From a4becf29f32de7467793867c3be1d5ab5876477e Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Tue, 29 May 2018 13:35:11 +0200 Subject: Use SSL for encrypting the connection Netty's OpenSSL bindings are used Closes ONAP-179 Change-Id: I8249fbaaed1dd869b733db04a27cebf53962c80c Issue-ID: DCAEGEN2-601 Signed-off-by: Piotr Jaszczyk --- .../veshv/main/ArgBasedServerConfiguration.kt | 95 ++++++++++++++++------ .../org/onap/dcae/collectors/veshv/main/main.kt | 2 +- 2 files changed, 70 insertions(+), 27 deletions(-) (limited to 'hv-collector-main/src/main/kotlin') diff --git a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt index 4e614cdb..5689a3e6 100644 --- a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt +++ b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt @@ -20,54 +20,55 @@ package org.onap.dcae.collectors.veshv.main import org.apache.commons.cli.* +import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration import org.onap.dcae.collectors.veshv.domain.ServerConfiguration +import java.io.File +import java.nio.file.Paths internal object DefaultValues { - const val PORT = 8600 + const val PORT = 6061 const val CONFIG_URL = "" + const val PRIVATE_KEY_FILE = "/etc/ves-hv/server.key" + const val CERT_FILE = "/etc/ves-hv/server.crt" + const val TRUST_CERT_FILE = "/etc/ves-hv/trust.crt" } -internal object ArgBasedServerConfiguration { - private val OPT_PORT = Option.builder("p") - .longOpt("listen-port") - .hasArg() - .desc("Listen port") - .build() - - private val OPT_CONFIG_URL = Option.builder("c") - .longOpt("config-url") - .optionalArg(true) - .hasArg() - .desc("Url of ves configuration on consul") - .build() - - private val options by lazy { - val options = Options() - options.addOption(OPT_PORT) - options.addOption(OPT_CONFIG_URL) - options - } +internal class ArgBasedServerConfiguration { fun parse(args: Array): ServerConfiguration { val parser = DefaultParser() try { - parser.parse(options, args).run { - return ServerConfiguration( - stringValue(OPT_CONFIG_URL, DefaultValues.CONFIG_URL), - intValue(OPT_PORT, DefaultValues.PORT)) - } + val cmdLine = parser.parse(options, args) + val port = cmdLine.intValue(OPT_PORT, DefaultValues.PORT) + val configUrl = cmdLine.stringValue(OPT_CONFIG_URL, DefaultValues.CONFIG_URL) + val secConf = createSecurityConfiguration(cmdLine) + return ServerConfiguration(port, configUrl, secConf) } catch (ex: Exception) { throw WrongArgumentException(ex) } } + private fun createSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration { + + val pkFile = cmdLine.stringValue(OPT_PK_FILE, DefaultValues.PRIVATE_KEY_FILE) + val certFile = cmdLine.stringValue(OPT_CERT_FILE, DefaultValues.CERT_FILE) + val trustCertFile = cmdLine.stringValue(OPT_TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE) + + return SecurityConfiguration( + privateKey = stringPathToPath(pkFile), + cert = stringPathToPath(certFile), + trustedCert = stringPathToPath(trustCertFile) + ) + } + private fun CommandLine.intValue(option: Option, default: Int) = getOptionValue(option.opt)?.toInt() ?: default private fun CommandLine.stringValue(option: Option, default: String) = getOptionValue(option.opt) ?: default + private fun stringPathToPath(path: String) = Paths.get(File(path).toURI()) class WrongArgumentException(parent: Exception) : Exception(parent.message, parent) { fun printMessage() { @@ -79,4 +80,46 @@ internal object ArgBasedServerConfiguration { formatter.printHelp(programName, options) } } + + companion object { + private val OPT_PORT = Option.builder("p") + .longOpt("listen-port") + .hasArg() + .desc("Listen port") + .build() + + private val OPT_CONFIG_URL = Option.builder("c") + .longOpt("config-url") + .hasArg() + .desc("URL of ves configuration on consul") + .build() + + private val OPT_PK_FILE = Option.builder("k") + .longOpt("private-key-file") + .hasArg() + .desc("File with private key in PEM format") + .build() + + private val OPT_CERT_FILE = Option.builder("e") + .longOpt("cert-file") + .hasArg() + .desc("File with server certificate bundle") + .build() + + private val OPT_TRUST_CERT_FILE = Option.builder("t") + .longOpt("trust-cert-file") + .hasArg() + .desc("File with trusted certificate bundle for authenticating clients") + .build() + + private val options by lazy { + val options = Options() + options.addOption(OPT_PORT) + options.addOption(OPT_CONFIG_URL) + options.addOption(OPT_PK_FILE) + options.addOption(OPT_CERT_FILE) + options.addOption(OPT_TRUST_CERT_FILE) + options + } + } } diff --git a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt index d81a063d..3685250a 100644 --- a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt +++ b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt @@ -35,7 +35,7 @@ private val logger = LoggerFactory.getLogger("main") fun main(args: Array) { try { - val serverConfiguration = ArgBasedServerConfiguration.parse(args) + val serverConfiguration = ArgBasedServerConfiguration().parse(args) val collectorProvider = CollectorFactory( resolveConfigurationProvider(serverConfiguration), -- cgit 1.2.3-korg