summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-04-10 10:32:00 +0200
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-04-10 11:37:50 +0200
commitc138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch)
tree35926c24ef0eb4c770f3592bedc6e4d3cf69c98e
parentd52444107a3c62c1027e35178b76645ceb4d2c4e (diff)
Read passwords from files
Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
-rw-r--r--development/configuration/base.json4
-rw-r--r--development/configuration/local.json4
-rw-r--r--development/docker-compose.yml5
-rw-r--r--development/ssl/.gitignore2
-rwxr-xr-xdevelopment/ssl/gen-certs.sh22
-rw-r--r--dpo/spec/hv-ves-collector.componentspec.json16
-rw-r--r--sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt12
-rw-r--r--sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt4
-rw-r--r--sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt12
-rw-r--r--sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt (renamed from sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt)8
-rw-r--r--sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt63
-rw-r--r--sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt5
-rw-r--r--sources/hv-collector-configuration/src/test/resources/sampleConfig.json4
-rw-r--r--sources/hv-collector-configuration/src/test/resources/test.ks.pass1
-rw-r--r--sources/hv-collector-configuration/src/test/resources/trust.ks.pass1
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt11
-rw-r--r--sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt (renamed from sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt)13
-rw-r--r--sources/hv-collector-ssl/src/test/resources/ssl/password1
-rw-r--r--sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt8
19 files changed, 118 insertions, 78 deletions
diff --git a/development/configuration/base.json b/development/configuration/base.json
index 1b723b72..9bf9194b 100644
--- a/development/configuration/base.json
+++ b/development/configuration/base.json
@@ -5,7 +5,7 @@
"cbs.firstRequestDelaySec": 10,
"cbs.requestIntervalSec": 5,
"security.keys.keyStoreFile": "/etc/ves-hv/ssl/server.p12",
- "security.keys.keyStorePassword": "onaponap",
+ "security.keys.keyStorePasswordFile": "/etc/ves-hv/ssl/server.pass",
"security.keys.trustStoreFile": "/etc/ves-hv/ssl/trust.p12",
- "security.keys.trustStorePassword": "onaponap"
+ "security.keys.trustStorePasswordFile": "/etc/ves-hv/ssl/trust.pass"
} \ No newline at end of file
diff --git a/development/configuration/local.json b/development/configuration/local.json
index ebf2f82e..cfaaaa40 100644
--- a/development/configuration/local.json
+++ b/development/configuration/local.json
@@ -5,7 +5,7 @@
"cbs.firstRequestDelaySec": 10,
"cbs.requestIntervalSec": 5,
"security.keys.keyStoreFile": "development/ssl/server.p12",
- "security.keys.keyStorePassword": "onaponap",
+ "security.keys.keyStorePasswordFile": "development/ssl/server.pass",
"security.keys.trustStoreFile": "development/ssl/trust.p12",
- "security.keys.trustStorePassword": "onaponap"
+ "security.keys.trustStorePasswordFile": "development/ssl/server.pass"
}
diff --git a/development/docker-compose.yml b/development/docker-compose.yml
index d135e8b4..9272c618 100644
--- a/development/docker-compose.yml
+++ b/development/docker-compose.yml
@@ -110,8 +110,9 @@ services:
"--ves-host", "ves-hv-collector",
"--ves-port", "6061",
"--key-store", "/etc/ves-hv/client.p12",
- "--key-store-password", "onaponap",
- "--trust-store-password", "onaponap"]
+ "--key-store-password-file", "/etc/ves-hv/client.pass",
+ "--trust-store", "/etc/ves-hv/trust.p12",
+ "--trust-store-password-file", "/etc/ves-hv/trust.pass"]
healthcheck:
test: curl -f http://localhost:6063/health/ready || exit 1
interval: 10s
diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore
index 23888eb0..955c17d1 100644
--- a/development/ssl/.gitignore
+++ b/development/ssl/.gitignore
@@ -4,4 +4,4 @@
*.csr
*.pkcs12
*.p12
-
+*.pass
diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh
