aboutsummaryrefslogtreecommitdiffstats
path: root/sources/hv-collector-ssl
diff options
context:
space:
mode:
Diffstat (limited to 'sources/hv-collector-ssl')
-rw-r--r--sources/hv-collector-ssl/pom.xml6
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt52
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt50
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt33
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt61
-rw-r--r--sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt55
-rw-r--r--sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt160
-rw-r--r--sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactoryTest.kt100
8 files changed, 131 insertions, 386 deletions
diff --git a/sources/hv-collector-ssl/pom.xml b/sources/hv-collector-ssl/pom.xml
index 98c07f42..dad7ab53 100644
--- a/sources/hv-collector-ssl/pom.xml
+++ b/sources/hv-collector-ssl/pom.xml
@@ -75,12 +75,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>io.netty</groupId>
- <artifactId>netty-tcnative-boringssl-static</artifactId>
- <classifier>${os.detected.classifier}</classifier>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>io.arrow-kt</groupId>
<artifactId>arrow-core</artifactId>
</dependency>
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
deleted file mode 100644
index 0ad3d7b4..00000000
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ClientSslContextFactory.kt
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.boundary
-
-import io.netty.handler.ssl.SslContextBuilder
-import io.netty.handler.ssl.SslProvider
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since September 2018
- */
-open class ClientSslContextFactory : SslContextFactory() {
-
- override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder.forClient()
- .keyManager(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
- .trustManager(openSslKeys.trustedCert.toFile())
- .sslProvider(SslProvider.OPENSSL)!!
-
- override fun jdkContext(jdkKeys: JdkKeys) =
- try {
- val kmf = keyManagerFactory(jdkKeys)
- val tmf = trustManagerFactory(jdkKeys)
- SslContextBuilder.forClient()
- .keyManager(kmf)
- .trustManager(tmf)
- .sslProvider(SslProvider.JDK)!!
- } finally {
- jdkKeys.forgetPasswords()
- }
-
-}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
deleted file mode 100644
index d26937fc..00000000
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactory.kt
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.boundary
-
-import io.netty.handler.ssl.SslContextBuilder
-import io.netty.handler.ssl.SslProvider
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.keyManagerFactory
-import org.onap.dcae.collectors.veshv.ssl.impl.SslFactories.trustManagerFactory
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since September 2018
- */
-open class ServerSslContextFactory : SslContextFactory() {
-
- override fun openSslContext(openSslKeys: OpenSslKeys) = SslContextBuilder
- .forServer(openSslKeys.cert.toFile(), openSslKeys.privateKey.toFile())
- .trustManager(openSslKeys.trustedCert.toFile())
- .sslProvider(SslProvider.OPENSSL)!!
-
- override fun jdkContext(jdkKeys: JdkKeys) =
- try {
- val kmf = keyManagerFactory(jdkKeys)
- val tmf = trustManagerFactory(jdkKeys)
- SslContextBuilder.forServer(kmf)
- .trustManager(tmf)
- .sslProvider(SslProvider.JDK)!!
