summaryrefslogtreecommitdiffstats
path: root/hv-collector-xnf-simulator
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-09-20 12:04:03 +0200
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-09-24 14:25:32 +0200
commit069dcc194fd049e1c52e60d03ce2a9c0553289a7 (patch)
tree7916a4fa6b15734301c1e78bb8a20adf22532b4f /hv-collector-xnf-simulator
parent7b269674526a267f14895df8b825f3b59b30b98a (diff)
Use JDK security provider
Replace netty-tcnative bindings for OpenSSL with JDK provided implementation by default. Change-Id: I59a4797ce43d15a791eab00bfd25cb730a271207 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'hv-collector-xnf-simulator')
-rw-r--r--hv-collector-xnf-simulator/Dockerfile2
-rw-r--r--hv-collector-xnf-simulator/pom.xml13
-rw-r--r--hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt15
-rw-r--r--hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt64
-rw-r--r--hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt181
5 files changed, 41 insertions, 234 deletions
diff --git a/hv-collector-xnf-simulator/Dockerfile b/hv-collector-xnf-simulator/Dockerfile
index 53406459..ed9dd9b4 100644
--- a/hv-collector-xnf-simulator/Dockerfile
+++ b/hv-collector-xnf-simulator/Dockerfile
@@ -6,7 +6,7 @@ LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0"
LABEL maintainer="Nokia Wroclaw ONAP Team"
RUN apt-get update \
- && apt-get install -y --no-install-recommends curl \
+ && apt-get install -y --no-install-recommends curl \
&& apt-get clean
WORKDIR /opt/ves-hv-client-simulator
diff --git a/hv-collector-xnf-simulator/pom.xml b/hv-collector-xnf-simulator/pom.xml
index cfe1dc14..b3de6b2d 100644
--- a/hv-collector-xnf-simulator/pom.xml
+++ b/hv-collector-xnf-simulator/pom.xml
@@ -87,6 +87,11 @@
</dependency>
<dependency>
<groupId>${project.parent.groupId}</groupId>
+ <artifactId>hv-collector-ssl</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${project.parent.groupId}</groupId>
<artifactId>hv-collector-utils</artifactId>
<version>${project.parent.version}</version>
</dependency>
@@ -121,12 +126,18 @@
<groupId>org.jetbrains.kotlin</groupId>
<artifactId>kotlin-stdlib-jdk8</artifactId>
</dependency>
+ <!-- See comment in main pom
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-transport-native-epoll</artifactId>
+ <classifier>${os.detected.classifier}</classifier>
+ </dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-tcnative-boringssl-static</artifactId>
- <scope>runtime</scope>
<classifier>${os.detected.classifier}</classifier>
</dependency>
+ -->
<dependency>
<groupId>com.nhaarman</groupId>
<artifactId>mockito-kotlin</artifactId>
diff --git a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt
index af71e9ce..7a280c10 100644
--- a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt
+++ b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/adapters/VesHvClient.kt
@@ -28,6 +28,7 @@ import org.onap.dcae.collectors.veshv.domain.WireFrameMessage
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import org.onap.dcae.collectors.veshv.domain.WireFrameEncoder
import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.SimulatorConfiguration
+import org.onap.dcae.collectors.veshv.ssl.boundary.ClientSslContextFactory
import org.onap.dcae.collectors.veshv.utils.arrow.asIo
import org.onap.dcae.collectors.veshv.utils.logging.Logger
import org.reactivestreams.Publisher
@@ -37,7 +38,6 @@ import reactor.core.publisher.ReplayProcessor
import reactor.ipc.netty.NettyOutbound
import reactor.ipc.netty.tcp.TcpClient
-
/**
* @author Jakub Dudycz <jakub.dudycz@nokia.com>
* @since June 2018
@@ -92,18 +92,7 @@ class VesHvClient(private val configuration: SimulatorConfiguration) {
}
private fun createSslContext(config: SecurityConfiguration): Option<SslContext> =
- if (config.sslDisable) {
- Option.empty()
- } else {
- Option.just(
- SslContextBuilder.forClient()
- .keyManager(config.cert.toFile(), config.privateKey.toFile())
- .trustManager(config.trustedCert.toFile())
- .sslProvider(SslProvider.OPENSSL)
- .clientAuth(ClientAuth.REQUIRE)
- .build()
- )
- }
+ ClientSslContextFactory().createSslContext(config)
private fun NettyOutbound.logConnectionClosed(): NettyOutbound {