index b4f78227..bf28ca02 100755
--- a/development/ssl/gen-certs.sh
+++ b/development/ssl/gen-certs.sh
@@ -1,4 +1,21 @@
#!/usr/bin/env bash
+# ============LICENSE_START=======================================================
+# csit-dcaegen2-collectors-hv-ves
+# ================================================================================
+# Copyright (C) 2018-2019 NOKIA
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
set -eu -o pipefail -o xtrace
@@ -24,6 +41,8 @@ function gen_key() {
keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \
keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \
keytool -alias ${key_name} -importcert ${keystore}
+
+ printf ${STORE_PASS} > ${key_name}.pass
}
@@ -36,10 +55,11 @@ function gen_ca() {
function gen_truststore() {
local trusted_ca="$1"
keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12
+ printf ${STORE_PASS} > ${TRUST}.pass
}
function clean() {
- rm -f *.crt *.p12
+ rm -f *.crt *.p12 *.pass
}
if [[ $# -eq 0 ]]; then
diff --git a/dpo/spec/hv-ves-collector.componentspec.json b/dpo/spec/hv-ves-collector.componentspec.json
index 13dd64a3..d88fd285 100644
--- a/dpo/spec/hv-ves-collector.componentspec.json
+++ b/dpo/spec/hv-ves-collector.componentspec.json
@@ -71,32 +71,32 @@
},
{
"name": "security.keys.keyStoreFile",
- "value": "/etc/ves-hv/ssl/keystore.p12",
+ "value": "/etc/ves-hv/ssl/cert.jks",
"description": "Points to private key store file",
"sourced_at_deployment": false,
"policy_editable": false,
"designer_editable": false
},
{
- "name": "security.keys.keyStorePassword",
- "value": "onaponap",
- "description": "Password for the key store",
+ "name": "security.keys.keyStorePasswordFile",
+ "value": "/etc/ves-hv/ssl/jks.pass",
+ "description": "File which contains password for the key store",
"sourced_at_deployment": false,
"policy_editable": false,
"designer_editable": false
},
{
"name": "security.keys.trustStoreFile",
- "value": "/etc/ves-hv/ssl/truststore.p12",
+ "value": "/etc/ves-hv/ssl/trust.jks",
"description": "Points to trust store file which contains trusted client certificates and/or CAs",
"sourced_at_deployment": false,
"policy_editable": false,
"designer_editable": false
},
{
- "name": "security.keys.trustStorePassword",
- "value": "onaponap",
- "description": "Password for the trust store",
+ "name": "security.keys.trustStorePasswordFile",
+ "value": "/etc/ves-hv/ssl/trust.pass",
+ "description": "File which contains password for the trust store",
"sourced_at_deployment": false,
"policy_editable": false,
"designer_editable": false
diff --git a/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt b/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt
index 1c1a355b..d08f6c09 100644
--- a/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt
+++ b/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt
@@ -91,11 +91,11 @@ enum class CommandLineOption(val option: Option, val required: Boolean = false)
.desc("Key store in PKCS12 format")
.build()
),
- KEY_STORE_PASSWORD(
+ KEY_STORE_PASSWORD_FILE(
Option.builder("kp")
- .longOpt("key-store-password")
+ .longOpt("key-store-password-file")
.hasArg()
- .desc("Key store password")
+ .desc("File with key store password")
.build()
),
TRUST_STORE_FILE(
@@ -105,11 +105,11 @@ enum class CommandLineOption(val option: Option, val required: Boolean = false)
.desc("File with trusted certificate bundle in PKCS12 format")
.build()
),
- TRUST_STORE_PASSWORD(
+ TRUST_STORE_PASSWORD_FILE(
Option.builder("tp")
- .longOpt("trust-store-password")
+ .longOpt("trust-store-password-file")
.hasArg()
- .desc("Trust store password")
+ .desc("File with trust store password")
.build()
),
MAXIMUM_PAYLOAD_SIZE_BYTES(
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt
index 56e48038..e6707825 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt
@@ -39,9 +39,9 @@ internal class ConfigurationMerger {
sslDisable = base.sslDisable.updateToGivenOrNone(update.sslDisable),
