From 6c925362213b8f05612b309fb50fa4c0b5650224 Mon Sep 17 00:00:00 2001 From: ecaiyanlinux Date: Fri, 6 Sep 2019 15:24:59 +0000 Subject: TLS init container usage Change-Id: Iec51c722f6a3a519fd7eb0f37f8b801eebbc039b Issue-ID: DCAEGEN2-1702 Signed-off-by: ecaiyanlinux --- .../datafile/configuration/AppConfig.java | 2 +- .../datafile/configuration/CloudConfigParser.java | 10 +++--- .../datafile/configuration/FtpesConfig.java | 4 +-- .../collectors/datafile/ftp/FtpsClient.java | 41 +++++++++++++++------- .../collectors/datafile/tasks/FileCollector.java | 4 +-- 5 files changed, 39 insertions(+), 22 deletions(-) (limited to 'datafile-app-server/src/main/java/org/onap') diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java index 58081a89..21c51566 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/AppConfig.java @@ -217,7 +217,7 @@ public class AppConfig { } private synchronized void setConfiguration(@NotNull ConsumerConfiguration consumerConfiguration, - @NotNull Map publisherConfiguration, @NotNull FtpesConfig ftpesConfig) { + @NotNull Map publisherConfiguration, @NotNull FtpesConfig ftpesConfig) { this.dmaapConsumerConfiguration = consumerConfiguration; this.publishingConfigurations = publisherConfiguration; this.ftpesConfiguration = ftpesConfig; diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java index fc550ab0..23197025 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/CloudConfigParser.java @@ -25,11 +25,10 @@ import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Map.Entry; +import java.util.Set; import javax.validation.constraints.NotNull; -import java.util.Set; - import org.onap.dcaegen2.collectors.datafile.exceptions.DatafileTaskException; /** @@ -56,7 +55,8 @@ public class CloudConfigParser { /** * Get the publisher configurations. * - * @return a map with change identifier as key and the connected publisher configuration as value. + * @return a map with change identifier as key and the connected publisher configuration as + * value. * * @throws DatafileTaskException if a member of the configuration is missing. */ @@ -122,9 +122,9 @@ public class CloudConfigParser { public @NotNull FtpesConfig getFtpesConfig() throws DatafileTaskException { return new ImmutableFtpesConfig.Builder() // .keyCert(getAsString(jsonObject, "dmaap.ftpesConfig.keyCert")) - .keyPassword(getAsString(jsonObject, "dmaap.ftpesConfig.keyPassword")) + .keyPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.keyPasswordPath")) .trustedCa(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCa")) - .trustedCaPassword(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPassword")) // + .trustedCaPasswordPath(getAsString(jsonObject, "dmaap.ftpesConfig.trustedCaPasswordPath")) // .build(); } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java index e12365e4..e7107976 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/configuration/FtpesConfig.java @@ -39,12 +39,12 @@ public abstract class FtpesConfig implements Serializable { @Value.Parameter @Value.Redacted - public abstract String keyPassword(); + public abstract String keyPasswordPath(); @Value.Parameter public abstract String trustedCa(); @Value.Parameter @Value.Redacted - public abstract String trustedCaPassword(); + public abstract String trustedCaPasswordPath(); } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java index 2d126ff8..76eb8637 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/ftp/FtpsClient.java @@ -21,7 +21,9 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -58,34 +60,34 @@ public class FtpsClient implements FileCollectClient { private static TrustManager theTrustManager = null; private final String keyCertPath; - private final String keyCertPassword; + private final String keyCertPasswordPath; private final Path trustedCaPath; - private final String trustedCaPassword; + private final String trustedCaPasswordPath; /** * Constructor. * * @param fileServerData info needed to connect to the PNF. * @param keyCertPath path to DFC's key cert. - * @param keyCertPassword password for DFC's key cert. + * @param keyCertPasswordPath path of file containing password for DFC's key cert. * @param trustedCaPath path to the PNF's trusted keystore. - * @param trustedCaPassword password for the PNF's trusted keystore. + * @param trustedCaPasswordPath path of file containing password for the PNF's trusted keystore. */ - public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPassword, Path trustedCaPath, - String trustedCaPassword) { + public FtpsClient(FileServerData fileServerData, String keyCertPath, String keyCertPasswordPath, Path trustedCaPath, + String trustedCaPasswordPath) { this.fileServerData = fileServerData; this.keyCertPath = keyCertPath; - this.keyCertPassword = keyCertPassword; + this.keyCertPasswordPath = keyCertPasswordPath; this.trustedCaPath = trustedCaPath; - this.trustedCaPassword = trustedCaPassword; + this.trustedCaPasswordPath = trustedCaPasswordPath; } @Override public void open() throws DatafileTaskException { try { realFtpsClient.setNeedClientAuth(true); - realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPassword)); - realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPassword)); + realFtpsClient.setKeyManager(createKeyManager(keyCertPath, keyCertPasswordPath)); + realFtpsClient.setTrustManager(getTrustManager(trustedCaPath, trustedCaPasswordPath)); setUpConnection(); } catch (DatafileTaskException e) { throw e; @@ -185,8 +187,15 @@ public class FtpsClient implements FileCollectClient { return output; } - protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPassword) + protected TrustManager getTrustManager(Path trustedCaPath, String trustedCaPasswordPath) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException { + String trustedCaPassword = ""; + try { + trustedCaPassword = new String(Files.readAllBytes(Paths.get(trustedCaPasswordPath))); + } catch (IOException e) { + logger.error("Truststore password file at path: {} cannot be opened ", trustedCaPasswordPath); + e.printStackTrace(); + } synchronized (FtpsClient.class) { if (theTrustManager == null) { theTrustManager = createTrustManager(trustedCaPath, trustedCaPassword); @@ -195,8 +204,16 @@ public class FtpsClient implements FileCollectClient { } } - protected KeyManager createKeyManager(String keyCertPath, String keyCertPassword) + protected KeyManager createKeyManager(String keyCertPath, String keyCertPasswordPath) throws IOException, GeneralSecurityException { + String keyCertPassword = ""; + try { + keyCertPassword = new String(Files.readAllBytes(Paths.get(keyCertPasswordPath))); + } catch (IOException e) { + logger.error("Keystore password file at path: {} cannot be opened ", keyCertPasswordPath); + e.printStackTrace(); + } + return KeyManagerUtils.createClientKeyManager(new File(keyCertPath), keyCertPassword); } } diff --git a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java index bccbb5fc..a1f8a66e 100644 --- a/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java +++ b/datafile-app-server/src/main/java/org/onap/dcaegen2/collectors/datafile/tasks/FileCollector.java @@ -159,7 +159,7 @@ public class FileCollector { protected FtpsClient createFtpsClient(FileData fileData) { FtpesConfig config = datafileAppConfig.getFtpesConfiguration(); - return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPassword(), - Paths.get(config.trustedCa()), config.trustedCaPassword()); + return new FtpsClient(fileData.fileServerData(), config.keyCert(), config.keyPasswordPath(), + Paths.get(config.trustedCa()), config.trustedCaPasswordPath()); } } -- cgit 1.2.3-korg