summaryrefslogtreecommitdiffstats
path: root/sources/hv-collector-ssl
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-11-28 15:46:50 +0100
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2018-11-29 14:41:42 +0100
commitdde383a2aa75f94c26d7949665b79cc95486a223 (patch)
tree75f3e8f564067afd0e67dbe6254183e45ca26944 /sources/hv-collector-ssl
parent77f896523f2065b1da1be21545155a29edea5122 (diff)
Custom detekt rule for logger usage check
Check if logger invocations don't use unoptimal invocations, eg. concatenation `debug("a=" + a)` instead of lambda use `debug {"a=" + a}` Unfortunately to avoid defining dependencies in many places and having circural dependencies it was necessarry to reorganize the maven module structure. The goal was to have `sources` module with production code and `build` module with build-time tooling (detekt rules among them). Issue-ID: DCAEGEN2-1002 Change-Id: I36e677b98972aaae6905d722597cbce5e863d201 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
Diffstat (limited to 'sources/hv-collector-ssl')
-rw-r--r--sources/hv-collector-ssl/pom.xml118
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt52
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt50
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt58
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt79
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt55
-rw-r--r--sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt160
-rw-r--r--sources/hv-collector-ssl/src/test/resources/logback-test.xml35
-rw-r--r--sources/hv-collector-ssl/src/test/resources/ssl/ca.crt21
-rw-r--r--sources/hv-collector-ssl/src/test/resources/ssl/server.crt19
-rw-r--r--sources/hv-collector-ssl/src/test/resources/ssl/server.key28
-rw-r--r--sources/hv-collector-ssl/src/test/resources/ssl/server.ks.pkcs12bin0 -> 2389 bytes
-rw-r--r--sources/hv-collector-ssl/src/test/resources/ssl/trust.pkcs12bin0 -> 1096 bytes
13 files changed, 675 insertions, 0 deletions
diff --git a/sources/hv-collector-ssl/pom.xml b/sources/hv-collector-ssl/pom.xml
new file mode 100644
index 00000000..6001ba94
--- /dev/null
+++ b/sources/hv-collector-ssl/pom.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ ============LICENSE_START=======================================================
+ ~ dcaegen2-collectors-veshv
+ ~ ================================================================================
+ ~ Copyright (C) 2018 NOKIA
+ ~ ================================================================================
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ ~ ============LICENSE_END=========================================================
+ -->
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <licenses>
+ <license>
+ <name>The Apache Software License, Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
+ </license>
+ </licenses>
+
+ <parent>
+ <groupId>org.onap.dcaegen2.collectors.hv-ves</groupId>
+ <artifactId>hv-collector-sources</artifactId>
+ <version>1.1.0-SNAPSHOT</version>
+ <relativePath>..</relativePath>
+ </parent>
+
+ <artifactId>hv-collector-ssl</artifactId>
+ <description>VES HighVolume Collector :: SSL</description>
+
+ <properties>
+ <skipAnalysis>false</skipAnalysis>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>kotlin-maven-plugin</artifactId>
+ <groupId>org.jetbrains.kotlin</groupId>
+ </plugin>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>${project.parent.groupId}</groupId>
+ <artifactId>hv-collector-domain</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${project.parent.groupId}</groupId>
+ <artifactId>hv-collector-utils</artifactId>
+ <version>${project.parent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${project.parent.groupId}</groupId>
+ <artifactId>hv-collector-test-utils</artifactId>
+ <version>${project.parent.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.netty</groupId>
+ <artifactId>netty-tcnative-boringssl-static</artifactId>
+ <classifier>${os.detected.classifier}</classifier>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.arrow-kt</groupId>
+ <artifactId>arrow-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>io.arrow-kt</groupId>
+ <artifactId>arrow-syntax</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.assertj</groupId>
+ <artifactId>assertj-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jetbrains.kotlin</groupId>
+ <artifactId>kotlin-test</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jetbrains.spek</groupId>
+ <artifactId>spek-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jetbrains.spek</groupId>
+ <artifactId>spek-junit-platform-engine</artifactId>
+ </dependency>
+ </dependencies>
+
+
+</project>
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
new file mode 100644
index 00000000..0ad3d7b4
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
@@ -0,0 +1,52 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import io.netty.handler.ssl.SslContextBuilder
+import io.netty.handler.ssl.SslProvider
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+open class ClientSslContextFactory : SslContextFactory() {
+
+ override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder.forClient()
+ .keyManager(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
+ .trustManager(openSslKeys.trustedCert.toFile())
+ .sslProvider(SslProvider.OPENSSL)!!