keyStoreFile = base.keyStoreFile.updateToGivenOrNone(update.keyStoreFile),
- keyStorePassword = base.keyStorePassword.updateToGivenOrNone(update.keyStorePassword),
+ keyStorePasswordFile = base.keyStorePasswordFile.updateToGivenOrNone(update.keyStorePasswordFile),
trustStoreFile = base.trustStoreFile.updateToGivenOrNone(update.trustStoreFile),
- trustStorePassword = base.trustStorePassword.updateToGivenOrNone(update.trustStorePassword),
+ trustStorePasswordFile = base.trustStorePasswordFile.updateToGivenOrNone(update.trustStorePasswordFile),
streamPublishers = base.streamPublishers.updateToGivenOrNone(update.streamPublishers),
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt
index 613ae302..f4ce592f 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt
@@ -120,22 +120,22 @@ internal class ConfigurationValidator {
SecurityConfiguration(
createSecurityKeys(
File(it.keyStoreFile.bind()).toPath(),
- it.keyStorePassword.bind(),
+ File(it.keyStorePasswordFile.bind()).toPath(),
File(it.trustStoreFile.bind()).toPath(),
- it.trustStorePassword.bind()
+ File(it.trustStorePasswordFile.bind()).toPath()
).toOption()
)
}
private fun createSecurityKeys(keyStorePath: Path,
- keyStorePassword: String,
+ keyStorePasswordPath: Path,
trustStorePath: Path,
- trustStorePassword: String) =
+ trustStorePasswordPath: Path) =
ImmutableSecurityKeys.builder()
.keyStore(ImmutableSecurityKeysStore.of(keyStorePath))
- .keyStorePassword(Passwords.fromString(keyStorePassword))
+ .keyStorePassword(Passwords.fromPath(keyStorePasswordPath))
.trustStore(ImmutableSecurityKeysStore.of(trustStorePath))
- .trustStorePassword(Passwords.fromString(trustStorePassword))
+ .trustStorePassword(Passwords.fromPath(trustStorePasswordPath))
.build()
private fun validatedCollectorConfig(partial: PartialConfiguration) =
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt
index d09a52e4..51f6a665 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt
@@ -44,12 +44,12 @@ internal data class PartialConfiguration(
val sslDisable: Option<Boolean> = None,
@SerializedName("security.keys.keyStoreFile")
val keyStoreFile: Option<String> = None,
- @SerializedName("security.keys.keyStorePassword")
- val keyStorePassword: Option<String> = None,
+ @SerializedName("security.keys.keyStorePasswordFile")
+ val keyStorePasswordFile: Option<String> = None,
@SerializedName("security.keys.trustStoreFile")
val trustStoreFile: Option<String> = None,
- @SerializedName("security.keys.trustStorePassword")
- val trustStorePassword: Option<String> = None,
+ @SerializedName("security.keys.trustStorePasswordFile")
+ val trustStorePasswordFile: Option<String> = None,
@SerializedName("logLevel")
val logLevel: Option<LogLevel> = None,
diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt
index 0806e8ca..5495c865 100644
--- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt
+++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt
@@ -36,9 +36,9 @@ import org.onap.dcae.collectors.veshv.utils.logging.LogLevel
import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink
import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys
import java.io.File
+import java.nio.file.Paths
import java.time.Duration
-
internal object ConfigurationValidatorTest : Spek({
describe("ConfigurationValidator") {
val cut = ConfigurationValidator()
@@ -79,10 +79,10 @@ internal object ConfigurationValidatorTest : Spek({
firstRequestDelaySec = Some(defaultFirstReqDelaySec),
requestIntervalSec = Some(defaultRequestIntervalSec),
sslDisable = Some(false),
- keyStoreFile = Some(KEYSTORE),
- keyStorePassword = Some(KEYSTORE_PASSWORD),
- trustStoreFile = Some(TRUSTSTORE),
- trustStorePassword = Some(TRUSTSTORE_PASSWORD),
+ keyStoreFile = Some(keyStore),
+ keyStorePasswordFile = Some(keyStorePassFile),
+ trustStoreFile = Some(trustStore),
+ trustStorePasswordFile = Some(trustStorePassFile),
streamPublishers = Some(sampleStreamsDefinition),
logLevel = Some(LogLevel.TRACE)
)
