aboutsummaryrefslogtreecommitdiffstats
path: root/hv-collector-main
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-09-20 12:04:03 +0200
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-09-24 14:25:32 +0200
commit069dcc194fd049e1c52e60d03ce2a9c0553289a7 (patch)
tree7916a4fa6b15734301c1e78bb8a20adf22532b4f /hv-collector-main
parent7b269674526a267f14895df8b825f3b59b30b98a (diff)
Use JDK security provider
Replace netty-tcnative bindings for OpenSSL with JDK provided implementation by default. Change-Id: I59a4797ce43d15a791eab00bfd25cb730a271207 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'hv-collector-main')
-rw-r--r--hv-collector-main/Dockerfile3
-rw-r--r--hv-collector-main/pom.xml8
-rw-r--r--hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt76
-rw-r--r--hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfigurationTest.kt99
4 files changed, 59 insertions, 127 deletions
diff --git a/hv-collector-main/Dockerfile b/hv-collector-main/Dockerfile
index 8216ac46..746deb51 100644
--- a/hv-collector-main/Dockerfile
+++ b/hv-collector-main/Dockerfile
@@ -6,8 +6,7 @@ LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0"
LABEL maintainer="Nokia Wroclaw ONAP Team"
RUN apt-get update \
- && apt-get install -y --no-install-recommends curl \
- && apt-get install -y --no-install-recommends netcat \
+ && apt-get install -y --no-install-recommends curl netcat \
&& apt-get clean
WORKDIR /opt/ves-hv-collector
diff --git a/hv-collector-main/pom.xml b/hv-collector-main/pom.xml
index ed37515d..571821a6 100644
--- a/hv-collector-main/pom.xml
+++ b/hv-collector-main/pom.xml
@@ -117,12 +117,18 @@
<groupId>commons-cli</groupId>
<artifactId>commons-cli</artifactId>
</dependency>
+ <!-- See comment in main pom
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-transport-native-epoll</artifactId>
+ <classifier>${os.detected.classifier}</classifier>
+ </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
- <scope>runtime</scope>
<classifier>${os.detected.classifier}</classifier>
</dependency>
+ -->
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-jmx</artifactId>
diff --git a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt
index 26230cd3..d6ff9efa 100644
--- a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt
+++ b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt
@@ -22,25 +22,31 @@ package org.onap.dcae.collectors.veshv.main
import arrow.core.ForOption
import arrow.core.Option
import arrow.core.fix
+import arrow.core.monad
import arrow.instances.extensions
import arrow.typeclasses.binding
import org.apache.commons.cli.CommandLine
import org.apache.commons.cli.DefaultParser
-import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import org.onap.dcae.collectors.veshv.model.ConfigurationProviderParams
import org.onap.dcae.collectors.veshv.model.ServerConfiguration
+import org.onap.dcae.collectors.veshv.ssl.boundary.createSecurityConfiguration
import org.onap.dcae.collectors.veshv.utils.commandline.ArgBasedConfiguration
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CERT_FILE
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CONSUL_CONFIG_URL
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CONSUL_FIRST_REQUEST_DELAY
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CONSUL_REQUEST_INTERVAL
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.DUMMY_MODE
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.HEALTH_CHECK_API_PORT
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.IDLE_TIMEOUT_SEC
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_PASSWORD
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.LISTEN_PORT
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.PRIVATE_KEY_FILE
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.SSL_DISABLE
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_CERT_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.utils.commandline.hasOption
+import org.onap.dcae.collectors.veshv.utils.commandline.intValue
+import org.onap.dcae.collectors.veshv.utils.commandline.longValue
+import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
import java.time.Duration
internal class ArgVesHvConfiguration : ArgBasedConfiguration<ServerConfiguration>(DefaultParser()) {
@@ -51,34 +57,33 @@ internal class ArgVesHvConfiguration : ArgBasedConfiguration<ServerConfiguration
CONSUL_FIRST_REQUEST_DELAY,
CONSUL_REQUEST_INTERVAL,
SSL_DISABLE,