- } finally {
- jdkKeys.forgetPasswords()
- }
-}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
index cad81eef..8a5959d8 100644
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactory.kt
@@ -20,39 +20,18 @@
package org.onap.dcae.collectors.veshv.ssl.boundary
import arrow.core.Option
-import io.netty.handler.ssl.ClientAuth
import io.netty.handler.ssl.SslContext
-import io.netty.handler.ssl.SslContextBuilder
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcaegen2.services.sdk.security.ssl.SslFactory
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
* @since September 2018
*/
-abstract class SslContextFactory {
- fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> =
- if (secConfig.sslDisable) {
- Option.empty()
- } else {
- createSslContextWithConfiguredCerts(secConfig)
- .map { builder ->
- builder.clientAuth(ClientAuth.REQUIRE)
- .build()
- }
- }
+class SslContextFactory(private val sslFactory: SslFactory = SslFactory()) {
+ fun createServerContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ secConfig.keys.map { sslFactory.createSecureServerContext(it) }
+ fun createClientContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ secConfig.keys.map { sslFactory.createSecureClientContext(it) }
- protected open fun createSslContextWithConfiguredCerts(
- secConfig: SecurityConfiguration
- ): Option<SslContextBuilder> =
- secConfig.keys.map { keys ->
- when (keys) {
- is JdkKeys -> jdkContext(keys)
- is OpenSslKeys -> openSslContext(keys)
- }
- }
-
- protected abstract fun openSslContext(openSslKeys: OpenSslKeys): SslContextBuilder
- protected abstract fun jdkContext(jdkKeys: JdkKeys): SslContextBuilder
}
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
index d3640c87..fb142639 100644
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
+++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt
@@ -20,60 +20,49 @@
package org.onap.dcae.collectors.veshv.ssl.boundary
import arrow.core.None
-import arrow.core.Option
import arrow.core.Some
-import arrow.core.fix
-import arrow.instances.option.monad.monad
-import arrow.typeclasses.binding
+import arrow.core.Try
+import arrow.core.getOrElse
import org.apache.commons.cli.CommandLine
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption
import org.onap.dcae.collectors.veshv.utils.commandline.hasOption
import org.onap.dcae.collectors.veshv.utils.commandline.stringValue
-import java.io.File
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore
+import org.onap.dcaegen2.services.sdk.security.ssl.Passwords
+import java.nio.file.Paths
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
* @since September 2018
*/
-
const val KEY_STORE_FILE = "/etc/ves-hv/server.p12"
const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12"
-fun createSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
- val sslDisable = cmdLine.hasOption(CommandLineOption.SSL_DISABLE)
-
- return if (sslDisable) disabledSecurityConfiguration(sslDisable) else enabledSecurityConfiguration(cmdLine)
-}
+fun createSecurityConfiguration(cmdLine: CommandLine): Try<SecurityConfiguration> =
+ if (cmdLine.hasOption(CommandLineOption.SSL_DISABLE))
+ Try { disabledSecurityConfiguration() }
+ else
+ enabledSecurityConfiguration(cmdLine)
-private fun disabledSecurityConfiguration(sslDisable: Boolean): Some<SecurityConfiguration> {
- return Some(SecurityConfiguration(
- sslDisable = sslDisable,
- keys = None
- ))
-}
+private fun disabledSecurityConfiguration() = SecurityConfiguration(keys = None)
-private fun enabledSecurityConfiguration(cmdLine: CommandLine): Option<SecurityConfiguration> {
- return Option.monad().binding {
- val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
- val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).bind()
- val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
- val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).bind()
+private fun enabledSecurityConfiguration(cmdLine: CommandLine) = Try {
+ val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE)
+ val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" }
+ val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE)
+ val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" }
- val keys = JdkKeys(
- keyStore = streamFromFile(ksFile),
- keyStorePassword = ksPass.toCharArray(),
- trustStore = streamFromFile(tsFile),
- trustStorePassword = tsPass.toCharArray()
- )
+ val keys = ImmutableSecurityKeys.builder()
+ .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile)))
+ .keyStorePassword(Passwords.fromString(ksPass))
+ .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile)))
+ .trustStorePassword(Passwords.fromString(tsPass))
+ .build()
- SecurityConfiguration(
- sslDisable = false,
- keys = Some(keys)
- )
- }.fix()
+ SecurityConfiguration(keys = Some(keys))
}
-private fun streamFromFile(file: String) = { File(file).inputStream() }
+private fun pathFromFile(file: String) = Paths.get(file)
diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
deleted file mode 100644