@@ -101,10 +101,10 @@ internal object ConfigurationValidatorTest : Spek({
val securityKeys = it.security.keys
.getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys
- assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath())
- assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath())
- securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) }
- securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) }
+ assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath())
+ assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath())
+ securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) }
+ securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) }
assertThat(it.cbs.firstRequestDelay)
.isEqualTo(Duration.ofSeconds(defaultFirstReqDelaySec))
@@ -168,10 +168,10 @@ internal object ConfigurationValidatorTest : Spek({
{
val securityKeys = it.security.keys
.getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys
- assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath())
- assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath())
- securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) }
- securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) }
+ assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath())
+ assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath())
+ securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) }
+ securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) }
}
)
}
@@ -185,10 +185,10 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor
firstReqDelaySec: Option<Long> = Some(defaultFirstReqDelaySec),
requestIntervalSec: Option<Long> = Some(defaultRequestIntervalSec),
sslDisable: Option<Boolean> = Some(false),
- keyStoreFile: Option<String> = Some(KEYSTORE),
- keyStorePassword: Option<String> = Some(KEYSTORE_PASSWORD),
- trustStoreFile: Option<String> = Some(TRUSTSTORE),
- trustStorePassword: Option<String> = Some(TRUSTSTORE_PASSWORD),
+ keyStoreFile: Option<String> = Some(keyStore),
+ keyStorePassword: Option<String> = Some(keyStorePassFile),
+ trustStoreFile: Option<String> = Some(trustStore),
+ trustStorePassword: Option<String> = Some(trustStorePassFile),
streamPublishers: Option<List<KafkaSink>> = Some(sampleStreamsDefinition),
logLevel: Option<LogLevel> = Some(LogLevel.INFO)
) = PartialConfiguration(
@@ -198,24 +198,29 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor
requestIntervalSec = requestIntervalSec,
sslDisable = sslDisable,
keyStoreFile = keyStoreFile,
- keyStorePassword = keyStorePassword,
+ keyStorePasswordFile = keyStorePassword,
trustStoreFile = trustStoreFile,
- trustStorePassword = trustStorePassword,
+ trustStorePasswordFile = trustStorePassword,
streamPublishers = streamPublishers,
logLevel = logLevel
)
-const val defaultListenPort = 1234
-const val defaultRequestIntervalSec = 3L
-const val defaultIdleTimeoutSec = 10L
-const val defaultFirstReqDelaySec = 10L
+private fun resourcePathAsString(resource: String) =
+ Paths.get(ConfigurationValidatorTest::class.java.getResource(resource).toURI()).toString()
+
+private const val defaultListenPort = 1234
+private const val defaultRequestIntervalSec = 3L
+private const val defaultIdleTimeoutSec = 10L
+private const val defaultFirstReqDelaySec = 10L
-const val KEYSTORE = "test.ks.pkcs12"
-const val KEYSTORE_PASSWORD = "changeMe"
-const val TRUSTSTORE = "trust.ks.pkcs12"
-const val TRUSTSTORE_PASSWORD = "changeMeToo"
+private const val keyStore = "test.ks.pkcs12"
+private const val trustStore = "trust.ks.pkcs12"
+private const val keyStorePass = "change.me"
+private const val trustStorePass = "change.me.too"
+private val keyStorePassFile = resourcePathAsString("/test.ks.pass")
+private val trustStorePassFile = resourcePathAsString("/trust.ks.pass")
-const val sampleSinkName = "perf3gpp"
+private const val sampleSinkName = "perf3gpp"
const val sampleMaxPayloadSize = 1024
private val sink = mock<KafkaSink>().also {
