diff options
author | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2019-04-10 10:32:00 +0200 |
---|---|---|
committer | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2019-04-10 11:37:50 +0200 |
commit | c138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch) | |
tree | 35926c24ef0eb4c770f3592bedc6e4d3cf69c98e | |
parent | d52444107a3c62c1027e35178b76645ceb4d2c4e (diff) |
Read passwords from files
Key- and trust-store passwords should be read from files in order to
work with DCAE tls-init-container.
Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396
Issue-ID: DCAEGEN2-1412
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
19 files changed, 118 insertions, 78 deletions
diff --git a/development/configuration/base.json b/development/configuration/base.json index 1b723b72..9bf9194b 100644 --- a/development/configuration/base.json +++ b/development/configuration/base.json @@ -5,7 +5,7 @@ "cbs.firstRequestDelaySec": 10, "cbs.requestIntervalSec": 5, "security.keys.keyStoreFile": "/etc/ves-hv/ssl/server.p12", - "security.keys.keyStorePassword": "onaponap", + "security.keys.keyStorePasswordFile": "/etc/ves-hv/ssl/server.pass", "security.keys.trustStoreFile": "/etc/ves-hv/ssl/trust.p12", - "security.keys.trustStorePassword": "onaponap" + "security.keys.trustStorePasswordFile": "/etc/ves-hv/ssl/trust.pass" }
\ No newline at end of file diff --git a/development/configuration/local.json b/development/configuration/local.json index ebf2f82e..cfaaaa40 100644 --- a/development/configuration/local.json +++ b/development/configuration/local.json @@ -5,7 +5,7 @@ "cbs.firstRequestDelaySec": 10, "cbs.requestIntervalSec": 5, "security.keys.keyStoreFile": "development/ssl/server.p12", - "security.keys.keyStorePassword": "onaponap", + "security.keys.keyStorePasswordFile": "development/ssl/server.pass", "security.keys.trustStoreFile": "development/ssl/trust.p12", - "security.keys.trustStorePassword": "onaponap" + "security.keys.trustStorePasswordFile": "development/ssl/server.pass" } diff --git a/development/docker-compose.yml b/development/docker-compose.yml index d135e8b4..9272c618 100644 --- a/development/docker-compose.yml +++ b/development/docker-compose.yml @@ -110,8 +110,9 @@ services: "--ves-host", "ves-hv-collector", "--ves-port", "6061", "--key-store", "/etc/ves-hv/client.p12", - "--key-store-password", "onaponap", - "--trust-store-password", "onaponap"] + "--key-store-password-file", "/etc/ves-hv/client.pass", + "--trust-store", "/etc/ves-hv/trust.p12", + "--trust-store-password-file", "/etc/ves-hv/trust.pass"] healthcheck: test: curl -f http://localhost:6063/health/ready || exit 1 interval: 10s diff --git a/development/ssl/.gitignore b/development/ssl/.gitignore index 23888eb0..955c17d1 100644 --- a/development/ssl/.gitignore +++ b/development/ssl/.gitignore @@ -4,4 +4,4 @@ *.csr *.pkcs12 *.p12 - +*.pass diff --git a/development/ssl/gen-certs.sh b/development/ssl/gen-certs.sh index b4f78227..bf28ca02 100755 --- a/development/ssl/gen-certs.sh +++ b/development/ssl/gen-certs.sh @@ -1,4 +1,21 @@ #!/usr/bin/env bash +# ============LICENSE_START======================================================= +# csit-dcaegen2-collectors-hv-ves +# ================================================================================ +# Copyright (C) 2018-2019 NOKIA +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= set -eu -o pipefail -o xtrace @@ -24,6 +41,8 @@ function gen_key() { keytool -certreq -alias ${key_name} -keyalg RSA ${keystore} | \ keytool -alias ${ca} -gencert -ext "san=dns:${CN_PREFIX}-${ca}" ${store_opts} -keystore ${ca}.p12 | \ keytool -alias ${key_name} -importcert ${keystore} + + printf ${STORE_PASS} > ${key_name}.pass } @@ -36,10 +55,11 @@ function gen_ca() { function gen_truststore() { local trusted_ca="$1" keytool -import -trustcacerts -alias ca -file ${trusted_ca}.crt ${store_opts} -keystore ${TRUST}.p12 + printf ${STORE_PASS} > ${TRUST}.pass } function clean() { - rm -f *.crt *.p12 + rm -f *.crt *.p12 *.pass } if [[ $# -eq 0 ]]; then diff --git a/dpo/spec/hv-ves-collector.componentspec.json b/dpo/spec/hv-ves-collector.componentspec.json index 13dd64a3..d88fd285 100644 --- a/dpo/spec/hv-ves-collector.componentspec.json +++ b/dpo/spec/hv-ves-collector.componentspec.json @@ -71,32 +71,32 @@ }, { "name": "security.keys.keyStoreFile", - "value": "/etc/ves-hv/ssl/keystore.p12", + "value": "/etc/ves-hv/ssl/cert.jks", "description": "Points to private key store file", "sourced_at_deployment": false, "policy_editable": false, "designer_editable": false }, { - "name": "security.keys.keyStorePassword", - "value": "onaponap", - "description": "Password for the key store", + "name": "security.keys.keyStorePasswordFile", + "value": "/etc/ves-hv/ssl/jks.pass", + "description": "File which contains password for the key store", "sourced_at_deployment": false, "policy_editable": false, "designer_editable": false }, { "name": "security.keys.trustStoreFile", - "value": "/etc/ves-hv/ssl/truststore.p12", + "value": "/etc/ves-hv/ssl/trust.jks", "description": "Points to trust store file which contains trusted client certificates and/or CAs", "sourced_at_deployment": false, "policy_editable": false, "designer_editable": false }, { - "name": "security.keys.trustStorePassword", - "value": "onaponap", - "description": "Password for the trust store", + "name": "security.keys.trustStorePasswordFile", + "value": "/etc/ves-hv/ssl/trust.pass", + "description": "File which contains password for the trust store", "sourced_at_deployment": false, "policy_editable": false, "designer_editable": false diff --git a/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt b/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt index 1c1a355b..d08f6c09 100644 --- a/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt +++ b/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt @@ -91,11 +91,11 @@ enum class CommandLineOption(val option: Option, val required: Boolean = false) .desc("Key store in PKCS12 format") .build() ), - KEY_STORE_PASSWORD( + KEY_STORE_PASSWORD_FILE( Option.builder("kp") - .longOpt("key-store-password") + .longOpt("key-store-password-file") .hasArg() - .desc("Key store password") + .desc("File with key store password") .build() ), TRUST_STORE_FILE( @@ -105,11 +105,11 @@ enum class CommandLineOption(val option: Option, val required: Boolean = false) .desc("File with trusted certificate bundle in PKCS12 format") .build() ), - TRUST_STORE_PASSWORD( + TRUST_STORE_PASSWORD_FILE( Option.builder("tp") - .longOpt("trust-store-password") + .longOpt("trust-store-password-file") .hasArg() - .desc("Trust store password") + .desc("File with trust store password") .build() ), MAXIMUM_PAYLOAD_SIZE_BYTES( diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt index 56e48038..e6707825 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt @@ -39,9 +39,9 @@ internal class ConfigurationMerger { sslDisable = base.sslDisable.updateToGivenOrNone(update.sslDisable), keyStoreFile = base.keyStoreFile.updateToGivenOrNone(update.keyStoreFile), - keyStorePassword = base.keyStorePassword.updateToGivenOrNone(update.keyStorePassword), + keyStorePasswordFile = base.keyStorePasswordFile.updateToGivenOrNone(update.keyStorePasswordFile), trustStoreFile = base.trustStoreFile.updateToGivenOrNone(update.trustStoreFile), - trustStorePassword = base.trustStorePassword.updateToGivenOrNone(update.trustStorePassword), + trustStorePasswordFile = base.trustStorePasswordFile.updateToGivenOrNone(update.trustStorePasswordFile), streamPublishers = base.streamPublishers.updateToGivenOrNone(update.streamPublishers), diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt index 613ae302..f4ce592f 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt @@ -120,22 +120,22 @@ internal class ConfigurationValidator { SecurityConfiguration( createSecurityKeys( File(it.keyStoreFile.bind()).toPath(), - it.keyStorePassword.bind(), + File(it.keyStorePasswordFile.bind()).toPath(), File(it.trustStoreFile.bind()).toPath(), - it.trustStorePassword.bind() + File(it.trustStorePasswordFile.bind()).toPath() ).toOption() ) } private fun createSecurityKeys(keyStorePath: Path, - keyStorePassword: String, + keyStorePasswordPath: Path, trustStorePath: Path, - trustStorePassword: String) = + trustStorePasswordPath: Path) = ImmutableSecurityKeys.builder() .keyStore(ImmutableSecurityKeysStore.of(keyStorePath)) - .keyStorePassword(Passwords.fromString(keyStorePassword)) + .keyStorePassword(Passwords.fromPath(keyStorePasswordPath)) .trustStore(ImmutableSecurityKeysStore.of(trustStorePath)) - .trustStorePassword(Passwords.fromString(trustStorePassword)) + .trustStorePassword(Passwords.fromPath(trustStorePasswordPath)) .build() private fun validatedCollectorConfig(partial: PartialConfiguration) = diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt index d09a52e4..51f6a665 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt @@ -44,12 +44,12 @@ internal data class PartialConfiguration( val sslDisable: Option<Boolean> = None, @SerializedName("security.keys.keyStoreFile") val keyStoreFile: Option<String> = None, - @SerializedName("security.keys.keyStorePassword") - val