From 6c925362213b8f05612b309fb50fa4c0b5650224 Mon Sep 17 00:00:00 2001 From: ecaiyanlinux Date: Fri, 6 Sep 2019 15:24:59 +0000 Subject: TLS init container usage Change-Id: Iec51c722f6a3a519fd7eb0f37f8b801eebbc039b Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux --- .gitignore | 5 ++- datafile-app-server/config/dfc.jks.b64 | 38 ------------------- datafile-app-server/config/ftp.jks.b64 | 15 -------- .../dpo/blueprints/k8s-datafile.yaml | 8 ++-- .../dpo/spec/datafile-component-spec.json | 14 +++---- datafile-app-server/dpo/tosca_models/schema.yaml | 4 +- datafile-app-server/dpo/tosca_models/template.yaml | 14 +++---- .../dpo/tosca_models/translate.yaml | 4 +- datafile-app-server/src/main/docker/Dockerfile | 9 +---- .../datafile/configuration/AppConfig.java | 2 +- .../datafile/configuration/CloudConfigParser.java | 10 ++--- .../datafile/configuration/FtpesConfig.java | 4 +- .../collectors/datafile/ftp/FtpsClient.java | 41 +++++++++++++++------ .../collectors/datafile/tasks/FileCollector.java | 4 +- .../datafile/configuration/AppConfigTest.java | 10 ++--- .../datafile/tasks/FileCollectorTest.java | 8 ++-- .../test/resources/datafile_endpoints_test.json | 8 ++-- .../datafile_endpoints_test_2producers.json | 8 ++-- datafile-app-server/src/test/resources/dfc.jks | Bin 0 -> 2151 bytes .../src/test/resources/dfc.jks.pass | 1 + datafile-app-server/src/test/resources/ftp.jks | Bin 0 -> 855 bytes .../src/test/resources/ftp.jks.pass | 1 + 22 files changed, 86 insertions(+), 122 deletions(-) delete mode 100644 datafile-app-server/config/dfc.jks.b64 delete mode 100644 datafile-app-server/config/ftp.jks.b64 create mode 100644 datafile-app-server/src/test/resources/dfc.jks create mode 100644 datafile-app-server/src/test/resources/dfc.jks.pass create mode 100644 datafile-app-server/src/test/resources/ftp.jks create mode 100644 datafile-app-server/src/test/resources/ftp.jks.pass diff --git a/.gitignore b/.gitignore index 37707c82..9ec364ab 100644 --- a/.gitignore +++ b/.gitignore @@ -48,4 +48,7 @@ buildNumber.properties # CheckStyle files .checkstyle -opt/ \ No newline at end of file +opt/ + +# Visual Studio Code +.factorypath diff --git a/datafile-app-server/config/dfc.jks.b64 b/datafile-app-server/config/dfc.jks.b64 deleted file mode 100644 index 51ef7157..00000000 --- a/datafile-app-server/config/dfc.jks.b64 +++ /dev/null @@ -1,38 +0,0 @@ -/u3+7QAAAAIAAAABAAAAAQAJZGZjLWFsaWFzAAABaedrEsIAAAUDMIIE/zAOBgorBgEEASoCEQEB -BQAEggTr39Fun17MOOGVKhhPeKYytr+zujW22QZYupkUVNYMy7FsPbKB2IkUuVl2V9Xdq2As29aO -OP39WI2oLy9VU4rwfhl+3BSB33GIezCaDKrakc6tDbtKpiF8eZ7rbqrvGKNvzepNh72QSANxa6Us -SY6KJcRk33VPok7G/c+FU5LH4un9D5xs7bEX2nCxzOzhaiodqZxWNJn6N3j89sD6Ofvq4h5lEhTJ -uckdfCsYlIRk76l4M+a8gCEHEpWOBVGUsVJEvq9I0gk97+OBDFPnlCGC8ASwYSI7C7pOsiwCB8xr -LdQsCCOpWIhh08CYVEFt8pTeD8GizBuLaO+mEQmrPgQMqwp7MB4fOTQHX63i6IY4iPTvjvBHjvvr -QmyRoOOHLqTJ3onxXRkKIKGO6a0ruX6mh62RgAtcfB6TZxC0yMU9FnJOieU9/a8OXrXoqsA9u5kM -Ri5KO+ad4w0FOeyP7Ya+s0ZrdNzFv+Ep7DoeL9gvs50Z4k0FMf854MwvwnK+BQ/qLdfIRCl5NvCq -i1WDtVOPjahX0mzPQJclWARv9SFfiKmaQwW97P9t3UKgOCCrurA9uigZOqDax3sVmWOrE7kHVS0D -P68gJResLR70mYi6ILfANdBJdM9cj48mX3Cvgs7hch2MSaFabUnH/G0MDZmp8XNF87N6eMJ5bkrU -uiPNzvV3oh6W527kARH84TvYzH/c6+5dsQEpYTtEbLR+23xuNgB71aK4nrpQnaSeYlA2JW1uXg2A -6Qi97Zfmbg2DD9ItUFJM27C+fUA5XbTCOILYwLPP9wEi6d+vo/xRuN+xBG1DNtV8mTROYki4LOWf -4Djru2RQWSBrqspaMmWC+jh5uQyxxqVxxHzg+nyTFvedKaU7CdnKp/4wF29c17l876R+1ApIZA8C -UN6NuElgMfH4l0TdwEXe4VO0rcSt9b+loSDu962BbDhG4qlky1hDdr3aYbKV6xrdlIS0GQzPeovX -3WgtjE9pvtA0/U0LP8tjkjDkM8+oK4R5rmiZHxpRKmuIcC0EIeXvWKh8RxYg0B1d7tW4SWnOpsdH -M84ym4A18EQ2Nch0aogmYodfsqhv4vX1llyoYJj3wdmP70vjOul2N4cs+ZyFnWZjMJ1JxjMoEJvU -u0+p8GPAkzUhCoeocRibdt8P6cadpBubH2JOWbNpFVqtNQA2J9fRvAc/ZOU72AxTc85E4rsMJvxE -qBXf6D+EvzpFQOchYVQH1bHMY8jFnXDLCMkVnuV4EizQMKQ3EQsFOo2bsV7Z+dNjAMZl8ODB2QOt -ayX7IlNZs4F48SuSZ8IOk2zj3BysBlVAoIDncZ3knYZGyKpnj8NlogoAHSaYFLdSnSIJTY7qa/8/ -Cmv9CKk8tYk+3IJPDn+SsvAvtOLmBaCmTZ42P6OWsRBiEZucTENSXIo1oYxlQkm5Y+WWYVEnNK1r -QrCOETVrIH1Y1XnhWRjOXhSnr46VOoVRefePzRL0a+6OkwUhmmvB48lcAw4XvnBrdA90tCpbSBsn -ZV+/WVWQJovQGOk9WoSM96GcnmqxETI80Y5PgM+Ta1Fz0AQ3kRPlCdaBBgH5Gi8Vy2tXWhW8RNtZ -ysq2vzv7edNSyLLLmf8cq3iYjzCThfXHbu5EeXnMna6YJ4z35si+zzYz4qb/Au5+09MaPWZn40m3 -hR+fQMdsyfnMH9MAAAABAAVYLjUwOQAAAxowggMWMIIB/gIJAKofXQItdxtQMA0GCSqGSIb3DQEB -CwUAME0xCzAJBgNVBAYTAlNFMQowCAYDVQQIDAEwMQowCAYDVQQHDAEwMQowCAYDVQQKDAEwMQww -CgYDVQQLDANFU1QxDDAKBgNVBAMMA0VTVDAeFw0xOTA0MDQwODAyNDBaFw0yMDA0MDMwODAyNDBa -ME0xCzAJBgNVBAYTAlNFMQowCAYDVQQIDAEwMQowCAYDVQQHDAEwMQowCAYDVQQKDAEwMQwwCgYD -VQQLDANFU1QxDDAKBgNVBAMMA0VTVDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMBj -vAz2SF3s4hpmx9m/wTNZSctN6nNLHqGUC+NJtT9kGmr3hA4la3baFBBIcD5V2XzXzg+jI4pf6pF9 -sokK3ICtu/QOhaOW/XpY2z3fwD/RMYWH7rEDjrj8ZCY/8BcS4jS1JrYYSBeSFnS7Lo+Z2r7ywPph -xHJUJ6otOrxupKphuk+sqdtmx3eXs/OlgJmBkt9agQ1Due5P4LuPikYac8qkafi5uKxxXedMjqfB -TX0A17FOiKQgvW/XzP6Al29rxC0qKHl2337ZAm4nqU9zBNrvFWQya5XKvkVfAvXXIgiApG2SdY5t -TsGNwqRA4bfGdZdlM3MtX+2HwYIJYm5EU9sCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAZlrbePTi -+CFlj7/zUXJGyh4mzyj1oN4rkotP0lSlFpmW7gARdI0jegSF6dyhxzTsNOd1/HDt5IAudMP2JsZT -GdHIS+C1bn3lqNvsDdO0QoawXNcW9qvL1F1WbpFEDgG3LxTItbvlmkCV9ze3AKaxHAqNKFd433Ri -feyOlwRTzerx9kFTfkLGuCtbfiCmE+27NnuS8IkaOFgh8ixNxY5u8MZRE62VGFvzDa/UrgbdRx/A -NMGLEr97rWYxRuGipXKgxiBK5TiJ1j6fgS+OzkjBqVczV1pRmYIYZmit4P/1pKkMR5RadDK+pgLR -hjRUmQ575Yjolnavj0G1G2X+PFYNQjQTEe5O+fUWVi3/D8Pv8h1JUuzJ diff --git a/datafile-app-server/config/ftp.jks.b64 b/datafile-app-server/config/ftp.jks.b64 deleted file mode 100644 index 59c651c2..00000000 --- a/datafile-app-server/config/ftp.jks.b64 +++ /dev/null @@ -1,15 +0,0 @@ -/u3+7QAAAAIAAAABAAAAAgAEZnRwMQAAAWnnacXXAAVYLjUwOQAAAxowggMWMIIB/gIJANqIa95Y -5eo2MA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAlNFMQowCAYDVQQIDAEwMQowCAYDVQQHDAEw -MQowCAYDVQQKDAEwMQwwCgYDVQQLDANFU1QxDDAKBgNVBAMMA0VTVDAeFw0xOTA0MDQwODAyNDBa -Fw0yMDA0MDMwODAyNDBaME0xCzAJBgNVBAYTAlNFMQowCAYDVQQIDAEwMQowCAYDVQQHDAEwMQow -CAYDVQQKDAEwMQwwCgYDVQQLDANFU1QxDDAKBgNVBAMMA0VTVDCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANKwXuU3+Bel69CkaPxb/eDeH0BU4Tzdnj3IkB3IgcU9DPo8j5sq61h05EJR -mTOyXZ96AvOReXgKahUiQlEEvVJmTNBcp75+N+5Gv09AoIKWn8sDXrVBqT72nPY5zWV8tuAR2/bZ -EuOLdqQJCyjcb2+XH6ssc9GBt7DSKJNWIk+/cIfCJjz23VqLXj04TLCGOwkEmMGiPp+/F++/jpCY -rsW5XlPPS9Mv94H9n0/uOb63AdHP0B7iz3tzpSFsUpp8cuvB0wr7LPup7nm2mC2EKCh515IHSBdY -iJLtFjXx0Q0lQH8UC3rgt86IoGXRpRtxA6BSKeiuEI3yBw1Ofseuf7UCAwEAATANBgkqhkiG9w0B -AQsFAAOCAQEApUYeRMt7lH98b8LumvGKScP5Bej1YAJxk1Uoy4qGknBCHWLBziHi2r2WP/+CLJGu -37I9VAXylFOIh157AtXJ/k7W6DHNvrxS0fNUlYPqigWoabI8WSZY50u+2BtqwY9m87rLwdkDeTEq -A41thwvSx21Famnlv4pMTK83/nSMC2+QH/CVp556aB1F2xJVmqDWnx1R8XqPcCXOy59/tjMRkRk+ -gkph1vW+KS+PbX4t3NMNKPlZGeg9ZdCF1NOo3n9M0xlEcmn9RljqFWZAv4gupVgaI4+i1/EY1TKj -5awonBl9merhp2EHN1IgiwMJkHfg2PP+qMheHfTv+x41ZaE0XIOl7YMTJ/iF3cyG/jWBQMzjwiGG diff --git a/datafile-app-server/dpo/blueprints/k8s-datafile.yaml b/datafile-app-server/dpo/blueprints/k8s-datafile.yaml index 8b782808..cf85500f 100644 --- a/datafile-app-server/dpo/blueprints/k8s-datafile.yaml +++ b/datafile-app-server/dpo/blueprints/k8s-datafile.yaml @@ -65,10 +65,10 @@ node_templates: dmaap_info: <> type: data_router streams_subscribes: {} - dmaap.ftpesConfig.keyCert: /opt/app/datafile/config/dfc.jks - dmaap.ftpesConfig.keyPassword: secret - dmaap.ftpesConfig.trustedCa: /opt/app/datafile/config/ftp.jks - dmaap.ftpesConfig.trustedCaPassword: secret + dmaap.ftpesConfig.keyCert: /opt/app/datafile/config/cert.jks + dmaap.ftpesConfig.keyPasswordPath: /opt/app/datafile/config/jks.pass + dmaap.ftpesConfig.trustedCa: /opt/app/datafile/config/trust.jks + dmaap.ftpesConfig.trustedCaPasswordPath: /opt/app/datafile/etc/cert/trust.pass dmaap.security.enableDmaapCertAuth: false dmaap.security.keyStorePasswordPath: /opt/app/datafile/etc/cert/key.pass dmaap.security.keyStorePath: /opt/app/datafile/etc/cert/key.p12 diff --git a/datafile-app-server/dpo/spec/datafile-component-spec.json b/datafile-app-server/dpo/spec/datafile-component-spec.json index 9dafbfd3..6047a7c0 100644 --- a/datafile-app-server/dpo/spec/datafile-component-spec.json +++ b/datafile-app-server/dpo/spec/datafile-component-spec.json @@ -62,8 +62,8 @@ "required": true }, { - "name": "dmaap.ftpesConfig.keyPassword", - "value": "secret", + "name": "dmaap.ftpesConfig.keyPasswordPath", + "value": "/opt/app/datafile/etc/cert/jks.pass", "description": "", "designer_editable": true, "sourced_at_deployment": false, @@ -73,7 +73,7 @@ }, { "name": "dmaap.ftpesConfig.trustedCa", - "value": "/opt/app/datafile/config/ftp.jks", + "value": "/opt/app/datafile/config/cert.jks", "description": "", "designer_editable": true, "sourced_at_deployment": false, @@ -82,8 +82,8 @@ "required": true }, { - "name": "dmaap.ftpesConfig.trustedCaPassword", - "value": "secret", + "name": "dmaap.ftpesConfig.trustedCaPasswordPath", + "value": "/opt/app/datafile/etc/cert/trust.pass", "description": "", "designer_editable": true, "sourced_at_deployment": false, @@ -113,7 +113,7 @@ }, { "name": "dmaap.security.keyStorePath", - "value": "/opt/app/datafile/etc/cert/key.p12", + "value": "/opt/app/datafile/etc/cert/cert.jks", "description": "", "designer_editable": true, "sourced_at_deployment": false, @@ -123,7 +123,7 @@ }, { "name": "dmaap.security.keyStorePasswordPath", - "value": "/opt/app/datafile/etc/cert/key.pass", + "value": "/opt/app/datafile/etc/cert/jks.pass", "description": "", "designer_editable": true, "sourced_at_deployment": false, diff --git a/datafile-app-server/dpo/tosca_models/schema.yaml b/datafile-app-server/dpo/tosca_models/schema.yaml index 588e5824..474af7ac 100644 --- a/datafile-app-server/dpo/tosca_models/schema.yaml +++ b/datafile-app-server/dpo/tosca_models/schema.yaml @@ -508,11 +508,11 @@ node_types: type: string ftp.ftpesConfiguration.keyCert: type: string - ftp.ftpesConfiguration.keyPassword: + ftp.ftpesConfiguration.keyPasswordPath: type: string ftp.ftpesConfiguration.trustedCa: type: string - ftp.ftpesConfiguration.trustedCaPassword: + ftp.ftpesConfiguration.trustedCaPasswordPath: type: string security.enableDmaapCertAuth: type: string diff --git a/datafile-app-server/dpo/tosca_models/template.yaml b/datafile-app-server/dpo/tosca_models/template.yaml index e1813003..a1fdadb7 100644 --- a/datafile-app-server/dpo/tosca_models/template.yaml +++ b/datafile-app-server/dpo/tosca_models/template.yaml @@ -17,18 +17,18 @@ topology_template: properties: datafile.policy: '' dmaap.dmaapProducerConfiguration: '[{''changeIdentifier'': ''PM_MEAS_FILES'', ''feedName'': ''bulk_pm_feed''}]' - ftp.ftpesConfiguration.keyCert: config/dfc.jks - ftp.ftpesConfiguration.keyPassword: secret - ftp.ftpesConfiguration.trustedCa: config/ftp.jks - ftp.ftpesConfiguration.trustedCaPassword: secret + ftp.ftpesConfiguration.keyCert: /opt/app/datafile/etc/cert/cert.jks + ftp.ftpesConfiguration.keyPasswordPath: /opt/app/datafile/etc/cert/jks.pass + ftp.ftpesConfiguration.trustedCa: /opt/app/datafile/etc/cert/trust.jks + ftp.ftpesConfiguration.trustedCaPasswordPath: /opt/app/datafile/etc/cert/trust.pass location_id: get_property: - SELF - composition - location_id - security.enableDmaapCertAuth: 'False' - security.keyStorePasswordPath: /opt/app/datafile/etc/cert/key.pass - security.keyStorePath: /opt/app/datafile/etc/cert/key.p12 + security.enableDmaapCertAuth: 'false' + security.keyStorePasswordPath: /opt/app/datafile/etc/cert/jks.pass + security.keyStorePath: /opt/app/datafile/etc/cert/cert.jks security.trustStorePasswordPath: /opt/app/datafile/etc/cert/trust.pass security.trustStorePath: /opt/app/datafile/etc/cert/trust.jks service_name: datafile diff --git a/datafile-app-server/dpo/tosca_models/translate.yaml b/datafile-app-server/dpo/tosca_models/translate.yaml index 17c36aea..35036df7 100644 --- a/datafile-app-server/dpo/tosca_models/translate.yaml +++ b/datafile-app-server/dpo/tosca_models/translate.yaml @@ -20,11 +20,11 @@ topology_template: type: string ftp.ftpesConfiguration.keyCert: type: string - ftp.ftpesConfiguration.keyPassword: + ftp.ftpesConfiguration.keyPasswordPath: type: string ftp.ftpesConfiguration.trustedCa: type: string - ftp.ftpesConfiguration.trustedCaPassword: + ftp.ftpesConfiguration.trustedCaPasswordPath: type: string image: type: string diff --git a/datafile-app-server/src/main/docker/Dockerfile b/datafile-app-server/src/main/docker/Dockerfile index 7343128a..bfd952e0 100644 --- a/datafile-app-server/src/main/docker/Dockerfile +++ b/datafile-app-server/src/main/docker/Dockerfile @@ -24,18 +24,13 @@ RUN mkdir -p /var/log/ONAP ADD /target/datafile-app-server.jar /opt/app/datafile/ ADD /config/application.yaml /opt/app/datafile/config/ -ADD /config/dfc.jks.b64 /opt/app/datafile/config/ -ADD /config/ftp.jks.b64 /opt/app/datafile/config/ EXPOSE 8100 8433 RUN addgroup -S onap && adduser -S datafile -G onap -RUN chown -R datafile:onap /opt/app/datafile RUN chown -R datafile:onap /var/log/ONAP -RUN base64 -d /opt/app/datafile/config/dfc.jks.b64 > /opt/app/datafile/config/dfc.jks && base64 -d /opt/app/datafile/config/ftp.jks.b64 > /opt/app/datafile/config/ftp.jks -RUN chown -R datafile:onap /opt/app/datafile/config/* -RUN chmod -R 755 /opt/app/datafile/config/ +RUN chmod -R 777 /opt/app/datafile/config/ USER datafile -ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"] +ENTRYPOINT ["/usr/bin/java", "-jar", "/opt/app/datafile/datafile-app-server.jar"] \ No newline at end of file diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java index 58081a89..21c51566 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java @@ -217,7 +217,7 @@ public class AppConfig { } private synchronized void setConfiguration(@NotNull ConsumerConfiguration consumerConfiguration, - @NotNull Map publisherConfiguration, @NotNull FtpesConfig ftpesConfig) { + @NotNull Map publisherConfiguration, @NotNull FtpesConfig ftpesConfig) { this.dmaapConsumerConfiguration = consumerConfiguration; this.publishingConfigurations = publisherConfiguration; this.ftpesConfiguration = ftpesConfig; diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java index fc550ab0..23197025 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java @@ -25,11 +25,10 @@ import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; +import java.util.Set; import javax.validation.constraints.NotNull; -import java.util.Set; - import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException; /** @@ -56,7 +55,8 @@ public class CloudConfigParser { /** * Get the publisher configurations. * - * @return a map with change identifier as key and the connected publisher configuration as value. + * @return a map with change identifier as key and the connected publisher configuration as + * value. * * @throws DatafileTaskException if a member of the configuration is missing. */ @@ -122,9 +122,9 @@ public class CloudConfigParser { public @NotNull FtpesConfig getFtpesConfig() throws DatafileTaskException { return new ImmutableFtpesConfig.Builder() // .keyCert(getAsString(jsonObject, "dmaap.ftpesConfig.keyCert")) - .keyPassword(getAsString(jsonObject, "dmaap.ftpesConfig.keyPassword")) + .keyPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.keyPasswordPath")) .trustedCa(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCa")) - .trustedCaPassword(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPassword")) // + .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPasswordPath")) // .build(); } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java index e12365e4..e7107976 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java @@ -39,12 +39,12 @@ public abstract class FtpesConfig implements Serializable { @Value.Parameter @Value.Redacted - public abstract String keyPassword(); + public abstract String keyPasswordPath(); @Value.Parameter public abstract String trustedCa(); @Value.Parameter @Value.Redacted - public abstract String trustedCaPassword(); + public abstract String trustedCaPasswordPath(); } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java index 2d126ff8..76eb8637 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java @@ -21,7 +21,9 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -58,34 +60,34 @@ public class FtpsClient implements FileCollectClient { private static TrustManager theTrustManager = null; private final String keyCertPath; - private final String keyCertPassword; + private final String keyCertPasswordPath; private final Path trustedCaPath; - private final String trustedCaPassword; + private final String trustedCaPasswordPath; /** * Constructor. * * @param fileServerData info needed to connect to the PNF. * @param keyCertPath path to DFC's key cert. - * @param keyCertPassword password for DFC's key cert. + * @param keyCertPasswordPath path of file containing password for DFC's key cert. * @param trustedCaPath path to the PNF's trusted keystore. - * @param trustedCaPassword password for the PNF's trusted keystore. + * @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore. */ - public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPassword, Path trustedCaPath, - String trustedCaPassword) { + public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath, + String trustedCaPasswordPath) { this.fileServerData = fileServerData; this.keyCertPath = keyCertPath; - this.keyCertPassword = keyCertPassword; + this.keyCertPasswordPath = keyCertPasswordPath; this.trustedCaPath = trustedCaPath; - this.trustedCaPassword = trustedCaPassword; + this.trustedCaPasswordPath = trustedCaPasswordPath; } @Override public void open() throws DatafileTaskException { try { realFtpsClient.setNeedClientAuth(true); - realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPassword)); - realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPassword)); + realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath)); + realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath)); setUpConnection(); } catch (DatafileTaskException e) { throw e; @@ -185,8 +187,15 @@ public class FtpsClient implements FileCollectClient { return output; } - protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPassword) + protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPasswordPath) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException { + String trustedCaPassword = ""; + try { + trustedCaPassword = new String(Files.readAllBytes(Paths.get(trustedCaPasswordPath))); + } catch (IOException e) { + logger.error("Truststore password file at path: {} cannot be opened ", trustedCaPasswordPath); + e.printStackTrace(); + } synchronized (FtpsClient.class) { if (theTrustManager == null) { theTrustManager = createTrustManager(trustedCaPath, trustedCaPassword); @@ -195,8 +204,16 @@ public class FtpsClient implements FileCollectClient { } } - protected KeyManager createKeyManager(String keyCertPath, String keyCertPassword) + protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath) throws IOException, GeneralSecurityException { + String keyCertPassword = ""; + try { + keyCertPassword = new String(Files.readAllBytes(Paths.get(keyCertPasswordPath))); + } catch (IOException e) { + logger.error("Keystore password file at path: {} cannot be opened ", keyCertPasswordPath); + e.printStackTrace(); + } + return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword); } } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java