@@ -224,4 +229,4 @@ private val sink = mock<KafkaSink>().also {
}
private val sampleStreamsDefinition = listOf(sink)
-private val sampleRouting = listOf(Route(sink.name(), sink)) \ No newline at end of file
+private val sampleRouting = listOf(Route(sink.name(), sink))
diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt
index 919f22c1..485ef9a8 100644
--- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt
+++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt
@@ -28,7 +28,6 @@ import org.jetbrains.spek.api.dsl.it
import org.onap.dcae.collectors.veshv.tests.utils.resourceAsStream
import org.onap.dcae.collectors.veshv.utils.logging.LogLevel
import java.io.StringReader
-import java.time.Duration
import kotlin.test.fail
/**
@@ -93,9 +92,9 @@ internal object JsonConfigurationParserTest : Spek({
assertThat(config.sslDisable).isEqualTo(Some(false))
assertThat(config.keyStoreFile).isEqualTo(Some("test.ks.pkcs12"))
- assertThat(config.keyStorePassword).isEqualTo(Some("changeMe"))
+ assertThat(config.keyStorePasswordFile).isEqualTo(Some("test.ks.pass"))
assertThat(config.trustStoreFile).isEqualTo(Some("trust.ks.pkcs12"))
- assertThat(config.trustStorePassword).isEqualTo(Some("changeMeToo"))
+ assertThat(config.trustStorePasswordFile).isEqualTo(Some("trust.ks.pass"))
}
}
}
diff --git a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json
index a5ad52ae..a1eb96a3 100644
--- a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json
+++ b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json
@@ -6,7 +6,7 @@
"cbs.requestIntervalSec": 900,
"security.sslDisable": false,
"security.keys.keyStoreFile": "test.ks.pkcs12",
- "security.keys.keyStorePassword": "changeMe",
+ "security.keys.keyStorePasswordFile": "test.ks.pass",
"security.keys.trustStoreFile": "trust.ks.pkcs12",
- "security.keys.trustStorePassword": "changeMeToo"
+ "security.keys.trustStorePasswordFile": "trust.ks.pass"
} \ No newline at end of file
diff --git a/sources/hv-collector-configuration/src/test/resources/test.ks.pass b/sources/hv-collector-configuration/src/test/resources/test.ks.pass
new file mode 100644
index 00000000..2d96f185
--- /dev/null
+++ b/sources/hv-collector-configuration/src/test/resources/test.ks.pass
@@ -0,0 +1 @@
+change.me \ No newline at end of file
diff --git a/sources/hv-collector-configuration/src/test/resources/trust.ks.pass b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass
new file mode 100644
index 00000000..563231aa
--- /dev/null
+++ b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass
@@ -0,0 +1 @@
+change.me.too \ No newline at end of file
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
index 822d84f1..5981d9d4 100644
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
@@ -22,7 +22,6 @@ package org.onap.dcae.collectors.veshv.ssl.boundary
import arrow.core.None
import arrow.core.Some
import arrow.core.Try
-import arrow.core.getOrElse
import org.apache.commons.cli.CommandLine
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption
import org.onap.dcae.collectors.veshv.commandline.hasOption
@@ -38,7 +37,9 @@ import java.nio.file.Paths
*/
const val KEY_STORE_FILE = "/etc/ves-hv/server.p12"
+const val KEY_STORE_PASSWORD_FILE = "/etc/ves-hv/server.pass"
const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12"
+const val TRUST_STORE_PASSWORD_FILE = "/etc/ves-hv/trust.pass"
fun createSecurityConfiguration(cmdLine: CommandLine): Try<SecurityConfiguration> =
createSecurityConfigurationProvider(cmdLine).map { it() }
@@ -55,15 +56,15 @@ private fun disabledSecurityConfiguration() = SecurityConfiguration(None)
private fun enabledSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration {
val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
- val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" }
+ val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE)
val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
- val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" }