keyStorePassword: Option<String> = None, + @SerializedName("security.keys.keyStorePasswordFile") + val keyStorePasswordFile: Option<String> = None, @SerializedName("security.keys.trustStoreFile") val trustStoreFile: Option<String> = None, - @SerializedName("security.keys.trustStorePassword") - val trustStorePassword: Option<String> = None, + @SerializedName("security.keys.trustStorePasswordFile") + val trustStorePasswordFile: Option<String> = None, @SerializedName("logLevel") val logLevel: Option<LogLevel> = None, diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt index 0806e8ca..5495c865 100644 --- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt +++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt @@ -36,9 +36,9 @@ import org.onap.dcae.collectors.veshv.utils.logging.LogLevel import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys import java.io.File +import java.nio.file.Paths import java.time.Duration - internal object ConfigurationValidatorTest : Spek({ describe("ConfigurationValidator") { val cut = ConfigurationValidator() @@ -79,10 +79,10 @@ internal object ConfigurationValidatorTest : Spek({ firstRequestDelaySec = Some(defaultFirstReqDelaySec), requestIntervalSec = Some(defaultRequestIntervalSec), sslDisable = Some(false), - keyStoreFile = Some(KEYSTORE), - keyStorePassword = Some(KEYSTORE_PASSWORD), - trustStoreFile = Some(TRUSTSTORE), - trustStorePassword = Some(TRUSTSTORE_PASSWORD), + keyStoreFile = Some(keyStore), + keyStorePasswordFile = Some(keyStorePassFile), + trustStoreFile = Some(trustStore), + trustStorePasswordFile = Some(trustStorePassFile), streamPublishers = Some(sampleStreamsDefinition), logLevel = Some(LogLevel.TRACE) ) @@ -101,10 +101,10 @@ internal object ConfigurationValidatorTest : Spek({ val securityKeys = it.security.keys .getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys - assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath()) - assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath()) - securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) } - securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) } + assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath()) + assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath()) + securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) } + securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) } assertThat(it.cbs.firstRequestDelay) .isEqualTo(Duration.ofSeconds(defaultFirstReqDelaySec)) @@ -168,10 +168,10 @@ internal object ConfigurationValidatorTest : Spek({ { val securityKeys = it.security.keys .getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys - assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath()) - assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath()) - securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) } - securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) } + assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath()) + assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath()) + securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) } + securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) } } ) } @@ -185,10 +185,10 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor firstReqDelaySec: Option<Long> = Some(defaultFirstReqDelaySec), requestIntervalSec: Option<Long> = Some(defaultRequestIntervalSec), sslDisable: Option<Boolean> = Some(false), - keyStoreFile: Option<String> = Some(KEYSTORE), - keyStorePassword: Option<String> = Some(KEYSTORE_PASSWORD), - trustStoreFile: Option<String> = Some(TRUSTSTORE), - trustStorePassword: Option<String> = Some(TRUSTSTORE_PASSWORD), + keyStoreFile: Option<String> = Some(keyStore), + keyStorePassword: Option<String> = Some(keyStorePassFile), + trustStoreFile: Option<String> = Some(trustStore), + trustStorePassword: Option<String> = Some(trustStorePassFile), streamPublishers: Option<List<KafkaSink>> = Some(sampleStreamsDefinition), logLevel: Option<LogLevel> = Some(LogLevel.INFO) ) = PartialConfiguration( @@ -198,24 +198,29 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor requestIntervalSec = requestIntervalSec, sslDisable = sslDisable, keyStoreFile = keyStoreFile, - keyStorePassword = keyStorePassword, + keyStorePasswordFile = keyStorePassword, trustStoreFile = trustStoreFile, - trustStorePassword = trustStorePassword, + trustStorePasswordFile = trustStorePassword, streamPublishers = streamPublishers, logLevel = logLevel ) -const val defaultListenPort = 1234 -const val defaultRequestIntervalSec = 3L -const val defaultIdleTimeoutSec = 10L -const val defaultFirstReqDelaySec = 10L +private fun resourcePathAsString(resource: String) = + Paths.get(ConfigurationValidatorTest::class.java.getResource(resource).toURI()).toString() + +private const val defaultListenPort = 1234 +private const val defaultRequestIntervalSec = 3L +private const val defaultIdleTimeoutSec = 10L +private const val defaultFirstReqDelaySec = 10L -const val KEYSTORE = "test.ks.pkcs12" -const val KEYSTORE_PASSWORD = "changeMe" -const val TRUSTSTORE = "trust.ks.pkcs12" -const val TRUSTSTORE_PASSWORD = "changeMeToo" +private const val keyStore = "test.ks.pkcs12" +private const val trustStore = "trust.ks.pkcs12" +private const val keyStorePass = "change.me" +private const val trustStorePass = "change.me.too" +private val keyStorePassFile = resourcePathAsString("/test.ks.pass") +private val trustStorePassFile = resourcePathAsString("/trust.ks.pass") -const val sampleSinkName = "perf3gpp" +private const val sampleSinkName = "perf3gpp" const val sampleMaxPayloadSize = 1024 private val sink = mock<KafkaSink>().also { @@ -224,4 +229,4 @@ private val sink = mock<KafkaSink>().also { } private val sampleStreamsDefinition = listOf(sink) -private val sampleRouting = listOf(Route(sink.name(), sink))
\ No newline at end of file +private val sampleRouting = listOf(Route(sink.name(), sink)) diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt index 919f22c1..485ef9a8 100644 --- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt +++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt @@ -28,7 +28,6 @@ import org.jetbrains.spek.api.dsl.it import org.onap.dcae.collectors.veshv.tests.utils.resourceAsStream import org.onap.dcae.collectors.veshv.utils.logging.LogLevel import java.io.StringReader -import java.time.Duration import kotlin.test.fail /** @@ -93,9 +92,9 @@ internal object JsonConfigurationParserTest : Spek({ assertThat(config.sslDisable).isEqualTo(Some(false)) assertThat(config.keyStoreFile).isEqualTo(Some("test.ks.pkcs12")) - assertThat(config.keyStorePassword).isEqualTo(Some("changeMe")) + assertThat(config.keyStorePasswordFile).isEqualTo(Some("test.ks.pass")) assertThat(config.trustStoreFile).isEqualTo(Some("trust.ks.pkcs12")) - assertThat(config.trustStorePassword).isEqualTo(Some("changeMeToo")) + assertThat(config.trustStorePasswordFile).isEqualTo(Some("trust.ks.pass")) } } } diff --git a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json index a5ad52ae..a1eb96a3 100644 --- a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json +++ b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json @@ -6,7 +6,7 @@ "cbs.requestIntervalSec": 900, "security.sslDisable": false, "security.keys.keyStoreFile": "test.ks.pkcs12", - "security.keys.keyStorePassword": "changeMe", + "security.keys.keyStorePasswordFile": "test.ks.pass", "security.keys.trustStoreFile": "trust.ks.pkcs12", - "security.keys.trustStorePassword": "changeMeToo" + "security.keys.trustStorePasswordFile": "trust.ks.pass" }
\ No newline at end of file diff --git a/sources/hv-collector-configuration/src/test/resources/test.ks.pass b/sources/hv-collector-configuration/src/test/resources/test.ks.pass new file mode 100644 index 00000000..2d96f185 --- /dev/null +++ b/sources/hv-collector-configuration/src/test/resources/test.ks.pass @@ -0,0 +1 @@ +change.me
\ No newline at end of file diff --git a/sources/hv-collector-configuration/src/test/resources/trust.ks.pass b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass new file mode 100644 index 00000000..563231aa --- /dev/null +++ b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass @@ -0,0 +1 @@ +change.me.too
\ No newline at end of file diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt index 822d84f1..5981d9d4 100644 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt +++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt @@ -22,7 +22,6 @@ package org.onap.dcae.collectors.veshv.ssl.boundary import arrow.core.None import arrow.core.Some import arrow.core.Try -import arrow.core.getOrElse import org.apache.commons.cli.CommandLine import org.onap.dcae.collectors.veshv.commandline.CommandLineOption import org.onap.dcae.collectors.veshv.commandline.hasOption @@ -38,7 +37,9 @@ import java.nio.file.Paths */ const val KEY_STORE_FILE = "/etc/ves-hv/server.p12" +const val KEY_STORE_PASSWORD_FILE = "/etc/ves-hv/server.pass" const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12" +const val TRUST_STORE_PASSWORD_FILE = "/etc/ves-hv/trust.pass" fun createSecurityConfiguration(cmdLine: CommandLine): Try<SecurityConfiguration> = createSecurityConfigurationProvider(cmdLine).map { it() } @@ -55,15 +56,15 @@ private fun disabledSecurityConfiguration() = SecurityConfiguration(None) private fun enabledSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration { val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE) - val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" } + val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE) val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE) - val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" } + val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE) val keys = ImmutableSecurityKeys.builder() .