword password for DFC's key cert. + * @param keyCertPasswordPath path of file containing password for DFC's key cert. * @param trustedCaPath path to the PNF's trusted keystore. - * @param trustedCaPassword password for the PNF's trusted keystore. + * @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore. */ - public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPassword, Path trustedCaPath, - String trustedCaPassword) { + public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath, + String trustedCaPasswordPath) { this.fileServerData = fileServerData; this.keyCertPath = keyCertPath; - this.keyCertPassword = keyCertPassword; + this.keyCertPasswordPath = keyCertPasswordPath; this.trustedCaPath = trustedCaPath; - this.trustedCaPassword = trustedCaPassword; + this.trustedCaPasswordPath = trustedCaPasswordPath; } @Override public void open() throws DatafileTaskException { try { realFtpsClient.setNeedClientAuth(true); - realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPassword)); - realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPassword)); + realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath)); + realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath)); setUpConnection(); } catch (DatafileTaskException e) { throw e; @@ -185,8 +187,15 @@ public class FtpsClient implements FileCollectClient { return output; } - protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPassword) + protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPasswordPath) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException { + String trustedCaPassword = ""; + try { + trustedCaPassword = new String(Files.readAllBytes(Paths.get(trustedCaPasswordPath))); + } catch (IOException e) { + logger.error("Truststore password file at path: {} cannot be opened ", trustedCaPasswordPath); + e.printStackTrace(); + } synchronized (FtpsClient.class) { if (theTrustManager == null) { theTrustManager = createTrustManager(trustedCaPath, trustedCaPassword); @@ -195,8 +204,16 @@ public class FtpsClient implements FileCollectClient { } } - protected KeyManager createKeyManager(String keyCertPath, String keyCertPassword) + protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath) throws IOException, GeneralSecurityException { + String keyCertPassword = ""; + try { + keyCertPassword = new String(Files.readAllBytes(Paths.get(keyCertPasswordPath))); + } catch (IOException e) { + logger.error("Keystore password file at path: {} cannot be opened ", keyCertPasswordPath); + e.printStackTrace(); + } + return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword); } } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java index bccbb5fc..a1f8a66e 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java @@ -159,7 +159,7 @@ public class FileCollector { protected FtpsClient createFtpsClient(FileData fileData) { FtpesConfig config = datafileAppConfig.getFtpesConfiguration(); - return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPassword(), - Paths.get(config.trustedCa()), config.trustedCaPassword()); + return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(), + Paths.get(config.trustedCa()), config.trustedCaPasswordPath()); } } diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java index c20dc2f3..d0f02d69 100644 --- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java +++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java @@ -121,10 +121,10 @@ public class AppConfigTest { private static final ImmutableFtpesConfig CORRECT_FTPES_CONFIGURATION = // new ImmutableFtpesConfig.Builder() // - .keyCert("/config/dfc.jks") // - .keyPassword("secret") // - .trustedCa("config/ftp.jks") // - .trustedCaPassword("secret") // + .keyCert("/src/test/resources/dfc.jks") // + .keyPasswordPath("/src/test/resources/dfc.jks.pass") // + .trustedCa("/src/test/resources/ftp.jks") // + .trustedCaPasswordPath("/src/test/resources/ftp.jks.pass") // .build(); private static final ImmutableDmaapPublisherConfiguration CORRECT_DMAAP_PUBLISHER_CONFIG = // @@ -270,7 +270,7 @@ public class AppConfigTest { } @Test - public void whenPeriodicConfigRefreshNoConsul() { + public void whenPeriodicConfigRefreshNoConsul() { EnvProperties props = properties(); doReturn(Mono.just(props)).when(appConfigUnderTest).getEnvironment(any(), any()); diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java index 2534f645..e5523251 100644 --- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java +++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java @@ -83,9 +83,9 @@ public class FileCollectorTest { private static final String FILE_FORMAT_VERSION = "V10"; private static final String FTP_KEY_PATH = "ftpKeyPath"; - private static final String FTP_KEY_PASSWORD = "ftpKeyPassword"; + private static final String FTP_KEY_PASSWORD_PATH = "ftpKeyPassword"; private static final String TRUSTED_CA_PATH = "trustedCAPath"; - private static final String TRUSTED_CA_PASSWORD = "trustedCAPassword"; + private static final String TRUSTED_CA_PASSWORD_PATH = "trustedCAPassword"; private static final String CHANGE_IDENTIFIER = "PM_MEAS_FILES"; private static AppConfig appConfigMock = mock(AppConfig.class); @@ -146,9 +146,9 @@ public class FileCollectorTest { static void setUpConfiguration() { when(appConfigMock.getFtpesConfiguration()).thenReturn(ftpesConfigMock); when(ftpesConfigMock.keyCert()).thenReturn(FTP_KEY_PATH); - when(ftpesConfigMock.keyPassword()).thenReturn(FTP_KEY_PASSWORD); + when(ftpesConfigMock.keyPasswordPath()).thenReturn(FTP_KEY_PASSWORD_PATH); when(ftpesConfigMock.trustedCa()).thenReturn(TRUSTED_CA_PATH); - when(ftpesConfigMock.trustedCaPassword()).thenReturn(TRUSTED_CA_PASSWORD); + when(ftpesConfigMock.trustedCaPasswordPath()).thenReturn(TRUSTED_CA_PASSWORD_PATH); } @BeforeEach diff --git a/datafile-app-server/src/test/resources/datafile_endpoints_test.json b/datafile-app-server/src/test/resources/datafile_endpoints_test.json index 8913dc48..58f4eb89 100644 --- a/datafile-app-server/src/test/resources/datafile_endpoints_test.json +++ b/datafile-app-server/src/test/resources/datafile_endpoints_test.json @@ -1,10 +1,10 @@ { "config": { "//description": "This file is only used for testing purposes", - "dmaap.ftpesConfig.keyCert": "/config/dfc.jks", - "dmaap.ftpesConfig.keyPassword": "secret", - "dmaap.ftpesConfig.trustedCa": "config/ftp.jks", - "dmaap.ftpesConfig.trustedCaPassword": "secret", + "dmaap.ftpesConfig.keyCert": "/src/test/resources/dfc.jks", + "dmaap.ftpesConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass", + "dmaap.ftpesConfig.trustedCa": "/src/test/resources/ftp.jks", + "dmaap.ftpesConfig.trustedCaPasswordPath": "/src/test/resources/ftp.jks.pass", "dmaap.security.trustStorePath": "trustStorePath", "dmaap.security.trustStorePasswordPath": "trustStorePasswordPath", "dmaap.security.keyStorePath": "keyStorePath", diff --git a/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json b/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json index 61b324ce..40c28dde 100644 --- a/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json +++ b/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json @@ -1,10 +1,10 @@ { "config": { "//description": "This file is only used for testing purposes", - "dmaap.ftpesConfig.keyCert": "/config/dfc.jks", - "dmaap.ftpesConfig.keyPassword": "secret", - "dmaap.ftpesConfig.trustedCa": "config/ftp.jks", - "dmaap.ftpesConfig.trustedCaPassword": "secret", + "dmaap.ftpesConfig.keyCert": "/src/test/resources/dfc.jks", + "dmaap.ftpesConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass", + "dmaap.ftpesConfig.trustedCa": "/src/test/resources/ftp.jks", + "dmaap.ftpesConfig.trustedCaPasswordPath": "/src/test/resources/ftp.jks.pass", "dmaap.security.trustStorePath": "trustStorePath", "dmaap.security.trustStorePasswordPath": "trustStorePasswordPath", "dmaap.security.keyStorePath": "keyStorePath", diff --git a/datafile-app-server/src/test/resources/dfc.jks b/datafile-app-server/src/test/resources/dfc.jks Binary files differnew file mode 100644 index 00000000..cdd1191b --- /dev/null +++ b/datafile-app-server/src/test/resources/dfc.jks diff --git a/datafile-app-server/src/test/resources/dfc.jks.pass b/datafile-app-server/src/test/resources/dfc.jks.pass new file mode 100644 index 00000000..d97c5ead --- /dev/null +++ b/datafile-app-server/src/test/resources/dfc.jks.pass @@ -0,0 +1 @@ +secret diff --git a/datafile-app-server/src/test/resources/ftp.jks b/datafile-app-server/src/test/resources/ftp.jks Binary files differnew file mode 100644 index 00000000..427ea231 --- /dev/null +++ b/datafile-app-server/src/test/resources/ftp.jks diff --git a/datafile-app-server/src/test/resources/ftp.jks.pass b/datafile-app-server/src/test/resources/ftp.jks.pass new file mode 100644 index 00000000..d97c5ead --- /dev/null +++ b/datafile-app-server/src/test/resources/ftp.jks.pass @@ -0,0 +1 @@ +secret |