+
+ override fun jdkContext(jdkKeys: JdkKeys) =
+ try {
+ val kmf = keyManagerFactory(jdkKeys)
+ val tmf = trustManagerFactory(jdkKeys)
+ SslContextBuilder.forClient()
+ .keyManager(kmf)
+ .trustManager(tmf)
+ .sslProvider(SslProvider.JDK)!!
+ } finally {
+ jdkKeys.forgetPasswords()
+ }
+
+}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
new file mode 100644
index 00000000..d26937fc
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
@@ -0,0 +1,50 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import io.netty.handler.ssl.SslContextBuilder
+import io.netty.handler.ssl.SslProvider
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
+import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+open class ServerSslContextFactory : SslContextFactory() {
+
+ override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder
+ .forServer(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
+ .trustManager(openSslKeys.trustedCert.toFile())
+ .sslProvider(SslProvider.OPENSSL)!!
+
+ override fun jdkContext(jdkKeys: JdkKeys) =
+ try {
+ val kmf = keyManagerFactory(jdkKeys)
+ val tmf = trustManagerFactory(jdkKeys)
+ SslContextBuilder.forServer(kmf)
+ .trustManager(tmf)
+ .sslProvider(SslProvider.JDK)!!
+ } finally {
+ jdkKeys.forgetPasswords()
+ }
+}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
new file mode 100644
index 00000000..cad81eef
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
@@ -0,0 +1,58 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.Option
+import io.netty.handler.ssl.ClientAuth
+import io.netty.handler.ssl.SslContext
+import io.netty.handler.ssl.SslContextBuilder
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+abstract class SslContextFactory {
+ fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ if (secConfig.sslDisable) {
+ Option.empty()
+ } else {
+ createSslContextWithConfiguredCerts(secConfig)
+ .map { builder ->
+ builder.clientAuth(ClientAuth.REQUIRE)
+ .build()
+ }
+ }
+
+ protected open fun createSslContextWithConfiguredCerts(
+ secConfig: SecurityConfiguration
+ ): Option<SslContextBuilder> =
+ secConfig.keys.map { keys ->
+ when (keys) {
+ is JdkKeys -> jdkContext(keys)
+ is OpenSslKeys -> openSslContext(keys)
+ }
+ }
+
+ protected abstract fun openSslContext(openSslKeys: OpenSslKeys): SslContextBuilder
+ protected abstract fun jdkContext(jdkKeys: JdkKeys): SslContextBuilder
+}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
new file mode 100644
index 00000000..d3640c87
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
@@ -0,0 +1,79 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.None
+import arrow.core.Option
+import arrow.core.Some
+import arrow.core.fix
+import arrow.instances.option.monad.monad
+import arrow.typeclasses.binding
+import org.apache.commons.cli.CommandLine
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption
+import org.onap.dcae.collectors.veshv.utils.commandline.hasOption
+import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
+import java.io.File
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+
+
+const val KEY_STORE_FILE = "/etc/ves-hv/server.p12"
+const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12"
+
+fun createSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
+ val sslDisable = cmdLine.hasOption(CommandLineOption.SSL_DISABLE)
+
+ return if (sslDisable) disabledSecurityConfiguration(sslDisable) else enabledSecurityConfiguration(cmdLine)
+}
+
+private fun disabledSecurityConfiguration(sslDisable: Boolean): Some<SecurityConfiguration> {
+ return Some(SecurityConfiguration(
+ sslDisable = sslDisable,
+ keys = None
+ ))
+}
+
+private fun enabledSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
+ return Option.monad().binding {
+ val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
+ val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).bind()
