diff options
author | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2019-04-10 10:32:00 +0200 |
---|---|---|
committer | Piotr Jaszczyk <piotr.jaszczyk@nokia.com> | 2019-04-10 11:37:50 +0200 |
commit | c138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch) | |
tree | 35926c24ef0eb4c770f3592bedc6e4d3cf69c98e /sources/hv-collector-configuration | |
parent | d52444107a3c62c1027e35178b76645ceb4d2c4e (diff) |
Read passwords from files
Key- and trust-store passwords should be read from files in order to
work with DCAE tls-init-container.
Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396
Issue-ID: DCAEGEN2-1412
Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'sources/hv-collector-configuration')
8 files changed, 52 insertions, 46 deletions
diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt index 56e48038..e6707825 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt @@ -39,9 +39,9 @@ internal class ConfigurationMerger { sslDisable = base.sslDisable.updateToGivenOrNone(update.sslDisable), keyStoreFile = base.keyStoreFile.updateToGivenOrNone(update.keyStoreFile), - keyStorePassword = base.keyStorePassword.updateToGivenOrNone(update.keyStorePassword), + keyStorePasswordFile = base.keyStorePasswordFile.updateToGivenOrNone(update.keyStorePasswordFile), trustStoreFile = base.trustStoreFile.updateToGivenOrNone(update.trustStoreFile), - trustStorePassword = base.trustStorePassword.updateToGivenOrNone(update.trustStorePassword), + trustStorePasswordFile = base.trustStorePasswordFile.updateToGivenOrNone(update.trustStorePasswordFile), streamPublishers = base.streamPublishers.updateToGivenOrNone(update.streamPublishers), diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt index 613ae302..f4ce592f 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt @@ -120,22 +120,22 @@ internal class ConfigurationValidator { SecurityConfiguration( createSecurityKeys( File(it.keyStoreFile.bind()).toPath(), - it.keyStorePassword.bind(), + File(it.keyStorePasswordFile.bind()).toPath(), File(it.trustStoreFile.bind()).toPath(), - it.trustStorePassword.bind() + File(it.trustStorePasswordFile.bind()).toPath() ).toOption() ) } private fun createSecurityKeys(keyStorePath: Path, - keyStorePassword: String, + keyStorePasswordPath: Path, trustStorePath: Path, - trustStorePassword: String) = + trustStorePasswordPath: Path) = ImmutableSecurityKeys.builder() .keyStore(ImmutableSecurityKeysStore.of(keyStorePath)) - .keyStorePassword(Passwords.fromString(keyStorePassword)) + .keyStorePassword(Passwords.fromPath(keyStorePasswordPath)) .trustStore(ImmutableSecurityKeysStore.of(trustStorePath)) - .trustStorePassword(Passwords.fromString(trustStorePassword)) + .trustStorePassword(Passwords.fromPath(trustStorePasswordPath)) .build() private fun validatedCollectorConfig(partial: PartialConfiguration) = diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt index d09a52e4..51f6a665 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt @@ -44,12 +44,12 @@ internal data class PartialConfiguration( val sslDisable: Option<Boolean> = None, @SerializedName("security.keys.keyStoreFile") val keyStoreFile: Option<String> = None, - @SerializedName("security.keys.keyStorePassword") - val keyStorePassword: Option<String> = None, + @SerializedName("security.keys.keyStorePasswordFile") + val keyStorePasswordFile: Option<String> = None, @SerializedName("security.keys.trustStoreFile") val trustStoreFile: Option<String> = None, - @SerializedName("security.keys.trustStorePassword") - val trustStorePassword: Option<String> = None, + @SerializedName("security.keys.trustStorePasswordFile") + val trustStorePasswordFile: Option<String> = None, @SerializedName("logLevel") val logLevel: Option<LogLevel> = None, diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt index 0806e8ca..5495c865 100644 --- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt +++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt @@ -36,9 +36,9 @@ import org.onap.dcae.collectors.veshv.utils.logging.LogLevel import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys import java.io.File +import java.nio.file.Paths import java.time.Duration - internal object ConfigurationValidatorTest : Spek({ describe("ConfigurationValidator") { val cut = ConfigurationValidator() @@ -79,10 +79,10 @@ internal object ConfigurationValidatorTest : Spek({ firstRequestDelaySec = Some(defaultFirstReqDelaySec), requestIntervalSec = Some(defaultRequestIntervalSec), sslDisable = Some(false), - keyStoreFile = Some(KEYSTORE), - keyStorePassword = Some(KEYSTORE_PASSWORD), - trustStoreFile = Some(TRUSTSTORE), - trustStorePassword = Some(TRUSTSTORE_PASSWORD), + keyStoreFile = Some(keyStore), + keyStorePasswordFile = Some(keyStorePassFile), + trustStoreFile = Some(trustStore), + trustStorePasswordFile = Some(trustStorePassFile), streamPublishers = Some(sampleStreamsDefinition), logLevel = Some(LogLevel.TRACE) ) @@ -101,10 +101,10 @@ internal object ConfigurationValidatorTest : Spek({ val securityKeys = it.security.keys .getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys - assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath()) - assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath()) - securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) } - securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) } + assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath()) + assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath()) + securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) } + securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) } assertThat(it.cbs.firstRequestDelay) .isEqualTo(Duration.ofSeconds(defaultFirstReqDelaySec)) @@ -168,10 +168,10 @@ internal object