index bccbb5fc..a1f8a66e 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java @@ -159,7 +159,7 @@ public class FileCollector { protected FtpsClient createFtpsClient(FileData fileData) { FtpesConfig config = datafileAppConfig.getFtpesConfiguration(); - return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPassword(), - Paths.get(config.trustedCa()), config.trustedCaPassword()); + return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(), + Paths.get(config.trustedCa()), config.trustedCaPasswordPath()); } } diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java index c20dc2f3..d0f02d69 100644 --- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java +++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfigTest.java @@ -121,10 +121,10 @@ public class AppConfigTest { private static final ImmutableFtpesConfig CORRECT_FTPES_CONFIGURATION = // new ImmutableFtpesConfig.Builder() // - .keyCert("/config/dfc.jks") // - .keyPassword("secret") // - .trustedCa("config/ftp.jks") // - .trustedCaPassword("secret") // + .keyCert("/src/test/resources/dfc.jks") // + .keyPasswordPath("/src/test/resources/dfc.jks.pass") // + .trustedCa("/src/test/resources/ftp.jks") // + .trustedCaPasswordPath("/src/test/resources/ftp.jks.pass") // .build(); private static final ImmutableDmaapPublisherConfiguration CORRECT_DMAAP_PUBLISHER_CONFIG = // @@ -270,7 +270,7 @@ public class AppConfigTest { } @Test - public void whenPeriodicConfigRefreshNoConsul() { + public void whenPeriodicConfigRefreshNoConsul() { EnvProperties props = properties(); doReturn(Mono.just(props)).when(appConfigUnderTest).getEnvironment(any(), any()); diff --git a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java index 2534f645..e5523251 100644 --- a/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java +++ b/datafile-app-server/src/test/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollectorTest.java @@ -83,9 +83,9 @@ public class FileCollectorTest { private static final String FILE_FORMAT_VERSION = "V10"; private static final String FTP_KEY_PATH = "ftpKeyPath"; - private static final String FTP_KEY_PASSWORD = "ftpKeyPassword"; + private static final String FTP_KEY_PASSWORD_PATH = "ftpKeyPassword"; private static final String TRUSTED_CA_PATH = "trustedCAPath"; - private static final String TRUSTED_CA_PASSWORD = "trustedCAPassword"; + private static final String TRUSTED_CA_PASSWORD_PATH = "trustedCAPassword"; private static final String CHANGE_IDENTIFIER = "PM_MEAS_FILES"; private static AppConfig appConfigMock = mock(AppConfig.class); @@ -146,9 +146,9 @@ public class FileCollectorTest { static void setUpConfiguration() { when(appConfigMock.getFtpesConfiguration()).thenReturn(ftpesConfigMock); when(ftpesConfigMock.keyCert()).thenReturn(FTP_KEY_PATH); - when(ftpesConfigMock.keyPassword()).thenReturn(FTP_KEY_PASSWORD); + when(ftpesConfigMock.keyPasswordPath()).thenReturn(FTP_KEY_PASSWORD_PATH); when(ftpesConfigMock.trustedCa()).thenReturn(TRUSTED_CA_PATH); - when(ftpesConfigMock.trustedCaPassword()).thenReturn(TRUSTED_CA_PASSWORD); + when(ftpesConfigMock.trustedCaPasswordPath()).thenReturn(TRUSTED_CA_PASSWORD_PATH); } @BeforeEach