+ val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
+ val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).bind()
+
+ val keys = JdkKeys(
+ keyStore = streamFromFile(ksFile),
+ keyStorePassword = ksPass.toCharArray(),
+ trustStore = streamFromFile(tsFile),
+ trustStorePassword = tsPass.toCharArray()
+ )
+
+ SecurityConfiguration(
+ sslDisable = false,
+ keys = Some(keys)
+ )
+ }.fix()
+}
+
+private fun streamFromFile(file: String) = { File(file).inputStream() }
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
new file mode 100644
index 00000000..4a73a2aa
--- /dev/null
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
@@ -0,0 +1,55 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.impl
+
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.StreamProvider
+import java.security.KeyStore
+import javax.net.ssl.KeyManagerFactory
+import javax.net.ssl.TrustManagerFactory
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since September 2018
+ */
+internal object SslFactories {
+
+ fun trustManagerFactory(jdkKeys: JdkKeys): TrustManagerFactory? {
+ val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+ val ts = loadKeyStoreFromFile(jdkKeys.trustStore, jdkKeys.trustStorePassword)
+ tmf.init(ts)
+ return tmf
+ }
+
+ fun keyManagerFactory(jdkKeys: JdkKeys): KeyManagerFactory? {
+ val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
+ val ks = loadKeyStoreFromFile(jdkKeys.keyStore, jdkKeys.keyStorePassword)
+ kmf.init(ks, jdkKeys.keyStorePassword)
+ return kmf
+ }
+
+ private fun loadKeyStoreFromFile(streamProvider: StreamProvider, password: CharArray): KeyStore {
+ val ks = KeyStore.getInstance("pkcs12")
+ streamProvider().use {
+ ks.load(it, password)
+ }
+ return ks
+ }
+}
diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt
new file mode 100644
index 00000000..7e0bc609
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt
@@ -0,0 +1,160 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.Some
+import arrow.core.toOption
+import io.netty.handler.ssl.ClientAuth
+import io.netty.handler.ssl.JdkSslContext
+import io.netty.handler.ssl.ReferenceCountedOpenSslContext
+import io.netty.handler.ssl.SslContextBuilder
+import org.assertj.core.api.Assertions
+import org.assertj.core.api.Assertions.assertThat
+import org.jetbrains.spek.api.Spek
+import org.jetbrains.spek.api.dsl.describe
+import org.jetbrains.spek.api.dsl.given
+import org.jetbrains.spek.api.dsl.it
+import org.jetbrains.spek.api.dsl.on
+import org.onap.dcae.collectors.veshv.domain.JdkKeys
+import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import java.nio.file.Paths
+import kotlin.test.assertTrue
+
+/**
+ * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
+ * @since June 2018
+ */
+object ServerSslContextFactoryTest : Spek({
+ val PASSWORD = "onap"
+
+ describe("SslContextFactory (OpenSSL)") {
+ val keys = OpenSslKeys(
+ privateKey = Paths.get("/", "tmp", "pk.pem"),
+ cert = Paths.get("/", "tmp", "cert.crt"),
+ trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
+
+ given("config with security enabled") {
+ val sampleConfig = SecurityConfiguration(keys = Some(keys))
+
+ val cut = object : ServerSslContextFactory() {
+ override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration) =
+ SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key")).toOption()
+
+ private fun resource(path: String) = ServerSslContextFactoryTest.javaClass.getResourceAsStream(path)
+ }
+
+ on("creation of SSL context") {
+ val result = cut.createSslContext(sampleConfig)
+
+ it("should be server context") {
+ assertTrue(result.exists {
+ it.isServer
+ })
+ }
+
+ it("should use OpenSSL provider") {
+ assertTrue(result.isDefined())
+ }
+
+ /*
+ * It is too important to leave it untested on unit level.
+ * Because of the Netty API design we need to do it this way.
