Use JDK security provider

Replace netty-tcnative bindings for OpenSSL with JDK provided implementation by default. Change-Id: I59a4797ce43d15a791eab00bfd25cb730a271207 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
author: Piotr Jaszczyk <piotr.jaszczyk@nokia.com> 2018-09-20 12:04:03 +0200
committer: Piotr Jaszczyk <piotr.jaszczyk@nokia.com> 2018-09-24 14:25:32 +0200
commit: 069dcc194fd049e1c52e60d03ce2a9c0553289a7 (patch)
tree: 7916a4fa6b15734301c1e78bb8a20adf22532b4f /hv-collector-xnf-simulator/src/main
parent: 7b269674526a267f14895df8b825f3b59b30b98a (diff)
2 files changed, 28 insertions, 51 deletions
diff --git a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt
index af71e9ce..7a280c10 100644
--- a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt
+++ b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt
@@ -28,6 +28,7 @@ import org.onap.dcae.collectors.veshv.domain.WireFrameMessage
 import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
 import org.onap.dcae.collectors.veshv.domain.WireFrameEncoder
 import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.SimulatorConfiguration
+import org.onap.dcae.collectors.veshv.ssl.boundary.ClientSslContextFactory
 import org.onap.dcae.collectors.veshv.utils.arrow.asIo
 import org.onap.dcae.collectors.veshv.utils.logging.Logger
 import org.reactivestreams.Publisher
@@ -37,7 +38,6 @@ import reactor.core.publisher.ReplayProcessor
 import reactor.ipc.netty.NettyOutbound
 import reactor.ipc.netty.tcp.TcpClient
 
-
 /**
  * @author Jakub Dudycz <jakub.dudycz@nokia.com>
  * @since June 2018
@@ -92,18 +92,7 @@ class VesHvClient(private val configuration: SimulatorConfiguration) {
     }
 
     private fun createSslContext(config: SecurityConfiguration): Option<SslContext> =
-            if (config.sslDisable) {
-                Option.empty()
-            } else {
-                Option.just(
-                        SslContextBuilder.forClient()
-                                .keyManager(config.cert.toFile(), config.privateKey.toFile())
-                                .trustManager(config.trustedCert.toFile())
-                                .sslProvider(SslProvider.OPENSSL)
-                                .clientAuth(ClientAuth.REQUIRE)
-                                .build()
-                )
-            }
+            ClientSslContextFactory().createSslContext(config)
 
     private fun NettyOutbound.logConnectionClosed(): NettyOutbound {
         context().onClose {
diff --git a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
index 56d6212a..3d8dc948 100644
--- a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
+++ b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
@@ -19,16 +19,24 @@
  */
 package org.onap.dcae.collectors.veshv.simulators.xnf.impl.config
 
-import arrow.core.ForOption
 import arrow.core.Option
 import arrow.core.fix
-import arrow.instances.extensions
+import arrow.core.monad
 import arrow.typeclasses.binding
 import org.apache.commons.cli.CommandLine
 import org.apache.commons.cli.DefaultParser
-import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcae.collectors.veshv.ssl.boundary.createSecurityConfiguration
 import org.onap.dcae.collectors.veshv.utils.commandline.ArgBasedConfiguration
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.*
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.LISTEN_PORT
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.SSL_DISABLE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_HOST
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_PORT
+import org.onap.dcae.collectors.veshv.utils.commandline.intValue
+import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
 
 
 /**
@@ -41,42 +49,22 @@ internal class ArgXnfSimulatorConfiguration : ArgBasedConfiguration<SimulatorCon
             VES_HV_HOST,
             LISTEN_PORT,
             SSL_DISABLE,
-            PRIVATE_KEY_FILE,
-            CERT_FILE,
-            TRUST_CERT_FILE
-    )
+            KEY_STORE_FILE,
+            KEY_STORE_PASSWORD,
+            TRUST_STORE_FILE,
+            TRUST_STORE_PASSWORD)
 
     override fun getConfiguration(cmdLine: CommandLine): Option<SimulatorConfiguration> =
-            ForOption extensions {
-                binding {
-                    val listenPort = cmdLine.intValue(LISTEN_PORT).bind()
-                    val vesHost = cmdLine.stringValue(VES_HV_HOST).bind()
-                    val vesPort = cmdLine.intValue(VES_HV_PORT).bind()
+            Option.monad().binding {
+                val listenPort = cmdLine.intValue(LISTEN_PORT).bind()
+                val vesHost = cmdLine.stringValue(VES_HV_HOST).bind()
+                val vesPort = cmdLine.intValue(VES_HV_PORT).bind()
 
-                    SimulatorConfiguration(
-                            listenPort,
-                            vesHost,
-                            vesPort,
-                            parseSecurityConfig(cmdLine))
-                }.fix()
-            }
+                SimulatorConfiguration(
+                        listenPort,
+                        vesHost,
+                        vesPort,
+                        createSecurityConfiguration(cmdLine).bind())
+            }.fix()
 
-    private fun parseSecurityConfig(cmdLine: CommandLine): SecurityConfiguration {
-        val sslDisable = cmdLine.hasOption(SSL_DISABLE)
-        val pkFile = cmdLine.stringValue(PRIVATE_KEY_FILE, DefaultValues.PRIVATE_KEY_FILE)
-        val certFile = cmdLine.stringValue(CERT_FILE, DefaultValues.CERT_FILE)
-        val trustCertFile = cmdLine.stringValue(TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE)
-
-        return SecurityConfiguration(
-                sslDisable = sslDisable,
-                privateKey = stringPathToPath(pkFile),
-                cert = stringPathToPath(certFile),
-                trustedCert = stringPathToPath(trustCertFile))
-    }
-
-    internal object DefaultValues {
-        const val PRIVATE_KEY_FILE = "/etc/ves-hv/client.key"
-        const val CERT_FILE = "/etc/ves-hv/client.crt"
-        const val TRUST_CERT_FILE = "/etc/ves-hv/trust.crt"
-    }
 }
author	Piotr Jaszczyk <piotr.jaszczyk@nokia.com>	2018-09-20 12:04:03 +0200
committer	Piotr Jaszczyk <piotr.jaszczyk@nokia.com>	2018-09-24 14:25:32 +0200
commit	069dcc194fd049e1c52e60d03ce2a9c0553289a7 (patch)
tree	7916a4fa6b15734301c1e78bb8a20adf22532b4f /hv-collector-xnf-simulator/src/main
parent	7b269674526a267f14895df8b825f3b59b30b98a (diff)