- PRIVATE_KEY_FILE,
- CERT_FILE,
- TRUST_CERT_FILE,
+ KEY_STORE_FILE,
+ KEY_STORE_PASSWORD,
+ TRUST_STORE_FILE,
+ TRUST_STORE_PASSWORD,
IDLE_TIMEOUT_SEC,
DUMMY_MODE
)
override fun getConfiguration(cmdLine: CommandLine): Option<ServerConfiguration> =
- ForOption extensions {
- binding {
- val healthCheckApiPort = cmdLine.intValue(
- HEALTH_CHECK_API_PORT,
- DefaultValues.HEALTH_CHECK_API_PORT
- )
- val listenPort = cmdLine.intValue(LISTEN_PORT).bind()
- val idleTimeoutSec = cmdLine.longValue(IDLE_TIMEOUT_SEC, DefaultValues.IDLE_TIMEOUT_SEC)
- val dummyMode = cmdLine.hasOption(DUMMY_MODE)
- val security = createSecurityConfiguration(cmdLine)
- val configurationProviderParams = createConfigurationProviderParams(cmdLine).bind()
- ServerConfiguration(
- healthCheckApiPort = healthCheckApiPort,
- listenPort = listenPort,
- configurationProviderParams = configurationProviderParams,
- securityConfiguration = security,
- idleTimeout = Duration.ofSeconds(idleTimeoutSec),
- dummyMode = dummyMode)
- }.fix()
- }
+ Option.monad().binding {
+ val healthCheckApiPort = cmdLine.intValue(
+ HEALTH_CHECK_API_PORT,
+ DefaultValues.HEALTH_CHECK_API_PORT
+ )
+ val listenPort = cmdLine.intValue(LISTEN_PORT).bind()
+ val idleTimeoutSec = cmdLine.longValue(IDLE_TIMEOUT_SEC, DefaultValues.IDLE_TIMEOUT_SEC)
+ val dummyMode = cmdLine.hasOption(DUMMY_MODE)
+ val security = createSecurityConfiguration(cmdLine).bind()
+ val configurationProviderParams = createConfigurationProviderParams(cmdLine).bind()
+ ServerConfiguration(
+ healthCheckApiPort = healthCheckApiPort,
+ listenPort = listenPort,
+ configurationProviderParams = configurationProviderParams,
+ securityConfiguration = security,
+ idleTimeout = Duration.ofSeconds(idleTimeoutSec),
+ dummyMode = dummyMode)
+ }.fix()
private fun createConfigurationProviderParams(cmdLine: CommandLine): Option<ConfigurationProviderParams> =
ForOption extensions {
@@ -100,27 +105,10 @@ internal class ArgVesHvConfiguration : ArgBasedConfiguration<ServerConfiguration
}.fix()
}
- private fun createSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration {
- val sslDisable = cmdLine.hasOption(SSL_DISABLE)
- val pkFile = cmdLine.stringValue(PRIVATE_KEY_FILE, DefaultValues.PRIVATE_KEY_FILE)
- val certFile = cmdLine.stringValue(CERT_FILE, DefaultValues.CERT_FILE)
- val trustCertFile = cmdLine.stringValue(TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE)
-
- return SecurityConfiguration(
- sslDisable = sslDisable,
- privateKey = stringPathToPath(pkFile),
- cert = stringPathToPath(certFile),
- trustedCert = stringPathToPath(trustCertFile)
- )
- }
-
internal object DefaultValues {
const val HEALTH_CHECK_API_PORT = 6060
const val CONSUL_FIRST_REQUEST_DELAY = 10L
const val CONSUL_REQUEST_INTERVAL = 5L
- const val PRIVATE_KEY_FILE = "/etc/ves-hv/server.key"
- const val CERT_FILE = "/etc/ves-hv/server.crt"
- const val TRUST_CERT_FILE = "/etc/ves-hv/trust.crt"
const val IDLE_TIMEOUT_SEC = 60L
}
}
diff --git a/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfigurationTest.kt b/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfigurationTest.kt
index 26507197..0cf0bb2c 100644
--- a/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfigurationTest.kt
+++ b/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfigurationTest.kt
@@ -19,20 +19,20 @@
*/
package org.onap.dcae.collectors.veshv.main
+import arrow.core.identity
import org.assertj.core.api.Assertions.assertThat
import org.jetbrains.spek.api.Spek
import org.jetbrains.spek.api.dsl.describe
import org.jetbrains.spek.api.dsl.given
import org.jetbrains.spek.api.dsl.it
import org.jetbrains.spek.api.dsl.on
-import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
-import org.onap.dcae.collectors.veshv.main.ArgVesHvConfiguration.DefaultValues
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
import org.onap.dcae.collectors.veshv.model.ServerConfiguration
import org.onap.dcae.collectors.veshv.tests.utils.parseExpectingFailure
import org.onap.dcae.collectors.veshv.tests.utils.parseExpectingSuccess
import org.onap.dcae.collectors.veshv.utils.commandline.WrongArgumentError
-import java.nio.file.Paths
import java.time.Duration
+import kotlin.test.assertNotNull
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
@@ -45,9 +45,8 @@ object ArgVesHvConfigurationTest : Spek({
val firstRequestDelay = "10"
val requestInterval = "5"
val listenPort = "6969"
