summaryrefslogtreecommitdiffstats
path: root/sources/hv-collector-configuration
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-04-10 10:32:00 +0200
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-04-10 11:37:50 +0200
commitc138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch)
tree35926c24ef0eb4c770f3592bedc6e4d3cf69c98e /sources/hv-collector-configuration
parentd52444107a3c62c1027e35178b76645ceb4d2c4e (diff)
Read passwords from files
Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'sources/hv-collector-configuration')
-rw-r--r--sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt4
-rw-r--r--sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt12
-rw-r--r--sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt (renamed from sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt)8
-rw-r--r--sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt63
-rw-r--r--sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt5
-rw-r--r--sources/hv-collector-configuration/src/test/resources/sampleConfig.json4
-rw-r--r--sources/hv-collector-configuration/src/test/resources/test.ks.pass1
-rw-r--r--sources/hv-collector-configuration/src/test/resources/trust.ks.pass1
8 files changed, 52 insertions, 46 deletions
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt
index 56e48038..e6707825 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt
@@ -39,9 +39,9 @@ internal class ConfigurationMerger {
sslDisable = base.sslDisable.updateToGivenOrNone(update.sslDisable),
keyStoreFile = base.keyStoreFile.updateToGivenOrNone(update.keyStoreFile),
- keyStorePassword = base.keyStorePassword.updateToGivenOrNone(update.keyStorePassword),
+ keyStorePasswordFile = base.keyStorePasswordFile.updateToGivenOrNone(update.keyStorePasswordFile),
trustStoreFile = base.trustStoreFile.updateToGivenOrNone(update.trustStoreFile),
- trustStorePassword = base.trustStorePassword.updateToGivenOrNone(update.trustStorePassword),
+ trustStorePasswordFile = base.trustStorePasswordFile.updateToGivenOrNone(update.trustStorePasswordFile),
streamPublishers = base.streamPublishers.updateToGivenOrNone(update.streamPublishers),
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt
index 613ae302..f4ce592f 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt
@@ -120,22 +120,22 @@ internal class ConfigurationValidator {
SecurityConfiguration(
createSecurityKeys(
File(it.keyStoreFile.bind()).toPath(),
- it.keyStorePassword.bind(),
+ File(it.keyStorePasswordFile.bind()).toPath(),
File(it.trustStoreFile.bind()).toPath(),
- it.trustStorePassword.bind()
+ File(it.trustStorePasswordFile.bind()).toPath()
).toOption()
)
}
private fun createSecurityKeys(keyStorePath: Path,
- keyStorePassword: String,
+ keyStorePasswordPath: Path,
trustStorePath: Path,
- trustStorePassword: String) =
+ trustStorePasswordPath: Path) =
ImmutableSecurityKeys.builder()
.keyStore(ImmutableSecurityKeysStore.of(keyStorePath))
- .keyStorePassword(Passwords.fromString(keyStorePassword))
+ .keyStorePassword(Passwords.fromPath(keyStorePasswordPath))
.trustStore(ImmutableSecurityKeysStore.of(trustStorePath))
- .trustStorePassword(Passwords.fromString(trustStorePassword))
+ .trustStorePassword(Passwords.fromPath(trustStorePasswordPath))
.build()
private fun validatedCollectorConfig(partial: PartialConfiguration) =
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt
index d09a52e4..51f6a665 100644
--- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt
+++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt
@@ -44,12 +44,12 @@ internal data class PartialConfiguration(
val sslDisable: Option<Boolean> = None,
@SerializedName("security.keys.keyStoreFile")
val keyStoreFile: Option<String> = None,
- @SerializedName("security.keys.keyStorePassword")
- val keyStorePassword: Option<String> = None,
+ @SerializedName("security.keys.keyStorePasswordFile")
+ val keyStorePasswordFile: Option<String> = None,
@SerializedName("security.keys.trustStoreFile")
val trustStoreFile: Option<String> = None,
