diff options
Diffstat (limited to 'sources/hv-collector-ssl/src/main/kotlin')
5 files changed, 31 insertions, 220 deletions
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt deleted file mode 100644 index 0ad3d7b4..00000000 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt +++ /dev/null @@ -1,52 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2018 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.ssl.boundary - -import io.netty.handler.ssl.SslContextBuilder -import io.netty.handler.ssl.SslProvider -import org.onap.dcae.collectors.veshv.domain.JdkKeys -import org.onap.dcae.collectors.veshv.domain.OpenSslKeys -import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory -import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory - -/** - * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com> - * @since September 2018 - */ -open class ClientSslContextFactory : SslContextFactory() { - - override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder.forClient() - .keyManager(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile()) - .trustManager(openSslKeys.trustedCert.toFile()) - .sslProvider(SslProvider.OPENSSL)!! - - override fun jdkContext(jdkKeys: JdkKeys) = - try { - val kmf = keyManagerFactory(jdkKeys) - val tmf = trustManagerFactory(jdkKeys) - SslContextBuilder.forClient() - .keyManager(kmf) - .trustManager(tmf) - .sslProvider(SslProvider.JDK)!! - } finally { - jdkKeys.forgetPasswords() - } - -} diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt deleted file mode 100644 index d26937fc..00000000 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt +++ /dev/null @@ -1,50 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2018 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.ssl.boundary - -import io.netty.handler.ssl.SslContextBuilder -import io.netty.handler.ssl.SslProvider -import org.onap.dcae.collectors.veshv.domain.JdkKeys -import org.onap.dcae.collectors.veshv.domain.OpenSslKeys -import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory -import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory - -/** - * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com> - * @since September 2018 - */ -open class ServerSslContextFactory : SslContextFactory() { - - override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder - .forServer(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile()) - .trustManager(openSslKeys.trustedCert.toFile()) - .sslProvider(SslProvider.OPENSSL)!! - - override fun jdkContext(jdkKeys: JdkKeys) = - try { - val kmf = keyManagerFactory(jdkKeys) - val tmf = trustManagerFactory(jdkKeys) - SslContextBuilder.forServer(kmf) - .trustManager(tmf) - .sslProvider(SslProvider.JDK)!! - } finally { - jdkKeys.forgetPasswords() - } -} diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt index cad81eef..8a5959d8 100644 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt +++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt @@ -20,39 +20,18 @@ package org.onap.dcae.collectors.veshv.ssl.boundary import arrow.core.Option -import io.netty.handler.ssl.ClientAuth import io.netty.handler.ssl.SslContext -import io.netty.handler.ssl.SslContextBuilder -import org.onap.dcae.collectors.veshv.domain.JdkKeys -import org.onap.dcae.collectors.veshv.domain.OpenSslKeys import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration +import org.onap.dcaegen2.services.sdk.security.ssl.SslFactory /** * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com> * @since September 2018 */ -abstract class SslContextFactory { - fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> = - if (secConfig.sslDisable) { - Option.empty() - } else { - createSslContextWithConfiguredCerts(secConfig) - .map { builder -> - builder.clientAuth(ClientAuth.REQUIRE) - .build() - } - } +class SslContextFactory(private val sslFactory: SslFactory = SslFactory()) { + fun createServerContext(secConfig: SecurityConfiguration): Option<SslContext> = + secConfig.keys.map { sslFactory.createSecureServerContext(it) } + fun createClientContext(secConfig: SecurityConfiguration): Option<SslContext> = + secConfig.keys.map { sslFactory.createSecureClientContext(it) } - protected open fun createSslContextWithConfiguredCerts( - secConfig: SecurityConfiguration - ): Option<SslContextBuilder> = - secConfig.keys.map { keys -> - when (keys) { - is JdkKeys -> jdkContext(keys) - is OpenSslKeys -> openSslContext(keys) - } - } - - protected abstract fun openSslContext(openSslKeys: OpenSslKeys): SslContextBuilder - protected abstract fun jdkContext(jdkKeys: JdkKeys): SslContextBuilder } diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt index d3640c87..fb142639 100644 