index 4a73a2aa..00000000
--- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/impl/SslFactories.kt
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.impl
-
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.StreamProvider
-import java.security.KeyStore
-import javax.net.ssl.KeyManagerFactory
-import javax.net.ssl.TrustManagerFactory
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since September 2018
- */
-internal object SslFactories {
-
- fun trustManagerFactory(jdkKeys: JdkKeys): TrustManagerFactory? {
- val tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
- val ts = loadKeyStoreFromFile(jdkKeys.trustStore, jdkKeys.trustStorePassword)
- tmf.init(ts)
- return tmf
- }
-
- fun keyManagerFactory(jdkKeys: JdkKeys): KeyManagerFactory? {
- val kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
- val ks = loadKeyStoreFromFile(jdkKeys.keyStore, jdkKeys.keyStorePassword)
- kmf.init(ks, jdkKeys.keyStorePassword)
- return kmf
- }
-
- private fun loadKeyStoreFromFile(streamProvider: StreamProvider, password: CharArray): KeyStore {
- val ks = KeyStore.getInstance("pkcs12")
- streamProvider().use {
- ks.load(it, password)
- }
- return ks
- }
-}
diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt
deleted file mode 100644
index 7e0bc609..00000000
--- a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/ServerSslContextFactoryTest.kt
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * dcaegen2-collectors-veshv
- * ================================================================================
- * Copyright (C) 2018 NOKIA
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.dcae.collectors.veshv.ssl.boundary
-
-import arrow.core.Some
-import arrow.core.toOption
-import io.netty.handler.ssl.ClientAuth
-import io.netty.handler.ssl.JdkSslContext
-import io.netty.handler.ssl.ReferenceCountedOpenSslContext
-import io.netty.handler.ssl.SslContextBuilder
-import org.assertj.core.api.Assertions
-import org.assertj.core.api.Assertions.assertThat
-import org.jetbrains.spek.api.Spek
-import org.jetbrains.spek.api.dsl.describe
-import org.jetbrains.spek.api.dsl.given
-import org.jetbrains.spek.api.dsl.it
-import org.jetbrains.spek.api.dsl.on
-import org.onap.dcae.collectors.veshv.domain.JdkKeys
-import org.onap.dcae.collectors.veshv.domain.OpenSslKeys
-import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
-import java.nio.file.Paths
-import kotlin.test.assertTrue
-
-/**
- * @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
- * @since June 2018
- */
-object ServerSslContextFactoryTest : Spek({
- val PASSWORD = "onap"
-
- describe("SslContextFactory (OpenSSL)") {
- val keys = OpenSslKeys(
- privateKey = Paths.get("/", "tmp", "pk.pem"),
- cert = Paths.get("/", "tmp", "cert.crt"),
- trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
-
- given("config with security enabled") {
- val sampleConfig = SecurityConfiguration(keys = Some(keys))
-
- val cut = object : ServerSslContextFactory() {
- override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration) =
- SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key")).toOption()
-
- private fun resource(path: String) = ServerSslContextFactoryTest.javaClass.getResourceAsStream(path)
- }
-
- on("creation of SSL context") {
- val result = cut.createSslContext(sampleConfig)
-
- it("should be server context") {
- assertTrue(result.exists {
- it.isServer
- })
- }
-
- it("should use OpenSSL provider") {
- assertTrue(result.isDefined())
- }
-
- /*
- * It is too important to leave it untested on unit level.
- * Because of the Netty API design we need to do it this way.
- */
- it("should turn on client authentication") {
- val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
- .getDeclaredField("clientAuth")
- .run {
- isAccessible = true
- get(result.orNull()) as ClientAuth
- }
- Assertions.assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
- }
- }
- }
-
- given("config with SSL disabled") {
- val securityConfiguration = SecurityConfiguration(
- sslDisable = true,
- keys = Some(keys)
- )
- val cut = ServerSslContextFactory()
-
- on("creation of SSL context") {
- val result = cut.createSslContext(securityConfiguration)
-
- it("should not create any SSL context ") {
- assertThat(result.isDefined()).isFalse()
- }
- }
- }
- }
-
- describe("SslContextFactory (JDK)") {
- val keys = JdkKeys(
- keyStore = resourceStreamProvider("/ssl/server.ks.pkcs12"),
- keyStorePassword = PASSWORD.toCharArray(),
- trustStore = resourceStreamProvider("/ssl/trust.pkcs12"),
- trustStorePassword = PASSWORD.toCharArray()
- )
-
- given("config without disabled SSL") {
- val sampleConfig = SecurityConfiguration(keys = Some(keys))
- val cut = ServerSslContextFactory()
-
- on("creation of SSL context") {
- val result = cut.createSslContext(sampleConfig)
-
- it("should work") {
- assertTrue(result.isDefined())
- }
-
- it("should be server context") {
- assertTrue(result.exists {
- it.isServer
- })
- }
-
- /*
- * It is too important to leave it untested on unit level.