- @SerializedName("security.keys.trustStorePassword")
- val trustStorePassword: Option<String> = None,
+ @SerializedName("security.keys.trustStorePasswordFile")
+ val trustStorePasswordFile: Option<String> = None,
@SerializedName("logLevel")
val logLevel: Option<LogLevel> = None,
diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt
index 0806e8ca..5495c865 100644
--- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt
+++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt
@@ -36,9 +36,9 @@ import org.onap.dcae.collectors.veshv.utils.logging.LogLevel
import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink
import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys
import java.io.File
+import java.nio.file.Paths
import java.time.Duration
-
internal object ConfigurationValidatorTest : Spek({
describe("ConfigurationValidator") {
val cut = ConfigurationValidator()
@@ -79,10 +79,10 @@ internal object ConfigurationValidatorTest : Spek({
firstRequestDelaySec = Some(defaultFirstReqDelaySec),
requestIntervalSec = Some(defaultRequestIntervalSec),
sslDisable = Some(false),
- keyStoreFile = Some(KEYSTORE),
- keyStorePassword = Some(KEYSTORE_PASSWORD),
- trustStoreFile = Some(TRUSTSTORE),
- trustStorePassword = Some(TRUSTSTORE_PASSWORD),
+ keyStoreFile = Some(keyStore),
+ keyStorePasswordFile = Some(keyStorePassFile),
+ trustStoreFile = Some(trustStore),
+ trustStorePasswordFile = Some(trustStorePassFile),
streamPublishers = Some(sampleStreamsDefinition),
logLevel = Some(LogLevel.TRACE)
)
@@ -101,10 +101,10 @@ internal object ConfigurationValidatorTest : Spek({
val securityKeys = it.security.keys
.getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys
- assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath())
- assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath())
- securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) }
- securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) }
+ assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath())
+ assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath())
+ securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) }
+ securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) }
assertThat(it.cbs.firstRequestDelay)
.isEqualTo(Duration.ofSeconds(defaultFirstReqDelaySec))
@@ -168,10 +168,10 @@ internal object ConfigurationValidatorTest : Spek({
{
val securityKeys = it.security.keys
.getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys
- assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath())
- assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath())
- securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) }
- securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) }
+ assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath())
+ assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath())
+ securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) }
+ securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) }
}
)
}
@@ -185,10 +185,10 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor
firstReqDelaySec: Option<Long> = Some(defaultFirstReqDelaySec),
requestIntervalSec: Option<Long> = Some(defaultRequestIntervalSec),
sslDisable: Option<Boolean> = Some(false),
- keyStoreFile: Option<String> = Some(KEYSTORE),
- keyStorePassword: Option<String> = Some(KEYSTORE_PASSWORD),
- trustStoreFile: Option<String> = Some(TRUSTSTORE),
- trustStorePassword: Option<String> = Some(TRUSTSTORE_PASSWORD),
+ keyStoreFile: Option<String> = Some(keyStore),
+ keyStorePassword: Option<String> = Some(keyStorePassFile),
+ trustStoreFile: Option<String> = Some(trustStore),
+ trustStorePassword: Option<String> = Some(trustStorePassFile),
streamPublishers: Option<List<KafkaSink>> = Some(sampleStreamsDefinition),
logLevel: Option<LogLevel> = Some(LogLevel.INFO)
) = PartialConfiguration(
@@ -198,24 +198,29 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor
requestIntervalSec = requestIntervalSec,
sslDisable = sslDisable,
keyStoreFile = keyStoreFile,
