aboutsummaryrefslogtreecommitdiffstats
path: root/sources/hv-collector-ssl/src/main
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-11-28 15:46:50 +0100
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-11-29 14:41:42 +0100
commitdde383a2aa75f94c26d7949665b79cc95486a223 (patch)
tree75f3e8f564067afd0e67dbe6254183e45ca26944 /sources/hv-collector-ssl/src/main
parent77f896523f2065b1da1be21545155a29edea5122 (diff)
Custom detekt rule for logger usage check
Check if logger invocations don't use unoptimal invocations, eg. concatenation `debug("a=" + a)` instead of lambda use `debug {"a=" + a}` Unfortunately to avoid defining dependencies in many places and having circural dependencies it was necessarry to reorganize the maven module structure. The goal was to have `sources` module with production code and `build` module with build-time tooling (detekt rules among them). Issue-ID: DCAEGEN2-1002 Change-Id: I36e677b98972aaae6905d722597cbce5e863d201 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'sources/hv-collector-ssl/src/main')
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt52
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt50
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt58
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt79
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt55
5 files changed, 294 insertions, 0 deletions
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
new file mode 100644
index 00000000..0ad3d7b4
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
@@ -0,0 +1,52 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import io.netty.handler.ssl.SslContextBuilder
+import io.netty.handler.ssl.SslProvider
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+open class ClientSslContextFactory : SslContextFactory() {
+
+ override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder.forClient()
+ .keyManager(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
+ .trustManager(openSslKeys.trustedCert.toFile())
+ .sslProvider(SslProvider.OPENSSL)!!
+
+ override fun jdkContext(jdkKeys: JdkKeys) =
+ try {
+ val kmf = keyManagerFactory(jdkKeys)
+ val tmf = trustManagerFactory(jdkKeys)
+ SslContextBuilder.forClient()
+ .keyManager(kmf)
+ .trustManager(tmf)
+ .sslProvider(SslProvider.JDK)!!
+ } finally {
+ jdkKeys.forgetPasswords()
+ }
+
+}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
new file mode 100644
index 00000000..d26937fc
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
@@ -0,0 +1,50 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import io.netty.handler.ssl.SslContextBuilder
+import io.netty.handler.ssl.SslProvider
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+open class ServerSslContextFactory : SslContextFactory() {
+
+ override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder
+ .forServer(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
+ .trustManager(openSslKeys.trustedCert.toFile())
+ .sslProvider(SslProvider.OPENSSL)!!
+
+ override fun jdkContext(jdkKeys: JdkKeys) =
+ try {
+ val kmf = keyManagerFactory(jdkKeys)
+ val tmf = trustManagerFactory(jdkKeys)
+ SslContextBuilder.forServer(kmf)
+ .trustManager(tmf)
+ .sslProvider(SslProvider.JDK)!!
+ } finally {
+ jdkKeys.forgetPasswords()
+ }
+}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
new file mode 100644
index 00000000..cad81eef
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
@@ -0,0 +1,58 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.Option
+import io.netty.handler.ssl.ClientAuth
+import io.netty.handler.ssl.SslContext
+import io.netty.handler.ssl.SslContextBuilder
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+abstract class SslContextFactory {
+ fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ if (secConfig.sslDisable) {
+ Option.empty()
+ } else {
+ createSslContextWithConfiguredCerts(secConfig)
+ .map { builder ->
+ builder.clientAuth(ClientAuth.REQUIRE)
+ .build()
+ }
+ }
+
+ protected open fun createSslContextWithConfiguredCerts(
+ secConfig: SecurityConfiguration
+ ): Option<SslContextBuilder> =
+ secConfig.keys.map { keys ->
+ when (keys) {
+ is JdkKeys -> jdkContext(keys)
+ is OpenSslKeys -> openSslContext(keys)
+ }
+ }
+
+ protected abstract fun openSslContext(openSslKeys: OpenSslKeys): SslContextBuilder
+ protected abstract fun jdkContext(jdkKeys: JdkKeys): SslContextBuilder
+}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
new file mode 100644
index 00000000..d3640c87
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
@@ -0,0 +1,79 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.None
+import arrow.core.Option
+import arrow.core.Some
+import arrow.core.fix
+import arrow.instances.option.monad.monad
+import arrow.typeclasses.binding
+import org.apache.commons.cli.CommandLine
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption
+import org.onap.dcae.collectors.veshv.utils.commandline.hasOption
+import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
+import java.io.File
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+
+
+const val KEY_STORE_FILE = "/etc/ves-hv/server.p12"
+const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12"
+
+fun createSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
+ val sslDisable = cmdLine.hasOption(CommandLineOption.SSL_DISABLE)
+
+ return if (sslDisable) disabledSecurityConfiguration(sslDisable) else enabledSecurityConfiguration(cmdLine)
+}
+
+private fun disabledSecurityConfiguration(sslDisable: Boolean): Some<SecurityConfiguration> {
+ return Some(SecurityConfiguration(
+ sslDisable = sslDisable,
+ keys = None
+ ))
+}
+
+private fun enabledSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
+ return Option.monad().binding {
+ val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
+ val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).bind()
+ val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
+ val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).bind()
+
+ val keys = JdkKeys(
+ keyStore = streamFromFile(ksFile),
+ keyStorePassword = ksPass.toCharArray(),
+ trustStore = streamFromFile(tsFile),
+ trustStorePassword = tsPass.toCharArray()
+ )
+
+ SecurityConfiguration(
+ sslDisable = false,
+ keys = Some(keys)
+ )
+ }.fix()
+}
+
+private fun streamFromFile(file: String) = { File(file).inputStream() }
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
new file mode 100644
index 00000000..4a73a2aa
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.impl
+
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.StreamProvider
+import java.security.KeyStore
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.TrustManagerFactory
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+internal object SslFactories {
+
+ fun trustManagerFactory(jdkKeys: JdkKeys): TrustManagerFactory? {
+ val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+ val ts = loadKeyStoreFromFile(jdkKeys.trustStore, jdkKeys.trustStorePassword)
+ tmf.init(ts)
+ return tmf
+ }
+
+ fun keyManagerFactory(jdkKeys: JdkKeys): KeyManagerFactory? {
+ val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
+ val ks = loadKeyStoreFromFile(jdkKeys.keyStore, jdkKeys.keyStorePassword)
+ kmf.init(ks, jdkKeys.keyStorePassword)
+ return kmf
+ }
+
+ private fun loadKeyStoreFromFile(streamProvider: StreamProvider, password: CharArray): KeyStore {
+ val ks = KeyStore.getInstance("pkcs12")
+ streamProvider().use {
+ ks.load(it, password)
+ }
+ return ks
+ }
+}