diff --git a/datafile-app-server/src/test/resources/datafile_endpoints_test.json b/datafile-app-server/src/test/resources/datafile_endpoints_test.json index 8913dc48..58f4eb89 100644 --- a/datafile-app-server/src/test/resources/datafile_endpoints_test.json +++ b/datafile-app-server/src/test/resources/datafile_endpoints_test.json @@ -1,10 +1,10 @@ { "config": { "//description": "This file is only used for testing purposes", - "dmaap.ftpesConfig.keyCert": "/config/dfc.jks", - "dmaap.ftpesConfig.keyPassword": "secret", - "dmaap.ftpesConfig.trustedCa": "config/ftp.jks", - "dmaap.ftpesConfig.trustedCaPassword": "secret", + "dmaap.ftpesConfig.keyCert": "/src/test/resources/dfc.jks", + "dmaap.ftpesConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass", + "dmaap.ftpesConfig.trustedCa": "/src/test/resources/ftp.jks", + "dmaap.ftpesConfig.trustedCaPasswordPath": "/src/test/resources/ftp.jks.pass", "dmaap.security.trustStorePath": "trustStorePath", "dmaap.security.trustStorePasswordPath": "trustStorePasswordPath", "dmaap.security.keyStorePath": "keyStorePath", diff --git a/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json b/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json index 61b324ce..40c28dde 100644 --- a/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json +++ b/datafile-app-server/src/test/resources/datafile_endpoints_test_2producers.json @@ -1,10 +1,10 @@ { "config": { "//description": "This file is only used for testing purposes", - "dmaap.ftpesConfig.keyCert": "/config/dfc.jks", - "dmaap.ftpesConfig.keyPassword": "secret", - "dmaap.ftpesConfig.trustedCa": "config/ftp.jks", - "dmaap.ftpesConfig.trustedCaPassword": "secret", + "dmaap.ftpesConfig.keyCert": "/src/test/resources/dfc.jks", + "dmaap.ftpesConfig.keyPasswordPath": "/src/test/resources/dfc.jks.pass", + "dmaap.ftpesConfig.trustedCa": "/src/test/resources/ftp.jks", + "dmaap.ftpesConfig.trustedCaPasswordPath": "/src/test/resources/ftp.jks.pass", "dmaap.security.trustStorePath": "trustStorePath", "dmaap.security.trustStorePasswordPath": "trustStorePasswordPath", "dmaap.security.keyStorePath": "keyStorePath", diff --git a/datafile-app-server/src/test/resources/dfc.jks b/datafile-app-server/src/test/resources/dfc.jks new file mode 100644 index 00000000..cdd1191b Binary files /dev/null and b/datafile-app-server/src/test/resources/dfc.jks differ diff --git a/datafile-app-server/src/test/resources/dfc.jks.pass b/datafile-app-server/src/test/resources/dfc.jks.pass new file mode 100644 index 00000000..d97c5ead --- /dev/null +++ b/datafile-app-server/src/test/resources/dfc.jks.pass @@ -0,0 +1 @@ +secret diff --git a/datafile-app-server/src/test/resources/ftp.jks b/datafile-app-server/src/test/resources/ftp.jks new file mode 100644 index 00000000..427ea231 Binary files /dev/null and b/datafile-app-server/src/test/resources/ftp.jks differ diff --git a/datafile-app-server/src/test/resources/ftp.jks.pass b/datafile-app-server/src/test/resources/ftp.jks.pass new file mode 100644 index 00000000..d97c5ead --- /dev/null +++ b/datafile-app-server/src/test/resources/ftp.jks.pass @@ -0,0 +1 @@ +secret -- cgit 1.2.3-korg