- keyStorePassword = keyStorePassword,
+ keyStorePasswordFile = keyStorePassword,
trustStoreFile = trustStoreFile,
- trustStorePassword = trustStorePassword,
+ trustStorePasswordFile = trustStorePassword,
streamPublishers = streamPublishers,
logLevel = logLevel
)
-const val defaultListenPort = 1234
-const val defaultRequestIntervalSec = 3L
-const val defaultIdleTimeoutSec = 10L
-const val defaultFirstReqDelaySec = 10L
+private fun resourcePathAsString(resource: String) =
+ Paths.get(ConfigurationValidatorTest::class.java.getResource(resource).toURI()).toString()
+
+private const val defaultListenPort = 1234
+private const val defaultRequestIntervalSec = 3L
+private const val defaultIdleTimeoutSec = 10L
+private const val defaultFirstReqDelaySec = 10L
-const val KEYSTORE = "test.ks.pkcs12"
-const val KEYSTORE_PASSWORD = "changeMe"
-const val TRUSTSTORE = "trust.ks.pkcs12"
-const val TRUSTSTORE_PASSWORD = "changeMeToo"
+private const val keyStore = "test.ks.pkcs12"
+private const val trustStore = "trust.ks.pkcs12"
+private const val keyStorePass = "change.me"
+private const val trustStorePass = "change.me.too"
+private val keyStorePassFile = resourcePathAsString("/test.ks.pass")
+private val trustStorePassFile = resourcePathAsString("/trust.ks.pass")
-const val sampleSinkName = "perf3gpp"
+private const val sampleSinkName = "perf3gpp"
const val sampleMaxPayloadSize = 1024
private val sink = mock<KafkaSink>().also {
@@ -224,4 +229,4 @@ private val sink = mock<KafkaSink>().also {
}
private val sampleStreamsDefinition = listOf(sink)
-private val sampleRouting = listOf(Route(sink.name(), sink)) \ No newline at end of file
+private val sampleRouting = listOf(Route(sink.name(), sink))
diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt
index 919f22c1..485ef9a8 100644
--- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt
+++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt
@@ -28,7 +28,6 @@ import org.jetbrains.spek.api.dsl.it
import org.onap.dcae.collectors.veshv.tests.utils.resourceAsStream
import org.onap.dcae.collectors.veshv.utils.logging.LogLevel
import java.io.StringReader
-import java.time.Duration
import kotlin.test.fail
/**
@@ -93,9 +92,9 @@ internal object JsonConfigurationParserTest : Spek({
assertThat(config.sslDisable).isEqualTo(Some(false))
assertThat(config.keyStoreFile).isEqualTo(Some("test.ks.pkcs12"))
- assertThat(config.keyStorePassword).isEqualTo(Some("changeMe"))
+ assertThat(config.keyStorePasswordFile).isEqualTo(Some("test.ks.pass"))
assertThat(config.trustStoreFile).isEqualTo(Some("trust.ks.pkcs12"))
- assertThat(config.trustStorePassword).isEqualTo(Some("changeMeToo"))
+ assertThat(config.trustStorePasswordFile).isEqualTo(Some("trust.ks.pass"))
}
}
}
diff --git a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json
index a5ad52ae..a1eb96a3 100644
--- a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json
+++ b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json
@@ -6,7 +6,7 @@
"cbs.requestIntervalSec": 900,
"security.sslDisable": false,
"security.keys.keyStoreFile": "test.ks.pkcs12",
- "security.keys.keyStorePassword": "changeMe",
+ "security.keys.keyStorePasswordFile": "test.ks.pass",
"security.keys.trustStoreFile": "trust.ks.pkcs12",
- "security.keys.trustStorePassword": "changeMeToo"
+ "security.keys.trustStorePasswordFile": "trust.ks.pass"
} \ No newline at end of file
diff --git a/sources/hv-collector-configuration/src/test/resources/test.ks.pass b/sources/hv-collector-configuration/src/test/resources/test.ks.pass
new file mode 100644
index 00000000..2d96f185
--- /dev/null
+++ b/sources/hv-collector-configuration/src/test/resources/test.ks.pass
@@ -0,0 +1 @@
+change.me \ No newline at end of file
diff --git a/sources/hv-collector-configuration/src/test/resources/trust.ks.pass b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass
new file mode 100644
index 00000000..563231aa
--- /dev/null
+++ b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass
@@ -0,0 +1 @@
+change.me.too \ No newline at end of file