From 069dcc194fd049e1c52e60d03ce2a9c0553289a7 Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Thu, 20 Sep 2018 12:04:03 +0200 Subject: Use JDK security provider Replace netty-tcnative bindings for OpenSSL with JDK provided implementation by default. Change-Id: I59a4797ce43d15a791eab00bfd25cb730a271207 Issue-ID: DCAEGEN2-816 Signed-off-by: Piotr Jaszczyk --- hv-collector-main/Dockerfile | 3 +- hv-collector-main/pom.xml | 8 +- .../collectors/veshv/main/ArgVesHvConfiguration.kt | 76 +++++++---------- .../veshv/main/ArgVesHvConfigurationTest.kt | 99 +++++----------------- 4 files changed, 59 insertions(+), 127 deletions(-) (limited to 'hv-collector-main') diff --git a/hv-collector-main/Dockerfile b/hv-collector-main/Dockerfile index 8216ac46..746deb51 100644 --- a/hv-collector-main/Dockerfile +++ b/hv-collector-main/Dockerfile @@ -6,8 +6,7 @@ LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0" LABEL maintainer="Nokia Wroclaw ONAP Team" RUN apt-get update \ - && apt-get install -y --no-install-recommends curl \ - && apt-get install -y --no-install-recommends netcat \ + && apt-get install -y --no-install-recommends curl netcat \ && apt-get clean WORKDIR /opt/ves-hv-collector diff --git a/hv-collector-main/pom.xml b/hv-collector-main/pom.xml index ed37515d..571821a6 100644 --- a/hv-collector-main/pom.xml +++ b/hv-collector-main/pom.xml @@ -117,12 +117,18 @@ commons-cli commons-cli + io.micrometer micrometer-registry-jmx diff --git a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt index 26230cd3..d6ff9efa 100644 --- a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt +++ b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgVesHvConfiguration.kt @@ -22,25 +22,31 @@ package org.onap.dcae.collectors.veshv.main import arrow.core.ForOption import arrow.core.Option import arrow.core.fix +import arrow.core.monad import arrow.instances.extensions import arrow.typeclasses.binding import org.apache.commons.cli.CommandLine import org.apache.commons.cli.DefaultParser -import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration import org.onap.dcae.collectors.veshv.model.ConfigurationProviderParams import org.onap.dcae.collectors.veshv.model.ServerConfiguration +import org.onap.dcae.collectors.veshv.ssl.boundary.createSecurityConfiguration import org.onap.dcae.collectors.veshv.utils.commandline.ArgBasedConfiguration -import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CERT_FILE import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CONSUL_CONFIG_URL import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CONSUL_FIRST_REQUEST_DELAY import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CONSUL_REQUEST_INTERVAL import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.DUMMY_MODE import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.HEALTH_CHECK_API_PORT import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.IDLE_TIMEOUT_SEC +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_FILE +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.KEY_STORE_PASSWORD import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.LISTEN_PORT -import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.PRIVATE_KEY_FILE import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.SSL_DISABLE -import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_CERT_FILE +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_FILE +import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.utils.commandline.hasOption +import org.onap.dcae.collectors.veshv.utils.commandline.intValue +import org.onap.dcae.collectors.veshv.utils.commandline.longValue +import org.onap.dcae.collectors.veshv.utils.commandline.stringValue import java.time.Duration internal class ArgVesHvConfiguration : ArgBasedConfiguration(DefaultParser()) { @@ -51,34 +57,33 @@ internal class ArgVesHvConfiguration : ArgBasedConfiguration = - ForOption extensions { - binding { - val healthCheckApiPort = cmdLine.intValue( - HEALTH_CHECK_API_PORT, - DefaultValues.HEALTH_CHECK_API_PORT - ) - val listenPort = cmdLine.intValue(LISTEN_PORT).bind() - val idleTimeoutSec = cmdLine.longValue(IDLE_TIMEOUT_SEC, DefaultValues.IDLE_TIMEOUT_SEC) - val dummyMode = cmdLine.hasOption(DUMMY_MODE) - val security = createSecurityConfiguration(cmdLine) - val configurationProviderParams = createConfigurationProviderParams(cmdLine).bind() - ServerConfiguration( - healthCheckApiPort = healthCheckApiPort, - listenPort = listenPort, - configurationProviderParams = configurationProviderParams, - securityConfiguration = security, - idleTimeout = Duration.ofSeconds(idleTimeoutSec), - dummyMode = dummyMode) - }.fix() - } + Option.monad().binding { + val healthCheckApiPort = cmdLine.intValue( + HEALTH_CHECK_API_PORT, + DefaultValues.HEALTH_CHECK_API_PORT + ) + val listenPort = cmdLine.intValue(LISTEN_PORT).bind() + val idleTimeoutSec = cmdLine.longValue(IDLE_TIMEOUT_SEC, DefaultValues.IDLE_TIMEOUT_SEC) + val dummyMode = cmdLine.hasOption(DUMMY_MODE) + val security = createSecurityConfiguration(cmdLine).bind() + val configurationProviderParams = createConfigurationProviderParams(cmdLine).bind() + ServerConfiguration( + healthCheckApiPort = healthCheckApiPort, + listenPort = listenPort, + configurationProviderParams = configurationProviderParams, + securityConfiguration = security, + idleTimeout = Duration.ofSeconds(idleTimeoutSec), + dummyMode = dummyMode) + }.fix() private fun createConfigurationProviderParams(cmdLine: CommandLine): Option = ForOption extensions { @@ -100,27 +105,10 @@ internal class ArgVesHvConfiguration : ArgBasedConfiguration @@ -45,9 +45,8 @@ object ArgVesHvConfigurationTest : Spek({ val firstRequestDelay = "10" val requestInterval = "5" val listenPort = "6969" - val pk = Paths.get("/", "etc", "ves", "pk.pem") - val cert = Paths.get("/", "etc", "ssl", "certs", "ca-bundle.crt") - val trustCert = Paths.get("/", "etc", "ves", "trusted.crt") + val keyStorePassword = "kspass" + val trustStorePassword = "tspass" beforeEachTest { cut = ArgVesHvConfiguration() @@ -58,15 +57,17 @@ object ArgVesHvConfigurationTest : Spek({ lateinit var result: ServerConfiguration beforeEachTest { - result = cut.parseExpectingSuccess("--ssl-disable", + result = cut.parseExpectingSuccess( "--health-check-api-port", healthCheckApiPort, "--listen-port", listenPort, "--config-url", configurationUrl, "--first-request-delay", firstRequestDelay, "--request-interval", requestInterval, - "--private-key-file", pk.toFile().absolutePath, - "--cert-file", cert.toFile().absolutePath, - "--trust-cert-file", trustCert.toFile().absolutePath) + "--key-store", "/tmp/keys.p12", + "--trust-store", "/tmp/trust.p12", + "--key-store-password", keyStorePassword, + "--trust-store-password", trustStorePassword + ) } it("should set proper health check api port") { @@ -93,69 +94,13 @@ object ArgVesHvConfigurationTest : Spek({ } it("should set proper security configuration") { - assertThat(result.securityConfiguration).isEqualTo( - SecurityConfiguration(sslDisable = true, privateKey = pk, cert = cert, trustedCert = trustCert) - ) - } - } - - given("some parameters are present in the short form") { - lateinit var result: ServerConfiguration - - beforeEachTest { - result = cut.parseExpectingSuccess( - "-p", listenPort, "-c", configurationUrl, "-d", firstRequestDelay - ) - } + assertThat(result.securityConfiguration.sslDisable).isFalse() - it("should set proper port") { - assertThat(result.listenPort).isEqualTo(listenPort.toInt()) - } - - it("should set proper first consul request delay") { - assertThat(result.configurationProviderParams.firstRequestDelay) - .isEqualTo(Duration.ofSeconds(firstRequestDelay.toLong())) - } - - it("should set proper config url") { - assertThat(result.configurationProviderParams.configurationUrl) - .isEqualTo(configurationUrl) - } - } - - given("all optional parameters are absent") { - lateinit var result: ServerConfiguration - - beforeEachTest { - result = cut.parseExpectingSuccess( - "--listen-port", listenPort, "--config-url", configurationUrl - ) - } - - it("should set default first consul request delay") { - assertThat(result.configurationProviderParams.firstRequestDelay) - .isEqualTo(Duration.ofSeconds(DefaultValues.CONSUL_FIRST_REQUEST_DELAY)) - } - - it("should set default consul request interval") { - assertThat(result.configurationProviderParams.requestInterval) - .isEqualTo(Duration.ofSeconds(DefaultValues.CONSUL_REQUEST_INTERVAL)) - } - - on("security config") { - val securityConfiguration = result.securityConfiguration - - it("should set default trust cert file") { - assertThat(securityConfiguration.trustedCert.toString()).isEqualTo(DefaultValues.TRUST_CERT_FILE) - } - - it("should set default server cert file") { - assertThat(securityConfiguration.cert.toString()).isEqualTo(DefaultValues.CERT_FILE) - } - - it("should set default private key file") { - assertThat(securityConfiguration.privateKey.toString()).isEqualTo(DefaultValues.PRIVATE_KEY_FILE) - } + val keys = result.securityConfiguration.keys.orNull() as JdkKeys + assertNotNull(keys.keyStore) + assertNotNull(keys.trustStore) + assertThat(keys.keyStorePassword).isEqualTo(keyStorePassword.toCharArray()) + assertThat(keys.trustStorePassword).isEqualTo(trustStorePassword.toCharArray()) } } @@ -166,10 +111,7 @@ object ArgVesHvConfigurationTest : Spek({ "--config-url", configurationUrl, "--ssl-disable", "--first-request-delay", firstRequestDelay, - "--request-interval", requestInterval, - "--private-key-file", pk.toFile().absolutePath, - "--cert-file", cert.toFile().absolutePath, - "--trust-cert-file", trustCert.toFile().absolutePath) + "--request-interval", requestInterval) ).isInstanceOf(WrongArgumentError::class.java) } } @@ -179,10 +121,7 @@ object ArgVesHvConfigurationTest : Spek({ "--listen-port", listenPort, "--ssl-disable", "--first-request-delay", firstRequestDelay, - "--request-interval", requestInterval, - "--private-key-file", pk.toFile().absolutePath, - "--cert-file", cert.toFile().absolutePath, - "--trust-cert-file", trustCert.toFile().absolutePath) + "--request-interval", requestInterval) ).isInstanceOf(WrongArgumentError::class.java) } } -- cgit 1.2.3-korg