From c138b700030d22ae0bdbd6992fb4a4d8a3431798 Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Wed, 10 Apr 2019 10:32:00 +0200 Subject: Read passwords from files Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk --- .../dcae/collectors/veshv/ssl/boundary/utils.kt | 11 ++-- .../veshv/ssl/boundary/SecurityUtilsTest.kt | 65 ------------------ .../collectors/veshv/ssl/boundary/UtilsKtTest.kt | 76 ++++++++++++++++++++++ .../src/test/resources/ssl/password | 1 + 4 files changed, 83 insertions(+), 70 deletions(-) delete mode 100644 sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt create mode 100644 sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt create mode 100644 sources/hv-collector-ssl/src/test/resources/ssl/password (limited to 'sources/hv-collector-ssl/src') diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt index 822d84f1..5981d9d4 100644 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt +++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt @@ -22,7 +22,6 @@ package org.onap.dcae.collectors.veshv.ssl.boundary import arrow.core.None import arrow.core.Some import arrow.core.Try -import arrow.core.getOrElse import org.apache.commons.cli.CommandLine import org.onap.dcae.collectors.veshv.commandline.CommandLineOption import org.onap.dcae.collectors.veshv.commandline.hasOption @@ -38,7 +37,9 @@ import java.nio.file.Paths */ const val KEY_STORE_FILE = "/etc/ves-hv/server.p12" +const val KEY_STORE_PASSWORD_FILE = "/etc/ves-hv/server.pass" const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12" +const val TRUST_STORE_PASSWORD_FILE = "/etc/ves-hv/trust.pass" fun createSecurityConfiguration(cmdLine: CommandLine): Try = createSecurityConfigurationProvider(cmdLine).map { it() } @@ -55,15 +56,15 @@ private fun disabledSecurityConfiguration() = SecurityConfiguration(None) private fun enabledSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration { val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE) - val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" } + val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE) val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE) - val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" } + val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE) val keys = ImmutableSecurityKeys.builder() .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile))) - .keyStorePassword(Passwords.fromString(ksPass)) + .keyStorePassword(Passwords.fromPath(pathFromFile(ksPass))) .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile))) - .trustStorePassword(Passwords.fromString(tsPass)) + .trustStorePassword(Passwords.fromPath(pathFromFile(tsPass))) .build() return SecurityConfiguration(Some(keys)) diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt deleted file mode 100644 index ddb3e357..00000000 --- a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt +++ /dev/null @@ -1,65 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2019 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.ssl.boundary - -import com.nhaarman.mockitokotlin2.doReturn -import com.nhaarman.mockitokotlin2.mock -import com.nhaarman.mockitokotlin2.verify -import com.nhaarman.mockitokotlin2.whenever -import org.apache.commons.cli.CommandLine -import org.assertj.core.api.Assertions.assertThat -import org.jetbrains.spek.api.Spek -import org.jetbrains.spek.api.dsl.describe -import org.jetbrains.spek.api.dsl.it -import org.jetbrains.spek.api.dsl.on -import org.onap.dcae.collectors.veshv.commandline.CommandLineOption -import org.onap.dcae.collectors.veshv.commandline.hasOption - - -internal object SecurityUtilsTest : Spek({ - - describe("creating securty configuration provider") { - - on("command line without ssl disable") { - val commandLine: CommandLine = mock() - whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false) - - it("should create configuration with some keys") { - val configuration = createSecurityConfiguration(commandLine) - - verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) - assertThat(configuration.isSuccess()).isTrue() - configuration.map { assertThat(it.keys.isDefined()).isTrue() } - } - } - on("command line with ssl disabled") { - val commandLine: CommandLine = mock() - whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(true) - - it("should create configuration without keys") { - val configuration = createSecurityConfiguration(commandLine) - - verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) - assertThat(configuration.isSuccess()).isTrue() - configuration.map { assertThat(it.keys.isEmpty()).isTrue() } - } - } - } -}) diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt new file mode 100644 index 00000000..c7c414f8 --- /dev/null +++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt @@ -0,0 +1,76 @@ +/* + * ============LICENSE_START======================================================= + * dcaegen2-collectors-veshv + * ================================================================================ + * Copyright (C) 2019 NOKIA + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dcae.collectors.veshv.ssl.boundary + +import com.nhaarman.mockitokotlin2.doReturn +import com.nhaarman.mockitokotlin2.eq +import com.nhaarman.mockitokotlin2.mock +import com.nhaarman.mockitokotlin2.verify +import com.nhaarman.mockitokotlin2.whenever +import org.apache.commons.cli.CommandLine +import org.assertj.core.api.Assertions.assertThat +import org.jetbrains.spek.api.Spek +import org.jetbrains.spek.api.dsl.describe +import org.jetbrains.spek.api.dsl.it +import org.jetbrains.spek.api.dsl.on +import org.onap.dcae.collectors.veshv.commandline.CommandLineOption +import org.onap.dcae.collectors.veshv.commandline.hasOption +import org.onap.dcae.collectors.veshv.commandline.stringValue +import java.nio.file.Paths + + +internal object UtilsKtTest : Spek({ + + describe("creating securty configuration provider") { + + on("command line without ssl disable") { + val passwordFile = resourcePathAsString("/ssl/password") + val commandLine: CommandLine = mock() + whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false) + whenever(commandLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE)) + .doReturn(passwordFile) + whenever(commandLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE)) + .doReturn(passwordFile) + + it("should create configuration with some keys") { + val configuration = createSecurityConfiguration(commandLine) + + verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) + assertThat(configuration.isSuccess()).isTrue() + configuration.map { assertThat(it.keys.isDefined()).isTrue() } + } + } + on("command line with ssl disabled") { + val commandLine: CommandLine = mock() + whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(true) + + it("should create configuration without keys") { + val configuration = createSecurityConfiguration(commandLine) + + verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) + assertThat(configuration.isSuccess()).isTrue() + configuration.map { assertThat(it.keys.isEmpty()).isTrue() } + } + } + } +}) + +private fun resourcePathAsString(resource: String) = + Paths.get(UtilsKtTest::class.java.getResource(resource).toURI()).toString() diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/password b/sources/hv-collector-ssl/src/test/resources/ssl/password new file mode 100644 index 00000000..e69c2de9 --- /dev/null +++ b/sources/hv-collector-ssl/src/test/resources/ssl/password @@ -0,0 +1 @@ +onaponap \ No newline at end of file -- cgit 1.2.3-korg