aboutsummaryrefslogtreecommitdiffstats
path: root/datafile-app-server/src
diff options
context:
space:
mode:
authorecaiyanlinux <martin.c.yan@est.tech>2019-09-06 15:24:59 +0000
committerecaiyanlinux <martin.c.yan@est.tech>2019-09-06 15:24:59 +0000
commit6c925362213b8f05612b309fb50fa4c0b5650224 (patch)
tree50b91263d7d457721627b87e7ac6e8f9a81c740d /datafile-app-server/src
parente92d9f47629e635ae70c856615556476d266cb3f (diff)
TLS init container usage
Change-Id: Iec51c722f6a3a519fd7eb0f37f8b801eebbc039b Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Diffstat (limited to 'datafile-app-server/src')
-rw-r--r--datafile-app-server/src/main/docker/Dockerfile9
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java2
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java10
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java4
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java41
-rw-r--r--datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java4
-rw-r--r--datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java10
-rw-r--r--datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java8
-rw-r--r--datafile-app-server/src/test/resources/datafile_endpoints_test.json8
-rw-r--r--datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json8
-rw-r--r--datafile-app-server/src/test/resources/dfc.jksbin0 -> 2151 bytes
-rw-r--r--datafile-app-server/src/test/resources/dfc.jks.pass1
-rw-r--r--datafile-app-server/src/test/resources/ftp.jksbin0 -> 855 bytes
-rw-r--r--datafile-app-server/src/test/resources/ftp.jks.pass1
14 files changed, 60 insertions, 46 deletions
diff --git a/datafile-app-server/src/main/docker/Dockerfile b/datafile-app-server/src/main/docker/Dockerfile
index 7343128a..bfd952e0 100644
--- a/datafile-app-server/src/main/docker/Dockerfile
+++ b/datafile-app-server/src/main/docker/Dockerfile
@@ -24,18 +24,13 @@ RUN mkdir -p /var/log/ONAP
ADD /target/datafile-app-server.jar /opt/app/datafile/
ADD /config/application.yaml /opt/app/datafile/config/
-ADD /config/dfc.jks.b64 /opt/app/datafile/config/
-ADD /config/ftp.jks.b64 /opt/app/datafile/config/
EXPOSE 8100 8433
RUN addgroup -S onap && adduser -S datafile -G onap
-RUN chown -R datafile:onap /opt/app/datafile
RUN chown -R datafile:onap /var/log/ONAP
-RUN base64 -d /opt/app/datafile/config/dfc.jks.b64 > /opt/app/datafile/config/dfc.jks && base64 -d /opt/app/datafile/config/ftp.jks.b64 > /opt/app/datafile/config/ftp.jks
-RUN chown -R datafile:onap /opt/app/datafile/config/*
-RUN chmod -R 755 /opt/app/datafile/config/
+RUN chmod -R 777 /opt/app/datafile/config/
USER datafile
-ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"]
+ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"] \ No newline at end of file
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
index 58081a89..21c51566 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java
@@ -217,7 +217,7 @@ public class AppConfig {
}
private synchronized void setConfiguration(@NotNull ConsumerConfiguration consumerConfiguration,
- @NotNull Map<String, PublisherConfiguration> publisherConfiguration, @NotNull FtpesConfig ftpesConfig) {
+ @NotNull Map<String, PublisherConfiguration> publisherConfiguration, @NotNull FtpesConfig ftpesConfig) {
this.dmaapConsumerConfiguration = consumerConfiguration;
this.publishingConfigurations = publisherConfiguration;
this.ftpesConfiguration = ftpesConfig;
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
index fc550ab0..23197025 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java
@@ -25,11 +25,10 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Set;
import javax.validation.constraints.NotNull;
-import java.util.Set;
-
import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException;
/**
@@ -56,7 +55,8 @@ public class CloudConfigParser {
/**
* Get the publisher configurations.
*
- * @return a map with change identifier as key and the connected publisher configuration as value.
+ * @return a map with change identifier as key and the connected publisher configuration as
+ * value.
*
* @throws DatafileTaskException if a member of the configuration is missing.
*/
@@ -122,9 +122,9 @@ public class CloudConfigParser {
public @NotNull FtpesConfig getFtpesConfig() throws DatafileTaskException {
return new ImmutableFtpesConfig.Builder() //
.keyCert(getAsString(jsonObject, "dmaap.ftpesConfig.keyCert"))
- .keyPassword(getAsString(jsonObject, "dmaap.ftpesConfig.keyPassword"))
+ .keyPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.keyPasswordPath"))
.trustedCa(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCa"))
- .trustedCaPassword(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPassword")) //
+ .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPasswordPath")) //
.build();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java
index e12365e4..e7107976 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java
@@ -39,12 +39,12 @@ public abstract class FtpesConfig implements Serializable {
@Value.Parameter
@Value.Redacted
- public abstract String keyPassword();
+ public abstract String keyPasswordPath();
@Value.Parameter
public abstract String trustedCa();
@Value.Parameter
@Value.Redacted
- public abstract String trustedCaPassword();
+ public abstract String trustedCaPasswordPath();
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java
index 2d126ff8..76eb8637 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java
@@ -21,7 +21,9 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.nio.file.Files;
import java.nio.file.Path;
+import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -58,34 +60,34 @@ public class FtpsClient implements FileCollectClient {
private static TrustManager theTrustManager = null;
private final String keyCertPath;
- private final String keyCertPassword;
+ private final String keyCertPasswordPath;
private final Path trustedCaPath;
- private final String trustedCaPassword;
+ private final String trustedCaPasswordPath;
/**
* Constructor.
