Read passwords from files

Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
author: Piotr Jaszczyk <piotr.jaszczyk@nokia.com> 2019-04-10 10:32:00 +0200
committer: Piotr Jaszczyk <piotr.jaszczyk@nokia.com> 2019-04-10 11:37:50 +0200
commit: c138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch)
tree: 35926c24ef0eb4c770f3592bedc6e4d3cf69c98e /sources/hv-collector-ssl
parent: d52444107a3c62c1027e35178b76645ceb4d2c4e (diff)
3 files changed, 19 insertions, 6 deletions
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
index 822d84f1..5981d9d4 100644
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
@@ -22,7 +22,6 @@ package org.onap.dcae.collectors.veshv.ssl.boundary
 import arrow.core.None
 import arrow.core.Some
 import arrow.core.Try
-import arrow.core.getOrElse
 import org.apache.commons.cli.CommandLine
 import org.onap.dcae.collectors.veshv.commandline.CommandLineOption
 import org.onap.dcae.collectors.veshv.commandline.hasOption
@@ -38,7 +37,9 @@ import java.nio.file.Paths
  */
 
 const val KEY_STORE_FILE = "/etc/ves-hv/server.p12"
+const val KEY_STORE_PASSWORD_FILE = "/etc/ves-hv/server.pass"
 const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12"
+const val TRUST_STORE_PASSWORD_FILE = "/etc/ves-hv/trust.pass"
 
 fun createSecurityConfiguration(cmdLine: CommandLine): Try<SecurityConfiguration> =
         createSecurityConfigurationProvider(cmdLine).map { it() }
@@ -55,15 +56,15 @@ private fun disabledSecurityConfiguration() = SecurityConfiguration(None)
 
 private fun enabledSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration {
     val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
-    val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" }
+    val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE)
     val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
-    val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" }
+    val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE)
 
     val keys = ImmutableSecurityKeys.builder()
             .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile)))
-            .keyStorePassword(Passwords.fromString(ksPass))
+            .keyStorePassword(Passwords.fromPath(pathFromFile(ksPass)))
             .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile)))
-            .trustStorePassword(Passwords.fromString(tsPass))
+            .trustStorePassword(Passwords.fromPath(pathFromFile(tsPass)))
             .build()
 
     return SecurityConfiguration(Some(keys))
diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt
index ddb3e357..c7c414f8 100644
--- a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt
+++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt
@@ -20,6 +20,7 @@
 package org.onap.dcae.collectors.veshv.ssl.boundary
 
 import com.nhaarman.mockitokotlin2.doReturn
+import com.nhaarman.mockitokotlin2.eq
 import com.nhaarman.mockitokotlin2.mock
 import com.nhaarman.mockitokotlin2.verify
 import com.nhaarman.mockitokotlin2.whenever
@@ -31,15 +32,22 @@ import org.jetbrains.spek.api.dsl.it
 import org.jetbrains.spek.api.dsl.on
 import org.onap.dcae.collectors.veshv.commandline.CommandLineOption
 import org.onap.dcae.collectors.veshv.commandline.hasOption
+import org.onap.dcae.collectors.veshv.commandline.stringValue
+import java.nio.file.Paths
 
 
-internal object SecurityUtilsTest : Spek({
+internal object UtilsKtTest : Spek({
 
     describe("creating securty configuration provider") {
 
         on("command line without ssl disable") {
+            val passwordFile = resourcePathAsString("/ssl/password")
             val commandLine: CommandLine = mock()
             whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false)
+            whenever(commandLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE))
+                    .doReturn(passwordFile)
+            whenever(commandLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE))
+                    .doReturn(passwordFile)
 
             it("should create configuration with some keys") {
                 val configuration = createSecurityConfiguration(commandLine)
@@ -63,3 +71,6 @@ internal object SecurityUtilsTest : Spek({
         }
     }
 })
+
+private fun resourcePathAsString(resource: String) =
+        Paths.get(UtilsKtTest::class.java.getResource(resource).toURI()).toString()
diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/password b/sources/hv-collector-ssl/src/test/resources/ssl/password
new file mode 100644
index 00000000..e69c2de9
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/resources/ssl/password
@@ -0,0 +1 @@
+onaponap
+\ No newline at end of file
author	Piotr Jaszczyk <piotr.jaszczyk@nokia.com>	2019-04-10 10:32:00 +0200
committer	Piotr Jaszczyk <piotr.jaszczyk@nokia.com>	2019-04-10 11:37:50 +0200
commit	c138b700030d22ae0bdbd6992fb4a4d8a3431798 (patch)
tree	35926c24ef0eb4c770f3592bedc6e4d3cf69c98e /sources/hv-collector-ssl
parent	d52444107a3c62c1027e35178b76645ceb4d2c4e (diff)