diff options
author | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2018-09-20 12:04:03 +0200 |
---|---|---|
committer | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2018-09-24 14:25:32 +0200 |
commit | 069dcc194fd049e1c52e60d03ce2a9c0553289a7 (patch) | |
tree | 7916a4fa6b15734301c1e78bb8a20adf22532b4f /hv-collector-xnf-simulator | |
parent | 7b269674526a267f14895df8b825f3b59b30b98a (diff) |
Use JDK security provider
Replace netty-tcnative bindings for OpenSSL with JDK provided
implementation by default.
Change-Id: I59a4797ce43d15a791eab00bfd25cb730a271207
Issue-ID: DCAEGEN2-816
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'hv-collector-xnf-simulator')
5 files changed, 41 insertions, 234 deletions
diff --git a/hv-collector-xnf-simulator/Dockerfile b/hv-collector-xnf-simulator/Dockerfile index 53406459..ed9dd9b4 100644 --- a/hv-collector-xnf-simulator/Dockerfile +++ b/hv-collector-xnf-simulator/Dockerfile @@ -6,7 +6,7 @@ LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0" LABEL maintainer="Nokia Wroclaw ONAP Team" RUN apt-get update \ - && apt-get install -y --no-install-recommends curl \ + && apt-get install -y --no-install-recommends curl \ && apt-get clean WORKDIR /opt/ves-hv-client-simulator diff --git a/hv-collector-xnf-simulator/pom.xml b/hv-collector-xnf-simulator/pom.xml index cfe1dc14..b3de6b2d 100644 --- a/hv-collector-xnf-simulator/pom.xml +++ b/hv-collector-xnf-simulator/pom.xml @@ -87,6 +87,11 @@ </dependency> <dependency> <groupId>${project.parent.groupId}</groupId> + <artifactId>hv-collector-ssl</artifactId> + <version>${project.parent.version}</version> + </dependency> + <dependency> + <groupId>${project.parent.groupId}</groupId> <artifactId>hv-collector-utils</artifactId> <version>${project.parent.version}</version> </dependency> @@ -121,12 +126,18 @@ <groupId>org.jetbrains.kotlin</groupId> <artifactId>kotlin-stdlib-jdk8</artifactId> </dependency> + <!-- See comment in main pom + <dependency> + <groupId>io.netty</groupId> + <artifactId>netty-transport-native-epoll</artifactId> + <classifier>${os.detected.classifier}</classifier> + </dependency> <dependency> <groupId>io.netty</groupId> <artifactId>netty-tcnative-boringssl-static</artifactId> - <scope>runtime</scope> <classifier>${os.detected.classifier}</classifier> </dependency> + --> <dependency> <groupId>com.nhaarman</groupId> <artifactId>mockito-kotlin</artifactId> diff --git a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt index af71e9ce..7a280c10 100644 --- a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt +++ b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt @@ -28,6 +28,7 @@ import org.onap.dcae.collectors.veshv.domain.WireFrameMessage import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration import org.onap.dcae.collectors.veshv.domain.WireFrameEncoder import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.SimulatorConfiguration +import org.onap.dcae.collectors.veshv.ssl.boundary.ClientSslContextFactory import org.onap.dcae.collectors.veshv.utils.arrow.asIo import org.onap.dcae.collectors.veshv.utils.logging.Logger import org.reactivestreams.Publisher @@ -37,7 +38,6 @@ import reactor.core.publisher.ReplayProcessor import reactor.ipc.netty.NettyOutbound import reactor.ipc.netty.tcp.TcpClient - /** * @author Jakub Dudycz <jakub.dudycz@nokia.com> * @since June 2018 @@ -92,18 +92,7 @@ class VesHvClient(private val configuration: SimulatorConfiguration) { } private fun createSslContext(config: SecurityConfiguration): Option<SslContext> = - if (config.sslDisable) { - Option.empty() - } else { - Option.just( - SslContextBuilder.forClient() - .keyManager(config.cert.toFile(), config.privateKey.toFile()) - .trustManager(config.trustedCert.toFile()) - .sslProvider(SslProvider.OPENSSL) - .clientAuth(ClientAuth.REQUIRE) - .build() - ) - } + ClientSslContextFactory().createSslContext(config) private fun NettyOutbound.logConnectionClosed(): NettyOutbound { context().onClose { diff --git a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt index 56d6212a..3d8dc948 100644 --- a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt +++ b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt @@ -19,16 +19,24 @@ */ package org.onap.dcae.collectors.veshv.simulators.xnf.impl.config -import arrow.core.ForOption import arrow.core.Option import arrow.core.fix -import arrow.instances.extensions +import arrow.core.monad import arrow.typeclasses.binding import org.apache.commons.cli.CommandLine import org.apache.commons.cli.DefaultParser -import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration +import org.onap.dcae.collectors.veshv.ssl.boundary.createSecurityConfiguration import org.onap.dcae.collectors.veshv.utils.commandline.ArgBasedConfiguration -import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.* +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_FILE +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.LISTEN_PORT +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.SSL_DISABLE +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_FILE +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_HOST +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_PORT +import org.onap.dcae.collectors.veshv.utils.commandline.intValue +import org.onap.dcae.collectors.veshv.utils.commandline.stringValue /** @@ -41,42 +49,22 @@ internal class ArgXnfSimulatorConfiguration : ArgBasedConfiguration<SimulatorCon VES_HV_HOST, LISTEN_PORT, SSL_DISABLE, - PRIVATE_KEY_FILE, - CERT_FILE, - TRUST_CERT_FILE - ) + KEY_STORE_FILE, + KEY_STORE_PASSWORD, + TRUST_STORE_FILE, + TRUST_STORE_PASSWORD) override fun getConfiguration(cmdLine: CommandLine): Option<SimulatorConfiguration> = - ForOption extensions { - binding { - val listenPort = cmdLine.intValue(LISTEN_PORT).bind() - val vesHost = cmdLine.stringValue(VES_HV_HOST).bind() - val vesPort = cmdLine.intValue(VES_HV_PORT).bind() + Option.monad().binding { + val listenPort = cmdLine.intValue(LISTEN_PORT).bind() + val vesHost = cmdLine.stringValue(VES_HV_HOST).bind() + val vesPort = cmdLine.intValue(VES_HV_PORT).bind() - SimulatorConfiguration( - listenPort, - vesHost, - vesPort, - parseSecurityConfig(cmdLine)) - }.fix() - } + SimulatorConfiguration( + listenPort, + vesHost, + vesPort, + createSecurityConfiguration(cmdLine).bind()) + }.fix() - private fun parseSecurityConfig(cmdLine: CommandLine): SecurityConfiguration { - val sslDisable = cmdLine.hasOption(SSL_DISABLE) - val pkFile = cmdLine.stringValue(PRIVATE_KEY_FILE, DefaultValues.PRIVATE_KEY_FILE) - val certFile = cmdLine.stringValue(CERT_FILE, DefaultValues.CERT_FILE) - val trustCertFile = cmdLine.stringValue(TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE) - - return SecurityConfiguration( - sslDisable = sslDisable, - privateKey = stringPathToPath(pkFile), - cert = stringPathToPath(certFile), - trustedCert = stringPathToPath(trustCertFile)) - } - - internal object DefaultValues { - const val PRIVATE_KEY_FILE = "/etc/ves-hv/client.key" - const val CERT_FILE = "/etc/ves-hv/client.crt" - const val TRUST_CERT_FILE = "/etc/ves-hv/trust.crt" - } } diff --git a/hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt b/hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt deleted file mode 100644 index 69caf727..00000000 --- a/hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt +++ /dev/null @@ -1,181 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2018 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.main.config - -import org.assertj.core.api.Assertions.assertThat -import org.jetbrains.spek.api.Spek -import org.jetbrains.spek.api.dsl.describe -import org.jetbrains.spek.api.dsl.given -import org.jetbrains.spek.api.dsl.it -import org.jetbrains.spek.api.dsl.on -import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration -import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.ArgXnfSimulatorConfiguration -import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.ArgXnfSimulatorConfiguration.DefaultValues -import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.SimulatorConfiguration -import org.onap.dcae.collectors.veshv.tests.utils.parseExpectingFailure -import org.onap.dcae.collectors.veshv.tests.utils.parseExpectingSuccess -import org.onap.dcae.collectors.veshv.utils.commandline.WrongArgumentError -import java.nio.file.Paths -import kotlin.test.assertTrue - - -object ArgXnfSimulatorConfiurationTest : Spek({ - lateinit var cut: ArgXnfSimulatorConfiguration - val listenPort = "4321" - val vesHost = "localhost" - val vesPort = "1234" - val pk = Paths.get("/", "etc", "ves", "pk.pem") - val cert = Paths.get("/", "etc", "ssl", "certs", "ca-bundle.crt") - val trustCert = Paths.get("/", "etc", "ves", "trusted.crt") - - beforeEachTest { - cut = ArgXnfSimulatorConfiguration() - } - - describe("parsing arguments") { - lateinit var result: SimulatorConfiguration - - given("all parameters are present in the long form") { - - beforeEachTest { - result = cut.parseExpectingSuccess("--ssl-disable", - "--listen-port", listenPort, - "--ves-host", vesHost, - "--ves-port", vesPort, - "--private-key-file", pk.toFile().absolutePath, - "--cert-file", cert.toFile().absolutePath, - "--trust-cert-file", trustCert.toFile().absolutePath) - } - - it("should set proper listen port") { - assertThat(result.listenPort).isEqualTo(listenPort.toInt()) - } - - it("should set proper ves host") { - assertThat(result.vesHost).isEqualTo(vesHost) - } - - it("should set proper ves port") { - assertThat(result.vesPort).isEqualTo(vesPort.toInt()) - } - - it("should set proper security configuration") { - assertThat(result.security).isEqualTo( - SecurityConfiguration(sslDisable = true, privateKey = pk, cert = cert, trustedCert = trustCert) - ) - } - } - - given("some parameters are present in the short form") { - - beforeEachTest { - result = cut.parseExpectingSuccess("-p", listenPort, "-h", vesHost, "--ves-port", vesPort) - } - - it("should set proper listen port") { - assertThat(result.listenPort).isEqualTo(listenPort.toInt()) - } - - it("should set proper ves host") { - assertThat(result.vesHost).isEqualTo(vesHost) - } - - it("should set proper ves port") { - assertThat(result.vesPort).isEqualTo(vesPort.toInt()) - } - } - - given("all optional parameters are absent") { - - beforeEachTest { - result = cut.parseExpectingSuccess("-p", listenPort, "-h", vesHost, "-v", vesPort) - } - - on("security config") { - val securityConfiguration = result.security - - it("should set default trust cert file") { - assertThat(securityConfiguration.trustedCert.toString()).isEqualTo(DefaultValues.TRUST_CERT_FILE) - } - - it("should set default server cert file") { - assertThat(securityConfiguration.cert.toString()).isEqualTo(DefaultValues.CERT_FILE) - } - - it("should set default private key file") { - assertThat(securityConfiguration.privateKey.toString()).isEqualTo(DefaultValues.PRIVATE_KEY_FILE) - } - } - } - - given("disabled ssl certs together with all other parameters") { - beforeEachTest { - result = cut.parseExpectingSuccess("--ssl-disable", - "--listen-port", listenPort, - "--ves-port", "888", - "--ves-host", vesHost, - "--private-key-file", pk.toFile().absolutePath, - "--cert-file", cert.toFile().absolutePath, - "--trust-cert-file", trustCert.toFile().absolutePath) - } - - on("security config") { - val securityConfiguration = result.security - - it("should set ssl disable to true") { - assertTrue(securityConfiguration.sslDisable) - } - - it("should set proper security configuration") { - assertThat(securityConfiguration).isEqualTo( - SecurityConfiguration( - sslDisable = true, - privateKey = pk, - cert = cert, - trustedCert = trustCert) - ) - } - } - } - - describe("required parameter is absent") { - given("ves port is missing") { - it("should throw exception") { - assertThat(cut.parseExpectingFailure("-p", listenPort, "-h", vesHost)) - .isInstanceOf(WrongArgumentError::class.java) - } - } - - given("ves host is missing") { - it("should throw exception") { - assertThat(cut.parseExpectingFailure("-p", listenPort, "-v", vesPort)) - .isInstanceOf(WrongArgumentError::class.java) - } - } - - given("listen port is missing") { - it("should throw exception") { - assertThat(cut.parseExpectingFailure("-h", vesHost, "-v", vesPort)) - .isInstanceOf(WrongArgumentError::class.java) - } - } - } - } -}) |