From c138b700030d22ae0bdbd6992fb4a4d8a3431798 Mon Sep 17 00:00:00 2001 From: Piotr Jaszczyk Date: Wed, 10 Apr 2019 10:32:00 +0200 Subject: Read passwords from files Key- and trust-store passwords should be read from files in order to work with DCAE tls-init-container. Change-Id: Ibe454663328268f33f8be25ef9ec129f1ce1d396 Issue-ID: DCAEGEN2-1412 Signed-off-by: Piotr Jaszczyk --- .../veshv/commandline/CommandLineOption.kt | 12 ++-- .../veshv/config/impl/ConfigurationMerger.kt | 4 +- .../veshv/config/impl/ConfigurationValidator.kt | 12 ++-- .../veshv/config/impl/PartialConfiguration.kt | 59 +++++++++++++++++ .../veshv/config/impl/partial_configuration.kt | 59 ----------------- .../config/impl/ConfigurationValidatorTest.kt | 63 +++++++++--------- .../config/impl/JsonConfigurationParserTest.kt | 5 +- .../src/test/resources/sampleConfig.json | 4 +- .../src/test/resources/test.ks.pass | 1 + .../src/test/resources/trust.ks.pass | 1 + .../dcae/collectors/veshv/ssl/boundary/utils.kt | 11 ++-- .../veshv/ssl/boundary/SecurityUtilsTest.kt | 65 ------------------ .../collectors/veshv/ssl/boundary/UtilsKtTest.kt | 76 ++++++++++++++++++++++ .../src/test/resources/ssl/password | 1 + .../impl/config/ArgXnfSimulatorConfiguration.kt | 8 +-- 15 files changed, 200 insertions(+), 181 deletions(-) create mode 100644 sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt delete mode 100644 sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt create mode 100644 sources/hv-collector-configuration/src/test/resources/test.ks.pass create mode 100644 sources/hv-collector-configuration/src/test/resources/trust.ks.pass delete mode 100644 sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt create mode 100644 sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt create mode 100644 sources/hv-collector-ssl/src/test/resources/ssl/password (limited to 'sources') diff --git a/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt b/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt index 1c1a355b..d08f6c09 100644 --- a/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt +++ b/sources/hv-collector-commandline/src/main/kotlin/org/onap/dcae/collectors/veshv/commandline/CommandLineOption.kt @@ -91,11 +91,11 @@ enum class CommandLineOption(val option: Option, val required: Boolean = false) .desc("Key store in PKCS12 format") .build() ), - KEY_STORE_PASSWORD( + KEY_STORE_PASSWORD_FILE( Option.builder("kp") - .longOpt("key-store-password") + .longOpt("key-store-password-file") .hasArg() - .desc("Key store password") + .desc("File with key store password") .build() ), TRUST_STORE_FILE( @@ -105,11 +105,11 @@ enum class CommandLineOption(val option: Option, val required: Boolean = false) .desc("File with trusted certificate bundle in PKCS12 format") .build() ), - TRUST_STORE_PASSWORD( + TRUST_STORE_PASSWORD_FILE( Option.builder("tp") - .longOpt("trust-store-password") + .longOpt("trust-store-password-file") .hasArg() - .desc("Trust store password") + .desc("File with trust store password") .build() ), MAXIMUM_PAYLOAD_SIZE_BYTES( diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt index 56e48038..e6707825 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationMerger.kt @@ -39,9 +39,9 @@ internal class ConfigurationMerger { sslDisable = base.sslDisable.updateToGivenOrNone(update.sslDisable), keyStoreFile = base.keyStoreFile.updateToGivenOrNone(update.keyStoreFile), - keyStorePassword = base.keyStorePassword.updateToGivenOrNone(update.keyStorePassword), + keyStorePasswordFile = base.keyStorePasswordFile.updateToGivenOrNone(update.keyStorePasswordFile), trustStoreFile = base.trustStoreFile.updateToGivenOrNone(update.trustStoreFile), - trustStorePassword = base.trustStorePassword.updateToGivenOrNone(update.trustStorePassword), + trustStorePasswordFile = base.trustStorePasswordFile.updateToGivenOrNone(update.trustStorePasswordFile), streamPublishers = base.streamPublishers.updateToGivenOrNone(update.streamPublishers), diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt index 613ae302..f4ce592f 100644 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidator.kt @@ -120,22 +120,22 @@ internal class ConfigurationValidator { SecurityConfiguration( createSecurityKeys( File(it.keyStoreFile.bind()).toPath(), - it.keyStorePassword.bind(), + File(it.keyStorePasswordFile.bind()).toPath(), File(it.trustStoreFile.bind()).toPath(), - it.trustStorePassword.bind() + File(it.trustStorePasswordFile.bind()).toPath() ).toOption() ) } private fun createSecurityKeys(keyStorePath: Path, - keyStorePassword: String, + keyStorePasswordPath: Path, trustStorePath: Path, - trustStorePassword: String) = + trustStorePasswordPath: Path) = ImmutableSecurityKeys.builder() .keyStore(ImmutableSecurityKeysStore.of(keyStorePath)) - .keyStorePassword(Passwords.fromString(keyStorePassword)) + .keyStorePassword(Passwords.fromPath(keyStorePasswordPath)) .trustStore(ImmutableSecurityKeysStore.of(trustStorePath)) - .trustStorePassword(Passwords.fromString(trustStorePassword)) + .trustStorePassword(Passwords.fromPath(trustStorePasswordPath)) .build() private fun validatedCollectorConfig(partial: PartialConfiguration) = diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt new file mode 100644 index 00000000..51f6a665 --- /dev/null +++ b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/PartialConfiguration.kt @@ -0,0 +1,59 @@ +/* + * ============LICENSE_START======================================================= + * dcaegen2-collectors-veshv + * ================================================================================ + * Copyright (C) 2019 NOKIA + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dcae.collectors.veshv.config.impl + +import arrow.core.None +import arrow.core.Option +import com.google.gson.annotations.SerializedName +import org.onap.dcae.collectors.veshv.utils.logging.LogLevel +import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink + +/** + * @author Pawel Biniek + * @since February 2019 + */ +internal data class PartialConfiguration( + @SerializedName("server.listenPort") + val listenPort: Option = None, + @SerializedName("server.idleTimeoutSec") + val idleTimeoutSec: Option = None, + + @SerializedName("cbs.firstRequestDelaySec") + val firstRequestDelaySec: Option = None, + @SerializedName("cbs.requestIntervalSec") + val requestIntervalSec: Option = None, + + @SerializedName("security.sslDisable") + val sslDisable: Option = None, + @SerializedName("security.keys.keyStoreFile") + val keyStoreFile: Option = None, + @SerializedName("security.keys.keyStorePasswordFile") + val keyStorePasswordFile: Option = None, + @SerializedName("security.keys.trustStoreFile") + val trustStoreFile: Option = None, + @SerializedName("security.keys.trustStorePasswordFile") + val trustStorePasswordFile: Option = None, + + @SerializedName("logLevel") + val logLevel: Option = None, + + @Transient + var streamPublishers: Option> = None +) diff --git a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt b/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt deleted file mode 100644 index d09a52e4..00000000 --- a/sources/hv-collector-configuration/src/main/kotlin/org/onap/dcae/collectors/veshv/config/impl/partial_configuration.kt +++ /dev/null @@ -1,59 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2019 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.config.impl - -import arrow.core.None -import arrow.core.Option -import com.google.gson.annotations.SerializedName -import org.onap.dcae.collectors.veshv.utils.logging.LogLevel -import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink - -/** - * @author Pawel Biniek - * @since February 2019 - */ -internal data class PartialConfiguration( - @SerializedName("server.listenPort") - val listenPort: Option = None, - @SerializedName("server.idleTimeoutSec") - val idleTimeoutSec: Option = None, - - @SerializedName("cbs.firstRequestDelaySec") - val firstRequestDelaySec: Option = None, - @SerializedName("cbs.requestIntervalSec") - val requestIntervalSec: Option = None, - - @SerializedName("security.sslDisable") - val sslDisable: Option = None, - @SerializedName("security.keys.keyStoreFile") - val keyStoreFile: Option = None, - @SerializedName("security.keys.keyStorePassword") - val keyStorePassword: Option = None, - @SerializedName("security.keys.trustStoreFile") - val trustStoreFile: Option = None, - @SerializedName("security.keys.trustStorePassword") - val