- * Because of the Netty API design we need to do it this way.
- */
- it("should turn on client authentication") {
- val clientAuth: ClientAuth = JdkSslContext::class.java
- .getDeclaredField("clientAuth")
- .run {
- isAccessible = true
- get(result.orNull()) as ClientAuth
- }
- Assertions.assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
- }
-
- it("should clear passwords so heap dumps won't contain them") {
- val xedPassword = PASSWORD.toCharArray()
- xedPassword.fill('x')
- Assertions.assertThat(keys.keyStorePassword).isEqualTo(xedPassword)
- Assertions.assertThat(keys.trustStorePassword).isEqualTo(xedPassword)
- }
- }
- }
- }
-})
-
-fun resourceStreamProvider(resource: String) = { ServerSslContextFactoryTest::class.java.getResourceAsStream(resource) }
diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactoryTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactoryTest.kt
new file mode 100644
index 00000000..f9c6726b
--- /dev/null
+++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SslContextFactoryTest.kt
@@ -0,0 +1,100 @@
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2019 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import arrow.core.None
+import arrow.core.Some
+import com.nhaarman.mockitokotlin2.mock
+import com.nhaarman.mockitokotlin2.verify
+import org.assertj.core.api.Assertions.assertThat
+import org.jetbrains.spek.api.Spek
+import org.jetbrains.spek.api.dsl.given
+import org.jetbrains.spek.api.dsl.it
+import org.jetbrains.spek.api.dsl.on
+import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore
+import org.onap.dcaegen2.services.sdk.security.ssl.Passwords
+import org.onap.dcaegen2.services.sdk.security.ssl.SslFactory
+import java.nio.file.Paths
+
+/**
+ * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
+ * @since February 2019
+ */
+internal object SslContextFactoryTest : Spek({
+ val sslFactory: SslFactory = mock()
+ val cut = SslContextFactory(sslFactory)
+
+ given("empty security configuration") {
+ val secConfig = SecurityConfiguration(None)
+
+ on("creating server context") {
+ val result = cut.createServerContext(secConfig)
+
+ it("should return None") {
+ assertThat(result.isDefined()).isFalse()
+ }
+ }
+
+ on("creating client context") {
+ val result = cut.createClientContext(secConfig)
+
+ it("should return None") {
+ assertThat(result.isDefined()).isFalse()
+ }
+ }
+ }
+
+ given("security configuration with keys") {
+ val keys = ImmutableSecurityKeys.builder()
+ .trustStore(ImmutableSecurityKeysStore.of(Paths.get("ts.jks")))
+ .trustStorePassword(Passwords.fromString("xxx"))
+ .keyStore(ImmutableSecurityKeysStore.of(Paths.get("ks.pkcs12")))
+ .keyStorePassword(Passwords.fromString("yyy"))
+ .build()
+ val secConfig = SecurityConfiguration(Some(keys))
+
+ on("creating server context") {
+ val result = cut.createServerContext(secConfig)
+
+ it("should return Some") {
+ assertThat(result.isDefined()).isTrue()
+ }
+
+ it("should have called SslFactory") {
+ verify(sslFactory).createSecureServerContext(keys)
+ }
+ }
+
+ on("creating client context") {
+ val result = cut.createClientContext(secConfig)
+
+ it("should return Some") {
+ assertThat(result.isDefined()).isTrue()
+ }
+
+ it("should have called SslFactory") {
+ verify(sslFactory).createSecureClientContext(keys)
+ }
+ }
+ }
+
+}) \ No newline at end of file