summaryrefslogtreecommitdiffstats
path: root/sources/hv-collector-ssl/src/main
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-02-15 12:59:26 +0100
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-02-19 12:51:46 +0100
commit82b27ff5bccc925fe03d05f259cf881fafc8a1ce (patch)
treed128931c70c19184d7b259d295ce39deeec370c3 /sources/hv-collector-ssl/src/main
parentdc47bd1847a46fe0ad0ca6c10a4d61f829f4c0c6 (diff)
Use SDK/SSL in HV-VES
Issue-ID: DCAEGEN2-1226 Change-Id: I7cfc09001f7315c1b6f4fcf150ad631630c810ef Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'sources/hv-collector-ssl/src/main')
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt52
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt50
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt33
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt61
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt55
5 files changed, 31 insertions, 220 deletions
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
deleted file mode 100644
index 0ad3d7b4..00000000
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.boundary
-
-import io.netty.handler.ssl.SslContextBuilder
-import io.netty.handler.ssl.SslProvider
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since September 2018
- */
-open class ClientSslContextFactory : SslContextFactory() {
-
- override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder.forClient()
- .keyManager(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
- .trustManager(openSslKeys.trustedCert.toFile())
- .sslProvider(SslProvider.OPENSSL)!!
-
- override fun jdkContext(jdkKeys: JdkKeys) =
- try {
- val kmf = keyManagerFactory(jdkKeys)
- val tmf = trustManagerFactory(jdkKeys)
- SslContextBuilder.forClient()
- .keyManager(kmf)
- .trustManager(tmf)
- .sslProvider(SslProvider.JDK)!!
- } finally {
- jdkKeys.forgetPasswords()
- }
-
-}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
deleted file mode 100644
index d26937fc..00000000
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.boundary
-
-import io.netty.handler.ssl.SslContextBuilder
-import io.netty.handler.ssl.SslProvider
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since September 2018
- */
-open class ServerSslContextFactory : SslContextFactory() {
-
- override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder
- .forServer(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
- .trustManager(openSslKeys.trustedCert.toFile())
- .sslProvider(SslProvider.OPENSSL)!!
-
- override fun jdkContext(jdkKeys: JdkKeys) =
- try {
- val kmf = keyManagerFactory(jdkKeys)
- val tmf = trustManagerFactory(jdkKeys)
- SslContextBuilder.forServer(kmf)
- .trustManager(tmf)
- .sslProvider(SslProvider.JDK)!!
- } finally {
- jdkKeys.forgetPasswords()
- }
-}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
index cad81eef..8a5959d8 100644
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
@@ -20,39 +20,18 @@
package org.onap.dcae.collectors.veshv.ssl.boundary
import arrow.core.Option
-import io.netty.handler.ssl.ClientAuth
import io.netty.handler.ssl.SslContext
-import io.netty.handler.ssl.SslContextBuilder
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcaegen2.services.sdk.security.ssl.SslFactory
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
* @since September 2018
*/
-abstract class SslContextFactory {
- fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> =
- if (secConfig.sslDisable) {
- Option.empty()
- } else {
- createSslContextWithConfiguredCerts(secConfig)
- .map { builder ->
- builder.clientAuth(ClientAuth.REQUIRE)
- .build()
- }
- }
+class SslContextFactory(private val sslFactory: SslFactory = SslFactory()) {
+ fun createServerContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ secConfig.keys.map { sslFactory.createSecureServerContext(it) }
+ fun createClientContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ secConfig.keys.map { sslFactory.createSecureClientContext(it) }
- protected open fun createSslContextWithConfiguredCerts(
- secConfig: SecurityConfiguration
- ): Option<SslContextBuilder> =
- secConfig.keys.map { keys ->
- when (keys) {
- is JdkKeys -> jdkContext(keys)
- is OpenSslKeys -> openSslContext(keys)
- }
- }
-
- protected abstract fun openSslContext(openSslKeys: OpenSslKeys): SslContextBuilder
- protected abstract fun jdkContext(jdkKeys: JdkKeys): SslContextBuilder