context().onClose {
diff --git a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
index 56d6212a..3d8dc948 100644
--- a/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
+++ b/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt
@@ -19,16 +19,24 @@
*/
package org.onap.dcae.collectors.veshv.simulators.xnf.impl.config
-import arrow.core.ForOption
import arrow.core.Option
import arrow.core.fix
-import arrow.instances.extensions
+import arrow.core.monad
import arrow.typeclasses.binding
import org.apache.commons.cli.CommandLine
import org.apache.commons.cli.DefaultParser
-import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcae.collectors.veshv.ssl.boundary.createSecurityConfiguration
import org.onap.dcae.collectors.veshv.utils.commandline.ArgBasedConfiguration
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.*
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.LISTEN_PORT
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.SSL_DISABLE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_FILE
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_PASSWORD
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_HOST
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_PORT
+import org.onap.dcae.collectors.veshv.utils.commandline.intValue
+import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
/**
@@ -41,42 +49,22 @@ internal class ArgXnfSimulatorConfiguration : ArgBasedConfiguration<SimulatorCon
VES_HV_HOST,
LISTEN_PORT,
SSL_DISABLE,
- PRIVATE_KEY_FILE,
- CERT_FILE,
- TRUST_CERT_FILE
- )
+ KEY_STORE_FILE,
+ KEY_STORE_PASSWORD,
+ TRUST_STORE_FILE,
+ TRUST_STORE_PASSWORD)
override fun getConfiguration(cmdLine: CommandLine): Option<SimulatorConfiguration> =
- ForOption extensions {
- binding {
- val listenPort = cmdLine.intValue(LISTEN_PORT).bind()
- val vesHost = cmdLine.stringValue(VES_HV_HOST).bind()
- val vesPort = cmdLine.intValue(VES_HV_PORT).bind()
+ Option.monad().binding {
+ val listenPort = cmdLine.intValue(LISTEN_PORT).bind()
+ val vesHost = cmdLine.stringValue(VES_HV_HOST).bind()
+ val vesPort = cmdLine.intValue(VES_HV_PORT).bind()
- SimulatorConfiguration(
- listenPort,
- vesHost,
- vesPort,
- parseSecurityConfig(cmdLine))
- }.fix()
- }
+ SimulatorConfiguration(
+ listenPort,
+ vesHost,
+ vesPort,
+ createSecurityConfiguration(cmdLine).bind())
+ }.fix()
- private fun parseSecurityConfig(cmdLine: CommandLine): SecurityConfiguration {
- val sslDisable = cmdLine.hasOption(SSL_DISABLE)
- val pkFile = cmdLine.stringValue(PRIVATE_KEY_FILE, DefaultValues.PRIVATE_KEY_FILE)
- val certFile = cmdLine.stringValue(CERT_FILE, DefaultValues.CERT_FILE)
- val trustCertFile = cmdLine.stringValue(TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE)
-
- return SecurityConfiguration(
- sslDisable = sslDisable,
- privateKey = stringPathToPath(pkFile),
- cert = stringPathToPath(certFile),
- trustedCert = stringPathToPath(trustCertFile))
- }
-
- internal object DefaultValues {
- const val PRIVATE_KEY_FILE = "/etc/ves-hv/client.key"
- const val CERT_FILE = "/etc/ves-hv/client.crt"
- const val TRUST_CERT_FILE = "/etc/ves-hv/trust.crt"
- }
}
diff --git a/hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt b/hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt
deleted file mode 100644
index 69caf727..00000000
--- a/hv-collector-xnf-simulator/src/test/kotlin/org/onap/dcae/collectors/veshv/main/config/ArgXnfSimulatorConfiurationTest.kt
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.main.config
-
-import org.assertj.core.api.Assertions.assertThat
-import org.jetbrains.spek.api.Spek
-import org.jetbrains.spek.api.dsl.describe
-import org.jetbrains.spek.api.dsl.given
-import org.jetbrains.spek.api.dsl.it
-import org.jetbrains.spek.api.dsl.on
-import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
-import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.ArgXnfSimulatorConfiguration
-import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.ArgXnfSimulatorConfiguration.DefaultValues
-import org.onap.dcae.collectors.veshv.simulators.xnf.impl.config.SimulatorConfiguration
-import org.onap.dcae.collectors.veshv.tests.utils.parseExpectingFailure
