From 0d15767178ffff59009de51d3737883aa81df2a6 Mon Sep 17 00:00:00 2001 From: kjaniak Date: Tue, 17 Jul 2018 11:50:10 +0200 Subject: Add command line option to disable SSL/TLS Closes ONAP-508 Change-Id: If6c3935ede7b00dea9b36747c6cd1422c1c8d330 Signed-off-by: kjaniak Issue-ID: DCAEGEN2-601 --- .../dcae/collectors/veshv/impl/socket/NettyTcpServer.kt | 5 ++++- .../collectors/veshv/impl/socket/SslContextFactory.kt | 17 ++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) (limited to 'hv-collector-core/src/main/kotlin') diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt index e9985766..61e1ebff 100644 --- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt @@ -19,7 +19,9 @@ */ package org.onap.dcae.collectors.veshv.impl.socket +import arrow.core.Option import arrow.effects.IO +import io.netty.handler.ssl.SslContext import org.onap.dcae.collectors.veshv.boundary.CollectorProvider import org.onap.dcae.collectors.veshv.boundary.Server import org.onap.dcae.collectors.veshv.boundary.ServerHandle @@ -54,8 +56,9 @@ internal class NettyTcpServer(private val serverConfig: ServerConfiguration, } private fun configureServer(opts: ServerOptions.Builder<*>) { + val sslContext: Option = sslContextFactory.createSslContext(serverConfig.securityConfiguration) + if (sslContext.isDefined()) opts.sslContext(sslContext.orNull()) opts.port(serverConfig.port) - opts.sslContext(sslContextFactory.createSslContext(serverConfig.securityConfiguration)) } private fun handleConnection(nettyInbound: NettyInbound): Mono { diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt index b6fb1cf8..0dce0d61 100644 --- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt @@ -19,6 +19,9 @@ */ package org.onap.dcae.collectors.veshv.impl.socket +import arrow.core.None +import arrow.core.Option +import arrow.core.Some import io.netty.handler.ssl.ClientAuth import io.netty.handler.ssl.SslContext import io.netty.handler.ssl.SslContextBuilder @@ -27,11 +30,15 @@ import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration internal open class SslContextFactory { - fun createSslContext(secConfig: SecurityConfiguration): SslContext = - createSslContextWithConfiguredCerts(secConfig) - .sslProvider(SslProvider.OPENSSL) - .clientAuth(ClientAuth.REQUIRE) - .build() + fun createSslContext(secConfig: SecurityConfiguration): Option = + if (secConfig.sslDisable) { + Option.empty() + } else { + Option.just(createSslContextWithConfiguredCerts(secConfig) + .sslProvider(SslProvider.OPENSSL) + .clientAuth(ClientAuth.REQUIRE) + .build()) + } protected open fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder = SslContextBuilder.forServer(secConfig.cert.toFile(), secConfig.privateKey.toFile()) -- cgit 1.2.3-korg