}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
index d3640c87..fb142639 100644
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
@@ -20,60 +20,49 @@
package org.onap.dcae.collectors.veshv.ssl.boundary
import arrow.core.None
-import arrow.core.Option
import arrow.core.Some
-import arrow.core.fix
-import arrow.instances.option.monad.monad
-import arrow.typeclasses.binding
+import arrow.core.Try
+import arrow.core.getOrElse
import org.apache.commons.cli.CommandLine
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption
import org.onap.dcae.collectors.veshv.utils.commandline.hasOption
import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
-import java.io.File
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore
+import org.onap.dcaegen2.services.sdk.security.ssl.Passwords
+import java.nio.file.Paths
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
* @since September 2018
*/
-
const val KEY_STORE_FILE = "/etc/ves-hv/server.p12"
const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12"
-fun createSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
- val sslDisable = cmdLine.hasOption(CommandLineOption.SSL_DISABLE)
-
- return if (sslDisable) disabledSecurityConfiguration(sslDisable) else enabledSecurityConfiguration(cmdLine)
-}
+fun createSecurityConfiguration(cmdLine: CommandLine): Try<SecurityConfiguration> =
+ if (cmdLine.hasOption(CommandLineOption.SSL_DISABLE))
+ Try { disabledSecurityConfiguration() }
+ else
+ enabledSecurityConfiguration(cmdLine)
-private fun disabledSecurityConfiguration(sslDisable: Boolean): Some<SecurityConfiguration> {
- return Some(SecurityConfiguration(
- sslDisable = sslDisable,
- keys = None
- ))
-}
+private fun disabledSecurityConfiguration() = SecurityConfiguration(keys = None)
-private fun enabledSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
- return Option.monad().binding {
- val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
- val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).bind()
- val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
- val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).bind()
+private fun enabledSecurityConfiguration(cmdLine: CommandLine) = Try {
+ val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
+ val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" }
+ val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
+ val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" }
- val keys = JdkKeys(
- keyStore = streamFromFile(ksFile),
- keyStorePassword = ksPass.toCharArray(),
- trustStore = streamFromFile(tsFile),
- trustStorePassword = tsPass.toCharArray()
- )
+ val keys = ImmutableSecurityKeys.builder()
+ .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile)))
+ .keyStorePassword(Passwords.fromString(ksPass))
+ .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile)))
+ .trustStorePassword(Passwords.fromString(tsPass))
+ .build()
- SecurityConfiguration(
- sslDisable = false,
- keys = Some(keys)
- )
- }.fix()
+ SecurityConfiguration(keys = Some(keys))
}
-private fun streamFromFile(file: String) = { File(file).inputStream() }
+private fun pathFromFile(file: String) = Paths.get(file)
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
deleted file mode 100644
index 4a73a2aa..00000000
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.impl
-
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.StreamProvider
-import java.security.KeyStore
-import javax.net.ssl.KeyManagerFactory
-import javax.net.ssl.TrustManagerFactory
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since September 2018
- */
-internal object SslFactories {
-
- fun trustManagerFactory(jdkKeys: JdkKeys): TrustManagerFactory? {
- val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
- val ts = loadKeyStoreFromFile(jdkKeys.trustStore, jdkKeys.trustStorePassword)
- tmf.init(ts)
- return tmf
- }
-
- fun keyManagerFactory(jdkKeys: JdkKeys): KeyManagerFactory? {
- val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
- val ks = loadKeyStoreFromFile(jdkKeys.keyStore, jdkKeys.keyStorePassword)
- kmf.init(ks, jdkKeys.keyStorePassword)
- return kmf
- }
-
- private fun loadKeyStoreFromFile(streamProvider: StreamProvider, password: CharArray): KeyStore {
- val ks = KeyStore.getInstance("pkcs12")
- streamProvider().use {
- ks.load(it, password)
- }
- return ks
- }
-}