-import org.onap.dcae.collectors.veshv.tests.utils.parseExpectingSuccess
-import org.onap.dcae.collectors.veshv.utils.commandline.WrongArgumentError
-import java.nio.file.Paths
-import kotlin.test.assertTrue
-
-
-object ArgXnfSimulatorConfiurationTest : Spek({
- lateinit var cut: ArgXnfSimulatorConfiguration
- val listenPort = "4321"
- val vesHost = "localhost"
- val vesPort = "1234"
- val pk = Paths.get("/", "etc", "ves", "pk.pem")
- val cert = Paths.get("/", "etc", "ssl", "certs", "ca-bundle.crt")
- val trustCert = Paths.get("/", "etc", "ves", "trusted.crt")
-
- beforeEachTest {
- cut = ArgXnfSimulatorConfiguration()
- }
-
- describe("parsing arguments") {
- lateinit var result: SimulatorConfiguration
-
- given("all parameters are present in the long form") {
-
- beforeEachTest {
- result = cut.parseExpectingSuccess("--ssl-disable",
- "--listen-port", listenPort,
- "--ves-host", vesHost,
- "--ves-port", vesPort,
- "--private-key-file", pk.toFile().absolutePath,
- "--cert-file", cert.toFile().absolutePath,
- "--trust-cert-file", trustCert.toFile().absolutePath)
- }
-
- it("should set proper listen port") {
- assertThat(result.listenPort).isEqualTo(listenPort.toInt())
- }
-
- it("should set proper ves host") {
- assertThat(result.vesHost).isEqualTo(vesHost)
- }
-
- it("should set proper ves port") {
- assertThat(result.vesPort).isEqualTo(vesPort.toInt())
- }
-
- it("should set proper security configuration") {
- assertThat(result.security).isEqualTo(
- SecurityConfiguration(sslDisable = true, privateKey = pk, cert = cert, trustedCert = trustCert)
- )
- }
- }
-
- given("some parameters are present in the short form") {
-
- beforeEachTest {
- result = cut.parseExpectingSuccess("-p", listenPort, "-h", vesHost, "--ves-port", vesPort)
- }
-
- it("should set proper listen port") {
- assertThat(result.listenPort).isEqualTo(listenPort.toInt())
- }
-
- it("should set proper ves host") {
- assertThat(result.vesHost).isEqualTo(vesHost)
- }
-
- it("should set proper ves port") {
- assertThat(result.vesPort).isEqualTo(vesPort.toInt())
- }
- }
-
- given("all optional parameters are absent") {
-
- beforeEachTest {
- result = cut.parseExpectingSuccess("-p", listenPort, "-h", vesHost, "-v", vesPort)
- }
-
- on("security config") {
- val securityConfiguration = result.security
-
- it("should set default trust cert file") {
- assertThat(securityConfiguration.trustedCert.toString()).isEqualTo(DefaultValues.TRUST_CERT_FILE)
- }
-
- it("should set default server cert file") {
- assertThat(securityConfiguration.cert.toString()).isEqualTo(DefaultValues.CERT_FILE)
- }
-
- it("should set default private key file") {
- assertThat(securityConfiguration.privateKey.toString()).isEqualTo(DefaultValues.PRIVATE_KEY_FILE)
- }
- }
- }
-
- given("disabled ssl certs together with all other parameters") {
- beforeEachTest {
- result = cut.parseExpectingSuccess("--ssl-disable",
- "--listen-port", listenPort,
- "--ves-port", "888",
- "--ves-host", vesHost,
- "--private-key-file", pk.toFile().absolutePath,
- "--cert-file", cert.toFile().absolutePath,
- "--trust-cert-file", trustCert.toFile().absolutePath)
- }
-
- on("security config") {
- val securityConfiguration = result.security
-
- it("should set ssl disable to true") {
- assertTrue(securityConfiguration.sslDisable)
- }
-
- it("should set proper security configuration") {
- assertThat(securityConfiguration).isEqualTo(
- SecurityConfiguration(
- sslDisable = true,
- privateKey = pk,
- cert = cert,
- trustedCert = trustCert)
- )
- }
- }
- }
-
- describe("required parameter is absent") {
- given("ves port is missing") {
- it("should throw exception") {
- assertThat(cut.parseExpectingFailure("-p", listenPort, "-h", vesHost))
- .isInstanceOf(WrongArgumentError::class.java)
- }
- }
-
- given("ves host is missing") {
- it("should throw exception") {
- assertThat(cut.parseExpectingFailure("-p", listenPort, "-v", vesPort))
- .isInstanceOf(WrongArgumentError::class.java)
- }
- }
-
- given("listen port is missing") {
- it("should throw exception") {
- assertThat(cut.parseExpectingFailure("-h", vesHost, "-v", vesPort))
- .isInstanceOf(WrongArgumentError::class.java)
- }
- }
- }
- }
-})