ConfigurationValidatorTest : Spek({ { val securityKeys = it.security.keys .getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys - assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath()) - assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath()) - securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) } - securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) } + assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath()) + assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath()) + securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) } + securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) } } ) } @@ -185,10 +185,10 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor firstReqDelaySec: Option<Long> = Some(defaultFirstReqDelaySec), requestIntervalSec: Option<Long> = Some(defaultRequestIntervalSec), sslDisable: Option<Boolean> = Some(false), - keyStoreFile: Option<String> = Some(KEYSTORE), - keyStorePassword: Option<String> = Some(KEYSTORE_PASSWORD), - trustStoreFile: Option<String> = Some(TRUSTSTORE), - trustStorePassword: Option<String> = Some(TRUSTSTORE_PASSWORD), + keyStoreFile: Option<String> = Some(keyStore), + keyStorePassword: Option<String> = Some(keyStorePassFile), + trustStoreFile: Option<String> = Some(trustStore), + trustStorePassword: Option<String> = Some(trustStorePassFile), streamPublishers: Option<List<KafkaSink>> = Some(sampleStreamsDefinition), logLevel: Option<LogLevel> = Some(LogLevel.INFO) ) = PartialConfiguration( @@ -198,24 +198,29 @@ private fun partialConfiguration(listenPort: Option<Int> = Some(defaultListenPor requestIntervalSec = requestIntervalSec, sslDisable = sslDisable, keyStoreFile = keyStoreFile, - keyStorePassword = keyStorePassword, + keyStorePasswordFile = keyStorePassword, trustStoreFile = trustStoreFile, - trustStorePassword = trustStorePassword, + trustStorePasswordFile = trustStorePassword, streamPublishers = streamPublishers, logLevel = logLevel ) -const val defaultListenPort = 1234 -const val defaultRequestIntervalSec = 3L -const val defaultIdleTimeoutSec = 10L -const val defaultFirstReqDelaySec = 10L +private fun resourcePathAsString(resource: String) = + Paths.get(ConfigurationValidatorTest::class.java.getResource(resource).toURI()).toString() + +private const val defaultListenPort = 1234 +private const val defaultRequestIntervalSec = 3L +private const val defaultIdleTimeoutSec = 10L +private const val defaultFirstReqDelaySec = 10L -const val KEYSTORE = "test.ks.pkcs12" -const val KEYSTORE_PASSWORD = "changeMe" -const val TRUSTSTORE = "trust.ks.pkcs12" -const val TRUSTSTORE_PASSWORD = "changeMeToo" +private const val keyStore = "test.ks.pkcs12" +private const val trustStore = "trust.ks.pkcs12" +private const val keyStorePass = "change.me" +private const val trustStorePass = "change.me.too" +private val keyStorePassFile = resourcePathAsString("/test.ks.pass") +private val trustStorePassFile = resourcePathAsString("/trust.ks.pass") -const val sampleSinkName = "perf3gpp" +private const val sampleSinkName = "perf3gpp" const val sampleMaxPayloadSize = 1024 private val sink = mock<KafkaSink>().also { @@ -224,4 +229,4 @@ private val sink = mock<KafkaSink>().also { } private val sampleStreamsDefinition = listOf(sink) -private val sampleRouting = listOf(Route(sink.name(), sink))
\ No newline at end of file +private val sampleRouting = listOf(Route(sink.name(), sink)) diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt index 919f22c1..485ef9a8 100644 --- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt +++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt @@ -28,7 +28,6 @@ import org.jetbrains.spek.api.dsl.it import org.onap.dcae.collectors.veshv.tests.utils.resourceAsStream import org.onap.dcae.collectors.veshv.utils.logging.LogLevel import java.io.StringReader -import java.time.Duration import kotlin.test.fail /** @@ -93,9 +92,9 @@ internal object JsonConfigurationParserTest : Spek({ assertThat(config.sslDisable).isEqualTo(Some(false)) assertThat(config.keyStoreFile).isEqualTo(Some("test.ks.pkcs12")) - assertThat(config.keyStorePassword).isEqualTo(Some("changeMe")) + assertThat(config.keyStorePasswordFile).isEqualTo(Some("test.ks.pass")) assertThat(config.trustStoreFile).isEqualTo(Some("trust.ks.pkcs12")) - assertThat(config.trustStorePassword).isEqualTo(Some("changeMeToo")) + assertThat(config.trustStorePasswordFile).isEqualTo(Some("trust.ks.pass")) } } } diff --git a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json index a5ad52ae..a1eb96a3 100644 --- a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json +++ b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json @@ -6,7 +6,7 @@ "cbs.requestIntervalSec": 900, "security.sslDisable": false, "security.keys.keyStoreFile": "test.ks.pkcs12", - "security.keys.keyStorePassword": "changeMe", + "security.keys.keyStorePasswordFile": "test.ks.pass", "security.keys.trustStoreFile": "trust.ks.pkcs12", - "security.keys.trustStorePassword": "changeMeToo" + "security.keys.trustStorePasswordFile": "trust.ks.pass" }
\ No newline at end of file diff --git a/sources/hv-collector-configuration/src/test/resources/test.ks.pass b/sources/hv-collector-configuration/src/test/resources/test.ks.pass new file mode 100644 index 00000000..2d96f185 --- /dev/null +++ b/sources/hv-collector-configuration/src/test/resources/test.ks.pass @@ -0,0 +1 @@ +change.me
\ No newline at end of file diff --git a/sources/hv-collector-configuration/src/test/resources/trust.ks.pass b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass new file mode 100644 index 00000000..563231aa --- /dev/null +++ b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass @@ -0,0 +1 @@ +change.me.too
\ No newline at end of file |