- val pk = Paths.get("/", "etc", "ves", "pk.pem")
- val cert = Paths.get("/", "etc", "ssl", "certs", "ca-bundle.crt")
- val trustCert = Paths.get("/", "etc", "ves", "trusted.crt")
+ val keyStorePassword = "kspass"
+ val trustStorePassword = "tspass"
beforeEachTest {
cut = ArgVesHvConfiguration()
@@ -58,15 +57,17 @@ object ArgVesHvConfigurationTest : Spek({
lateinit var result: ServerConfiguration
beforeEachTest {
- result = cut.parseExpectingSuccess("--ssl-disable",
+ result = cut.parseExpectingSuccess(
"--health-check-api-port", healthCheckApiPort,
"--listen-port", listenPort,
"--config-url", configurationUrl,
"--first-request-delay", firstRequestDelay,
"--request-interval", requestInterval,
- "--private-key-file", pk.toFile().absolutePath,
- "--cert-file", cert.toFile().absolutePath,
- "--trust-cert-file", trustCert.toFile().absolutePath)
+ "--key-store", "/tmp/keys.p12",
+ "--trust-store", "/tmp/trust.p12",
+ "--key-store-password", keyStorePassword,
+ "--trust-store-password", trustStorePassword
+ )
}
it("should set proper health check api port") {
@@ -93,69 +94,13 @@ object ArgVesHvConfigurationTest : Spek({
}
it("should set proper security configuration") {
- assertThat(result.securityConfiguration).isEqualTo(
- SecurityConfiguration(sslDisable = true, privateKey = pk, cert = cert, trustedCert = trustCert)
- )
- }
- }
-
- given("some parameters are present in the short form") {
- lateinit var result: ServerConfiguration
-
- beforeEachTest {
- result = cut.parseExpectingSuccess(
- "-p", listenPort, "-c", configurationUrl, "-d", firstRequestDelay
- )
- }
+ assertThat(result.securityConfiguration.sslDisable).isFalse()
- it("should set proper port") {
- assertThat(result.listenPort).isEqualTo(listenPort.toInt())
- }
-
- it("should set proper first consul request delay") {
- assertThat(result.configurationProviderParams.firstRequestDelay)
- .isEqualTo(Duration.ofSeconds(firstRequestDelay.toLong()))
- }
-
- it("should set proper config url") {
- assertThat(result.configurationProviderParams.configurationUrl)
- .isEqualTo(configurationUrl)
- }
- }
-
- given("all optional parameters are absent") {
- lateinit var result: ServerConfiguration
-
- beforeEachTest {
- result = cut.parseExpectingSuccess(
- "--listen-port", listenPort, "--config-url", configurationUrl
- )
- }
-
- it("should set default first consul request delay") {
- assertThat(result.configurationProviderParams.firstRequestDelay)
- .isEqualTo(Duration.ofSeconds(DefaultValues.CONSUL_FIRST_REQUEST_DELAY))
- }
-
- it("should set default consul request interval") {
- assertThat(result.configurationProviderParams.requestInterval)
- .isEqualTo(Duration.ofSeconds(DefaultValues.CONSUL_REQUEST_INTERVAL))
- }
-
- on("security config") {
- val securityConfiguration = result.securityConfiguration
-
- it("should set default trust cert file") {
- assertThat(securityConfiguration.trustedCert.toString()).isEqualTo(DefaultValues.TRUST_CERT_FILE)
- }
-
- it("should set default server cert file") {
- assertThat(securityConfiguration.cert.toString()).isEqualTo(DefaultValues.CERT_FILE)
- }
-
- it("should set default private key file") {
- assertThat(securityConfiguration.privateKey.toString()).isEqualTo(DefaultValues.PRIVATE_KEY_FILE)
- }
+ val keys = result.securityConfiguration.keys.orNull() as JdkKeys
+ assertNotNull(keys.keyStore)
+ assertNotNull(keys.trustStore)
+ assertThat(keys.keyStorePassword).isEqualTo(keyStorePassword.toCharArray())
+ assertThat(keys.trustStorePassword).isEqualTo(trustStorePassword.toCharArray())
}
}
@@ -166,10 +111,7 @@ object ArgVesHvConfigurationTest : Spek({
"--config-url", configurationUrl,
"--ssl-disable",
"--first-request-delay", firstRequestDelay,
- "--request-interval", requestInterval,
- "--private-key-file", pk.toFile().absolutePath,
- "--cert-file", cert.toFile().absolutePath,
- "--trust-cert-file", trustCert.toFile().absolutePath)
+ "--request-interval", requestInterval)
).isInstanceOf(WrongArgumentError::class.java)
}
}
@@ -179,10 +121,7 @@ object ArgVesHvConfigurationTest : Spek({
"--listen-port", listenPort,
"--ssl-disable",
"--first-request-delay", firstRequestDelay,
- "--request-interval", requestInterval,
- "--private-key-file", pk.toFile().absolutePath,
- "--cert-file", cert.toFile().absolutePath,
- "--trust-cert-file", trustCert.toFile().absolutePath)
+ "--request-interval", requestInterval)
).isInstanceOf(WrongArgumentError::class.java)
}
}