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile))) - .keyStorePassword(Passwords.fromString(ksPass)) + .keyStorePassword(Passwords.fromPath(pathFromFile(ksPass))) .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile))) - .trustStorePassword(Passwords.fromString(tsPass)) + .trustStorePassword(Passwords.fromPath(pathFromFile(tsPass))) .build() return SecurityConfiguration(Some(keys)) diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt index ddb3e357..c7c414f8 100644 --- a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt +++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt @@ -20,6 +20,7 @@ package org.onap.dcae.collectors.veshv.ssl.boundary import com.nhaarman.mockitokotlin2.doReturn +import com.nhaarman.mockitokotlin2.eq import com.nhaarman.mockitokotlin2.mock import com.nhaarman.mockitokotlin2.verify import com.nhaarman.mockitokotlin2.whenever @@ -31,15 +32,22 @@ import org.jetbrains.spek.api.dsl.it import org.jetbrains.spek.api.dsl.on import org.onap.dcae.collectors.veshv.commandline.CommandLineOption import org.onap.dcae.collectors.veshv.commandline.hasOption +import org.onap.dcae.collectors.veshv.commandline.stringValue +import java.nio.file.Paths -internal object SecurityUtilsTest : Spek({ +internal object UtilsKtTest : Spek({ describe("creating securty configuration provider") { on("command line without ssl disable") { + val passwordFile = resourcePathAsString("/ssl/password") val commandLine: CommandLine = mock() whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false) + whenever(commandLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE)) + .doReturn(passwordFile) + whenever(commandLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE)) + .doReturn(passwordFile) it("should create configuration with some keys") { val configuration = createSecurityConfiguration(commandLine) @@ -63,3 +71,6 @@ internal object SecurityUtilsTest : Spek({ } } }) + +private fun resourcePathAsString(resource: String) = + Paths.get(UtilsKtTest::class.java.getResource(resource).toURI()).toString() diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/password b/sources/hv-collector-ssl/src/test/resources/ssl/password new file mode 100644 index 00000000..e69c2de9 --- /dev/null +++ b/sources/hv-collector-ssl/src/test/resources/ssl/password @@ -0,0 +1 @@ +onaponap
\ No newline at end of file diff --git a/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt b/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt index 28cc0556..7fa23f7f 100644 --- a/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt +++ b/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt @@ -25,12 +25,12 @@ import org.apache.commons.cli.DefaultParser import org.onap.dcae.collectors.veshv.commandline.ArgBasedConfiguration import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.HEALTH_CHECK_API_PORT import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_FILE -import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_PASSWORD_FILE import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.LISTEN_PORT import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.MAXIMUM_PAYLOAD_SIZE_BYTES import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.SSL_DISABLE import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_FILE -import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_PASSWORD_FILE import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.VES_HV_HOST import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.VES_HV_PORT import org.onap.dcae.collectors.veshv.commandline.intValue @@ -55,9 +55,9 @@ internal class ArgXnfSimulatorConfiguration : ArgBasedConfiguration<SimulatorCon MAXIMUM_PAYLOAD_SIZE_BYTES, SSL_DISABLE, KEY_STORE_FILE, - KEY_STORE_PASSWORD, + KEY_STORE_PASSWORD_FILE, TRUST_STORE_FILE, - TRUST_STORE_PASSWORD) + TRUST_STORE_PASSWORD_FILE) override fun getConfiguration(cmdLine: CommandLine): Option<SimulatorConfiguration> = binding { |