+ */
+ it("should turn on client authentication") {
+ val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
+ .getDeclaredField("clientAuth")
+ .run {
+ isAccessible = true
+ get(result.orNull()) as ClientAuth
+ }
+ Assertions.assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+ }
+ }
+ }
+
+ given("config with SSL disabled") {
+ val securityConfiguration = SecurityConfiguration(
+ sslDisable = true,
+ keys = Some(keys)
+ )
+ val cut = ServerSslContextFactory()
+
+ on("creation of SSL context") {
+ val result = cut.createSslContext(securityConfiguration)
+
+ it("should not create any SSL context ") {
+ assertThat(result.isDefined()).isFalse()
+ }
+ }
+ }
+ }
+
+ describe("SslContextFactory (JDK)") {
+ val keys = JdkKeys(
+ keyStore = resourceStreamProvider("/ssl/server.ks.pkcs12"),
+ keyStorePassword = PASSWORD.toCharArray(),
+ trustStore = resourceStreamProvider("/ssl/trust.pkcs12"),
+ trustStorePassword = PASSWORD.toCharArray()
+ )
+
+ given("config without disabled SSL") {
+ val sampleConfig = SecurityConfiguration(keys = Some(keys))
+ val cut = ServerSslContextFactory()
+
+ on("creation of SSL context") {
+ val result = cut.createSslContext(sampleConfig)
+
+ it("should work") {
+ assertTrue(result.isDefined())
+ }
+
+ it("should be server context") {
+ assertTrue(result.exists {
+ it.isServer
+ })
+ }
+
+ /*
+ * It is too important to leave it untested on unit level.
+ * Because of the Netty API design we need to do it this way.
+ */
+ it("should turn on client authentication") {
+ val clientAuth: ClientAuth = JdkSslContext::class.java
+ .getDeclaredField("clientAuth")
+ .run {
+ isAccessible = true
+ get(result.orNull()) as ClientAuth
+ }
+ Assertions.assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+ }
+
+ it("should clear passwords so heap dumps won't contain them") {
+ val xedPassword = PASSWORD.toCharArray()
+ xedPassword.fill('x')
+ Assertions.assertThat(keys.keyStorePassword).isEqualTo(xedPassword)
+ Assertions.assertThat(keys.trustStorePassword).isEqualTo(xedPassword)
+ }
+ }
+ }
+ }
+})
+
+fun resourceStreamProvider(resource: String) = { ServerSslContextFactoryTest::class.java.getResourceAsStream(resource) }
diff --git a/sources/hv-collector-ssl/src/test/resources/logback-test.xml b/sources/hv-collector-ssl/src/test/resources/logback-test.xml
new file mode 100644
index 00000000..9a4eacfe
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/logback-test.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <property name="LOG_FILE"
+ value="${LOG_FILE:-${LOG_PATH:-${LOG_TEMP:-${java.io.tmpdir:-/tmp}}/}ves-hv.log}"/>
+ <property name="FILE_LOG_PATTERN" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC} %-5level [%-40.40logger{10}] - %msg%n"/>
+
+ <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>
+ %d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC} %highlight(%-5level) [%-40.40logger{10}] - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ROLLING-FILE"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <encoder>