+ val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE)
val keys = ImmutableSecurityKeys.builder()
.keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile)))
- .keyStorePassword(Passwords.fromString(ksPass))
+ .keyStorePassword(Passwords.fromPath(pathFromFile(ksPass)))
.trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile)))
- .trustStorePassword(Passwords.fromString(tsPass))
+ .trustStorePassword(Passwords.fromPath(pathFromFile(tsPass)))
.build()
return SecurityConfiguration(Some(keys))
diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt
index ddb3e357..c7c414f8 100644
--- a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt
+++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt
@@ -20,6 +20,7 @@
package org.onap.dcae.collectors.veshv.ssl.boundary
import com.nhaarman.mockitokotlin2.doReturn
+import com.nhaarman.mockitokotlin2.eq
import com.nhaarman.mockitokotlin2.mock
import com.nhaarman.mockitokotlin2.verify
import com.nhaarman.mockitokotlin2.whenever
@@ -31,15 +32,22 @@ import org.jetbrains.spek.api.dsl.it
import org.jetbrains.spek.api.dsl.on
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption
import org.onap.dcae.collectors.veshv.commandline.hasOption
+import org.onap.dcae.collectors.veshv.commandline.stringValue
+import java.nio.file.Paths
-internal object SecurityUtilsTest : Spek({
+internal object UtilsKtTest : Spek({
describe("creating securty configuration provider") {
on("command line without ssl disable") {
+ val passwordFile = resourcePathAsString("/ssl/password")
val commandLine: CommandLine = mock()
whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false)
+ whenever(commandLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE))
+ .doReturn(passwordFile)
+ whenever(commandLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE))
+ .doReturn(passwordFile)
it("should create configuration with some keys") {
val configuration = createSecurityConfiguration(commandLine)
@@ -63,3 +71,6 @@ internal object SecurityUtilsTest : Spek({
}
}
})
+
+private fun resourcePathAsString(resource: String) =
+ Paths.get(UtilsKtTest::class.java.getResource(resource).toURI()).toString()
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/password b/sources/hv-collector-ssl/src/test/resources/ssl/password
new file mode 100644
index 00000000..e69c2de9
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/password
@@ -0,0 +1 @@
+onaponap \ No newline at end of file
diff --git a/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt b/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
index 28cc0556..7fa23f7f 100644
--- a/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
+++ b/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
@@ -25,12 +25,12 @@ import org.apache.commons.cli.DefaultParser
import org.onap.dcae.collectors.veshv.commandline.ArgBasedConfiguration
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.HEALTH_CHECK_API_PORT
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_FILE
-import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_PASSWORD_FILE
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.LISTEN_PORT
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.MAXIMUM_PAYLOAD_SIZE_BYTES
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.SSL_DISABLE
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_FILE
-import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_PASSWORD_FILE
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.VES_HV_HOST
import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.VES_HV_PORT
import org.onap.dcae.collectors.veshv.commandline.intValue
@@ -55,9 +55,9 @@ internal class ArgXnfSimulatorConfiguration : ArgBasedConfiguration<SimulatorCon
MAXIMUM_PAYLOAD_SIZE_BYTES,
SSL_DISABLE,
KEY_STORE_FILE,
- KEY_STORE_PASSWORD,
+ KEY_STORE_PASSWORD_FILE,
TRUST_STORE_FILE,
- TRUST_STORE_PASSWORD)
+ TRUST_STORE_PASSWORD_FILE)
override fun getConfiguration(cmdLine: CommandLine): Option<SimulatorConfiguration> =
binding {