*
* @param fileServerData info needed to connect to the PNF.
* @param keyCertPath path to DFC's key cert.
- * @param keyCertPassword password for DFC's key cert.
+ * @param keyCertPasswordPath path of file containing password for DFC's key cert.
* @param trustedCaPath path to the PNF's trusted keystore.
- * @param trustedCaPassword password for the PNF's trusted keystore.
+ * @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore.
*/
- public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPassword, Path trustedCaPath,
- String trustedCaPassword) {
+ public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath,
+ String trustedCaPasswordPath) {
this.fileServerData = fileServerData;
this.keyCertPath = keyCertPath;
- this.keyCertPassword = keyCertPassword;
+ this.keyCertPasswordPath = keyCertPasswordPath;
this.trustedCaPath = trustedCaPath;
- this.trustedCaPassword = trustedCaPassword;
+ this.trustedCaPasswordPath = trustedCaPasswordPath;
}
@Override
public void open() throws DatafileTaskException {
try {
realFtpsClient.setNeedClientAuth(true);
- realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPassword));
- realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPassword));
+ realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath));
+ realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath));
setUpConnection();
} catch (DatafileTaskException e) {
throw e;
@@ -185,8 +187,15 @@ public class FtpsClient implements FileCollectClient {
return output;
}
- protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPassword)
+ protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPasswordPath)
throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException {
+ String trustedCaPassword = "";
+ try {
+ trustedCaPassword = new String(Files.readAllBytes(Paths.get(trustedCaPasswordPath)));
+ } catch (IOException e) {
+ logger.error("Truststore password file at path: {} cannot be opened ", trustedCaPasswordPath);
+ e.printStackTrace();
+ }
synchronized (FtpsClient.class) {
if (theTrustManager == null) {
theTrustManager = createTrustManager(trustedCaPath, trustedCaPassword);
@@ -195,8 +204,16 @@ public class FtpsClient implements FileCollectClient {
}
}
- protected KeyManager createKeyManager(String keyCertPath, String keyCertPassword)
+ protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath)
throws IOException, GeneralSecurityException {
+ String keyCertPassword = "";
+ try {
+ keyCertPassword = new String(Files.readAllBytes(Paths.get(keyCertPasswordPath)));
+ } catch (IOException e) {
+ logger.error("Keystore password file at path: {} cannot be opened ", keyCertPasswordPath);
+ e.printStackTrace();
+ }
+
return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword);
}
}
diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
index bccbb5fc..a1f8a66e 100644
--- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
+++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java
@@ -159,7 +159,7 @@ public class FileCollector {
protected FtpsClient createFtpsClient(FileData fileData) {
FtpesConfig config = datafileAppConfig.getFtpesConfiguration();
- return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPassword(),
- Paths.get(config.trustedCa()), config.trustedCaPassword());
+ return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(),
+ Paths.get(config.trustedCa()), config.trustedCaPasswordPath());
}
}
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java
index c20dc2f3..d0f02d69 100644
--- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java
@@ -121,10 +121,10 @@ public class AppConfigTest {
private static final ImmutableFtpesConfig CORRECT_FTPES_CONFIGURATION = //
new ImmutableFtpesConfig.Builder() //
- .keyCert("/config/dfc.jks") //
- .keyPassword("secret") //
- .trustedCa("config/ftp.jks") //
- .trustedCaPassword("secret") //
+ .keyCert("/src/test/resources/dfc.jks") //
+ .keyPasswordPath("/src/test/resources/dfc.jks.pass") //
+ .trustedCa("/src/test/resources/ftp.jks") //
+ .trustedCaPasswordPath("/src/test/resources/ftp.jks.pass") //
.build();
private static final ImmutableDmaapPublisherConfiguration CORRECT_DMAAP_PUBLISHER_CONFIG = //
@@ -270,7 +270,7 @@ public class AppConfigTest {
}
@Test
- public void whenPeriodicConfigRefreshNoConsul() {
+ public void whenPeriodicConfigRefreshNoConsul() {
EnvProperties props = properties();
doReturn(Mono.just(props)).when(appConfigUnderTest).getEnvironment(any(), any());
diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java