+ <pattern>${FILE_LOG_PATTERN}</pattern>
+ </encoder>
+ <file>${LOG_FILE}</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${LOG_FILE}.%d{yyyy-MM-dd}.log</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ </appender>
+
+ <logger name="org.onap.dcae.collectors.veshv" level="TRACE"/>
+
+ <root level="INFO">
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="ROLLING-FILE"/>
+ </root>
+</configuration>
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/ca.crt b/sources/hv-collector-ssl/src/test/resources/ssl/ca.crt
new file mode 100644
index 00000000..f9a05b90
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/ca.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIJAMsh09jY3jSBMA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV
+BAYTAlBMMQswCQYDVQQIDAJETDEQMA4GA1UEBwwHV3JvY2xhdzEOMAwGA1UECgwF
+Tm9raWExDTALBgNVBAsMBE1BTk8wHhcNMTgwODEzMTE1OTE5WhcNMTkwODEzMTE1
+OTE5WjBLMQswCQYDVQQGEwJQTDELMAkGA1UECAwCREwxEDAOBgNVBAcMB1dyb2Ns
+YXcxDjAMBgNVBAoMBU5va2lhMQ0wCwYDVQQLDARNQU5PMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyIs4sk5SlBRltDHZDDIGHdazzdduPRKdDBMUTE5i
+++iZe1MU9WnbPWgbnfj/1DN+VbbJEa32agDXBhS9mPiSrflDe8oqPPk12miiflsY
+TxGxY1bjH58kRNey164fPznzc9LqKqV1brUPktgBkHumM4zPVZYue5cp1T2FiWcE
+nFdqOKK2F0mdby+Pim9JHil34YcvavOlMXULkqayR7hxfUIAmMZtl59BKVx9BcKD
+9Sv9TQYRIYHhymrKnwIb8RolDaDdVUnr2ryREjZ8WfoBsOpraIYDUjKijF5FlgLs
+Fp8wcIflF6JyMbtchTm5acQZkcqK1AGYTD1wxT33E2pdDQIDAQABo1MwUTAdBgNV
+HQ4EFgQUOL9AR068MxqYCsKkEfgDzF2HrY8wHwYDVR0jBBgwFoAUOL9AR068MxqY
+CsKkEfgDzF2HrY8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA
+OXNDDqrk8bTJfy78mkMZame/bLEUQ2h4EvWT6trd5XYNfPwQW/u6laLJAtLFbzth
+lpNBRK//sK+AYgwDURq0HcW5YczhgzZbfG9ab1J/7GUrFJh+DHL3bNL1YFX84JbI
+coUbxaJFkmIvlQDLWDYfpQ/gNwUbuUPZjGZC2bWobZw9sRC+e51TIoAmgZwvTElC
+v3vD2BwbIs7C4ylrIQU9Q1rY17MeWH9m8ZhEX1C4W4+N54V6jJ7czE9HQEnapeEu
+5rmEoDqP191x+tOxp/Xg8j+wcAK/dVy1Q3xQQZCW84rv0TBHbdaAPamBLUzHeW3W
+F7BpnVhn1NfYVOKx5W0NfA==
+-----END CERTIFICATE-----
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/server.crt b/sources/hv-collector-ssl/src/test/resources/ssl/server.crt
new file mode 100644
index 00000000..2b06108b
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/server.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEjCCAfoCCQCId29lGbm5LjANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJQ
+TDELMAkGA1UECAwCREwxEDAOBgNVBAcMB1dyb2NsYXcxDjAMBgNVBAoMBU5va2lh
+MQ0wCwYDVQQLDARNQU5PMB4XDTE4MDgxMzEyMDAyNFoXDTE5MDgwODEyMDAyNFow
+SzELMAkGA1UEBhMCUEwxCzAJBgNVBAgMAkRMMRAwDgYDVQQHDAdXcm9jbGF3MQ4w
+DAYDVQQKDAVOb2tpYTENMAsGA1UECwwETUFOTzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALbblOyqeJayotBiY6aZnGWnMHCHNTileJF8hkFS5P5qM9BU
+XH7NW/p5wSNcQWBB81HrRVneHpm6zfZtUPtcqXC4vpTk/sy3WT8rlEU+uv1YYVP8
+r0jxXr1WZ8sGcxOjhiMMRpMqImoALRak3ombtktfMc2Yeab4J25941wpDSQoUjT8
+LlXhfyjbBijum0LY+cqsuV5qk2qrzo0ZLD6m51aaWEyeysQ/3JanYKvPZDKdvAYN
++98ud6d/rjdWIJXwxEGp1fpW0p+fHOUhjMB1a5gkPDIpU68ME6BZJ3xJZb1qqXLS