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt +++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt @@ -20,60 +20,49 @@ package org.onap.dcae.collectors.veshv.ssl.boundary import arrow.core.None -import arrow.core.Option import arrow.core.Some -import arrow.core.fix -import arrow.instances.option.monad.monad -import arrow.typeclasses.binding +import arrow.core.Try +import arrow.core.getOrElse import org.apache.commons.cli.CommandLine -import org.onap.dcae.collectors.veshv.domain.JdkKeys import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption import org.onap.dcae.collectors.veshv.utils.commandline.hasOption import org.onap.dcae.collectors.veshv.utils.commandline.stringValue -import java.io.File +import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys +import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore +import org.onap.dcaegen2.services.sdk.security.ssl.Passwords +import java.nio.file.Paths /** * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com> * @since September 2018 */ - const val KEY_STORE_FILE = "/etc/ves-hv/server.p12" const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12" -fun createSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> { - val sslDisable = cmdLine.hasOption(CommandLineOption.SSL_DISABLE) - - return if (sslDisable) disabledSecurityConfiguration(sslDisable) else enabledSecurityConfiguration(cmdLine) -} +fun createSecurityConfiguration(cmdLine: CommandLine): Try<SecurityConfiguration> = + if (cmdLine.hasOption(CommandLineOption.SSL_DISABLE)) + Try { disabledSecurityConfiguration() } + else + enabledSecurityConfiguration(cmdLine) -private fun disabledSecurityConfiguration(sslDisable: Boolean): Some<SecurityConfiguration> { - return Some(SecurityConfiguration( - sslDisable = sslDisable, - keys = None - )) -} +private fun disabledSecurityConfiguration() = SecurityConfiguration(keys = None) -private fun enabledSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> { - return Option.monad().binding { - val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE) - val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).bind() - val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE) - val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).bind() +private fun enabledSecurityConfiguration(cmdLine: CommandLine) = Try { + val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE) + val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" } + val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE) + val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" } - val keys = JdkKeys( - keyStore = streamFromFile(ksFile), - keyStorePassword = ksPass.toCharArray(), - trustStore = streamFromFile(tsFile), - trustStorePassword = tsPass.toCharArray() - ) + val keys = ImmutableSecurityKeys.builder() + .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile))) + .keyStorePassword(Passwords.fromString(ksPass)) + .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile))) + .trustStorePassword(Passwords.fromString(tsPass)) + .build() - SecurityConfiguration( - sslDisable = false, - keys = Some(keys) - ) - }.fix() + SecurityConfiguration(keys = Some(keys)) } -private fun streamFromFile(file: String) = { File(file).inputStream() } +private fun pathFromFile(file: String) = Paths.get(file) diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt deleted file mode 100644 index 4a73a2aa..00000000 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt +++ /dev/null @@ -1,55 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2018 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.ssl.impl - -import org.onap.dcae.collectors.veshv.domain.JdkKeys -import org.onap.dcae.collectors.veshv.domain.StreamProvider -import java.security.KeyStore -import javax.net.ssl.KeyManagerFactory -import javax.net.ssl.TrustManagerFactory - -/** - * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com> - * @since September 2018 - */ -internal object SslFactories { - - fun trustManagerFactory(jdkKeys: JdkKeys): TrustManagerFactory? { - val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()) - val ts = loadKeyStoreFromFile(jdkKeys.trustStore, jdkKeys.trustStorePassword) - tmf.init(ts) - return tmf - } - - fun keyManagerFactory(jdkKeys: JdkKeys): KeyManagerFactory? { - val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) - val ks = loadKeyStoreFromFile(jdkKeys.keyStore, jdkKeys.keyStorePassword) - kmf.init(ks, jdkKeys.keyStorePassword) - return kmf - } - - private fun loadKeyStoreFromFile(streamProvider: StreamProvider, password: CharArray): KeyStore { - val ks = KeyStore.getInstance("pkcs12") - streamProvider().use { - ks.load(it, password) - } - return ks - } -} |