index 2534f645..e5523251 100644
--- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java
+++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java
@@ -83,9 +83,9 @@ public class FileCollectorTest {
private static final String FILE_FORMAT_VERSION = "V10";
private static final String FTP_KEY_PATH = "ftpKeyPath";
- private static final String FTP_KEY_PASSWORD = "ftpKeyPassword";
+ private static final String FTP_KEY_PASSWORD_PATH = "ftpKeyPassword";
private static final String TRUSTED_CA_PATH = "trustedCAPath";
- private static final String TRUSTED_CA_PASSWORD = "trustedCAPassword";
+ private static final String TRUSTED_CA_PASSWORD_PATH = "trustedCAPassword";
private static final String CHANGE_IDENTIFIER = "PM_MEAS_FILES";
private static AppConfig appConfigMock = mock(AppConfig.class);
@@ -146,9 +146,9 @@ public class FileCollectorTest {
static void setUpConfiguration() {
when(appConfigMock.getFtpesConfiguration()).thenReturn(ftpesConfigMock);
when(ftpesConfigMock.keyCert()).thenReturn(FTP_KEY_PATH);
- when(ftpesConfigMock.keyPassword()).thenReturn(FTP_KEY_PASSWORD);
+ when(ftpesConfigMock.keyPasswordPath()).thenReturn(FTP_KEY_PASSWORD_PATH);
when(ftpesConfigMock.trustedCa()).thenReturn(TRUSTED_CA_PATH);
- when(ftpesConfigMock.trustedCaPassword()).thenReturn(TRUSTED_CA_PASSWORD);
+ when(ftpesConfigMock.trustedCaPasswordPath()).thenReturn(TRUSTED_CA_PASSWORD_PATH);
}
@BeforeEach
diff --git a/datafile-app-server/src/test/resources/datafile_endpoints_test.json b/datafile-app-server/src/test/resources/datafile_endpoints_test.json
index 8913dc48..58f4eb89 100644
--- a/datafile-app-server/src/test/resources/datafile_endpoints_test.json
+++ b/datafile-app-server/src/test/resources/datafile_endpoints_test.json
@@ -1,10 +1,10 @@
{
"config": {
"//description": "This file is only used for testing purposes",
- "dmaap.ftpesConfig.keyCert": "/config/dfc.jks",
- "dmaap.ftpesConfig.keyPassword": "secret",
- "dmaap.ftpesConfig.trustedCa": "config/ftp.jks",
- "dmaap.ftpesConfig.trustedCaPassword": "secret",
+ "dmaap.ftpesConfig.keyCert": "/src/test/resources/dfc.jks",
+ "dmaap.ftpesConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass",
+ "dmaap.ftpesConfig.trustedCa": "/src/test/resources/ftp.jks",
+ "dmaap.ftpesConfig.trustedCaPasswordPath": "/src/test/resources/ftp.jks.pass",
"dmaap.security.trustStorePath": "trustStorePath",
"dmaap.security.trustStorePasswordPath": "trustStorePasswordPath",
"dmaap.security.keyStorePath": "keyStorePath",
diff --git a/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json b/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json
index 61b324ce..40c28dde 100644
--- a/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json
+++ b/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json
@@ -1,10 +1,10 @@
{
"config": {
"//description": "This file is only used for testing purposes",
- "dmaap.ftpesConfig.keyCert": "/config/dfc.jks",
- "dmaap.ftpesConfig.keyPassword": "secret",
- "dmaap.ftpesConfig.trustedCa": "config/ftp.jks",
- "dmaap.ftpesConfig.trustedCaPassword": "secret",
+ "dmaap.ftpesConfig.keyCert": "/src/test/resources/dfc.jks",
+ "dmaap.ftpesConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass",
+ "dmaap.ftpesConfig.trustedCa": "/src/test/resources/ftp.jks",
+ "dmaap.ftpesConfig.trustedCaPasswordPath": "/src/test/resources/ftp.jks.pass",
"dmaap.security.trustStorePath": "trustStorePath",
"dmaap.security.trustStorePasswordPath": "trustStorePasswordPath",
"dmaap.security.keyStorePath": "keyStorePath",
diff --git a/datafile-app-server/src/test/resources/dfc.jks b/datafile-app-server/src/test/resources/dfc.jks
new file mode 100644
index 00000000..cdd1191b
--- /dev/null
+++ b/datafile-app-server/src/test/resources/dfc.jks
Binary files differ
diff --git a/datafile-app-server/src/test/resources/dfc.jks.pass b/datafile-app-server/src/test/resources/dfc.jks.pass
new file mode 100644
index 00000000..d97c5ead
--- /dev/null
+++ b/datafile-app-server/src/test/resources/dfc.jks.pass
@@ -0,0 +1 @@
+secret
diff --git a/datafile-app-server/src/test/resources/ftp.jks b/datafile-app-server/src/test/resources/ftp.jks
new file mode 100644
index 00000000..427ea231
--- /dev/null
+++ b/datafile-app-server/src/test/resources/ftp.jks
Binary files differ
diff --git a/datafile-app-server/src/test/resources/ftp.jks.pass b/datafile-app-server/src/test/resources/ftp.jks.pass
new file mode 100644
index 00000000..d97c5ead
--- /dev/null
+++ b/datafile-app-server/src/test/resources/ftp.jks.pass
@@ -0,0 +1 @@
+secret