+pkUitMIWZSWx5xNhcifsnxWyhZfnhd8GnxU3Lf8CAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAJCrPdc8R7kBOmeIPyVX8QBOsrVTBBDzhskpi51nMsAKvcGjtYdXknYPj
+bw3YVASE2efrq5QWHC0maIxDAHzI/kmWGH8F0s8S6QRH/7fstvxaNaSArzQB/thW
+qIWs7AufUSsLMwtcXQ6KdYNbnaMwTynuuK+ANilcLvV8GxRAzXgFdoWZ2OuJRyzu
+BWQZS49WanyqX1kDLMsrLtdJyl/yVEfsmDcUyhapuuGwtconkWK/CVrJlV1vh1Z+
+Svh9IfvAF7WPPpGsM/y9+hGNtK6sPVUKl4acBzIAv6aN1QS5H4zRvtbwv7xpUp4M
+P84PY3lv1X3NJCGrfVByh2lFWParKA==
+-----END CERTIFICATE-----
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/server.key b/sources/hv-collector-ssl/src/test/resources/ssl/server.key
new file mode 100644
index 00000000..40e25932
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/server.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC225TsqniWsqLQ
+YmOmmZxlpzBwhzU4pXiRfIZBUuT+ajPQVFx+zVv6ecEjXEFgQfNR60VZ3h6Zus32
+bVD7XKlwuL6U5P7Mt1k/K5RFPrr9WGFT/K9I8V69VmfLBnMTo4YjDEaTKiJqAC0W
+pN6Jm7ZLXzHNmHmm+CdufeNcKQ0kKFI0/C5V4X8o2wYo7ptC2PnKrLleapNqq86N
+GSw+pudWmlhMnsrEP9yWp2Crz2QynbwGDfvfLnenf643ViCV8MRBqdX6VtKfnxzl
+IYzAdWuYJDwyKVOvDBOgWSd8SWW9aqly0qZFIrTCFmUlsecTYXIn7J8VsoWX54Xf
+Bp8VNy3/AgMBAAECggEATzN4o7GKnast/hg/lU9/gEAUKQlHMgvp1woalHy1FsUl
+QBzqGzoTlr/Zudkhr/Gg1GCVH0Gn+2n//7aFlvohoeNDGPa+rijUDRpxFDUBhO4c
+6eXOfkedg2DDgBqBCYaQeOm+P8vGMCd3YBF1GiFJqgfHaIecWYeufJsmOSrGuFvK
+1OvHpvg4/FLLQqgVcVO812kD4UwSOKnZVnPuZ3pzQviUZvO8ZxI/LkzQB1EdH6u3
+rBtiGslYkiKl5cGpH39/Dx2nKhHfvSnkfsm7koB00Bl41yy61GPwdl4XUwg8LUhX
+TbsuoIPGTJX/2FUMn0UnAdDJm29hE4eyHyYOhew8gQKBgQDlAeUcnFr9uxe0i7cg
+6ctJlNIKJjlA1tH4qIMEytdn06STo9g2j8X5HVE0FX/3+gAYDtEVICTF66w8Y474
+aeazvf+TCfkxtEOiH2afvaNkIkfzKR0ceB48DECT0DCF7xha5rJVf/W4GpCz2WkZ
+ojDzw5ZVvzbx/FaF9A/IseJ63wKBgQDMaSjiephhdlCERGPdwWMg3AfthEX/VHM0
+YugbVjjYjDbn2pMkntW2hUuVXP8HD+9DnQZo0/c/hxe28Q5b+2fjZephdctnY8tL
+XWbaEerM2lxEjmrpA4jYTBZJ9nMsxkEYHGHb5I586aS2YaZ12e7DoKMFdl0EZzvi
+zGPIxSzQ4QKBgAxVv8t8uIH2M96rr997+FEsTOvzBx5w87pbCUOW0WdsRO8W4ix+
+LgGvDJKrncrzklG5apWit5hZi1ttWWQUADMqRrvay6tbtFDlNBfilQxttEZqroC8
+D5TYbBoKGrL8H+m1h2GHlOqns6ecTEbvL4fRvyU7OXBrURXCAZ+jxTktAoGACbQI
+O9AEAcRjCBRTBUjT0tB/E9hOllNE8LytNfb+1dC6HoFysK9Vh8eGEf4LISOxgO0o
+S7ucJgjcqFODEfy6LsI8wQmdcTf8g4RYiIuHMNhAvwRfsNX5HgNmn3Yye3Khzmoy
+fwS3etiAeCPkif2hZunuMykuOzJHVnnLVtF9UiECgYEA41d7FgUcnfPIyA5xLg7K
+lRgjFMsc68uzoCBQww2kio0HNJpdOPBJlg6oHHfYKriv2r9793jETRVwjSNPlKZb
+vqm9yhnbXuahYBZSgdo2W+NbhP6IbJ0vrF4t9g6byjancQptaCjNIr9St9g+Ugly
+8m0n3gIT/+Lr+it63cgk8SA=
+-----END PRIVATE KEY-----
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/server.ks.pkcs12 b/sources/hv-collector-ssl/src/test/resources/ssl/server.ks.pkcs12
new file mode 100644
index 00000000..a97eb65a
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/server.ks.pkcs12
Binary files differ
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/trust.pkcs12 b/sources/hv-collector-ssl/src/test/resources/ssl/trust.pkcs12
new file mode 100644
index 00000000..01b61373
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/trust.pkcs12
Binary files differ