trustStorePassword: Option = None, - - @SerializedName("logLevel") - val logLevel: Option = None, - - @Transient - var streamPublishers: Option> = None -) diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt index 0806e8ca..5495c865 100644 --- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt +++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/ConfigurationValidatorTest.kt @@ -36,9 +36,9 @@ import org.onap.dcae.collectors.veshv.utils.logging.LogLevel import org.onap.dcaegen2.services.sdk.model.streams.dmaap.KafkaSink import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys import java.io.File +import java.nio.file.Paths import java.time.Duration - internal object ConfigurationValidatorTest : Spek({ describe("ConfigurationValidator") { val cut = ConfigurationValidator() @@ -79,10 +79,10 @@ internal object ConfigurationValidatorTest : Spek({ firstRequestDelaySec = Some(defaultFirstReqDelaySec), requestIntervalSec = Some(defaultRequestIntervalSec), sslDisable = Some(false), - keyStoreFile = Some(KEYSTORE), - keyStorePassword = Some(KEYSTORE_PASSWORD), - trustStoreFile = Some(TRUSTSTORE), - trustStorePassword = Some(TRUSTSTORE_PASSWORD), + keyStoreFile = Some(keyStore), + keyStorePasswordFile = Some(keyStorePassFile), + trustStoreFile = Some(trustStore), + trustStorePasswordFile = Some(trustStorePassFile), streamPublishers = Some(sampleStreamsDefinition), logLevel = Some(LogLevel.TRACE) ) @@ -101,10 +101,10 @@ internal object ConfigurationValidatorTest : Spek({ val securityKeys = it.security.keys .getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys - assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath()) - assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath()) - securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) } - securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) } + assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath()) + assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath()) + securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) } + securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) } assertThat(it.cbs.firstRequestDelay) .isEqualTo(Duration.ofSeconds(defaultFirstReqDelaySec)) @@ -168,10 +168,10 @@ internal object ConfigurationValidatorTest : Spek({ { val securityKeys = it.security.keys .getOrElse { fail("Should be immutableSecurityKeys") } as SecurityKeys - assertThat(securityKeys.keyStore().path()).isEqualTo(File(KEYSTORE).toPath()) - assertThat(securityKeys.trustStore().path()).isEqualTo(File(TRUSTSTORE).toPath()) - securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(KEYSTORE_PASSWORD.toCharArray()) } - securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(TRUSTSTORE_PASSWORD.toCharArray()) } + assertThat(securityKeys.keyStore().path()).isEqualTo(File(keyStore).toPath()) + assertThat(securityKeys.trustStore().path()).isEqualTo(File(trustStore).toPath()) + securityKeys.keyStorePassword().use { assertThat(it).isEqualTo(keyStorePass.toCharArray()) } + securityKeys.trustStorePassword().use { assertThat(it).isEqualTo(trustStorePass.toCharArray()) } } ) } @@ -185,10 +185,10 @@ private fun partialConfiguration(listenPort: Option = Some(defaultListenPor firstReqDelaySec: Option = Some(defaultFirstReqDelaySec), requestIntervalSec: Option = Some(defaultRequestIntervalSec), sslDisable: Option = Some(false), - keyStoreFile: Option = Some(KEYSTORE), - keyStorePassword: Option = Some(KEYSTORE_PASSWORD), - trustStoreFile: Option = Some(TRUSTSTORE), - trustStorePassword: Option = Some(TRUSTSTORE_PASSWORD), + keyStoreFile: Option = Some(keyStore), + keyStorePassword: Option = Some(keyStorePassFile), + trustStoreFile: Option = Some(trustStore), + trustStorePassword: Option = Some(trustStorePassFile), streamPublishers: Option> = Some(sampleStreamsDefinition), logLevel: Option = Some(LogLevel.INFO) ) = PartialConfiguration( @@ -198,24 +198,29 @@ private fun partialConfiguration(listenPort: Option = Some(defaultListenPor requestIntervalSec = requestIntervalSec, sslDisable = sslDisable, keyStoreFile = keyStoreFile, - keyStorePassword = keyStorePassword, + keyStorePasswordFile = keyStorePassword, trustStoreFile = trustStoreFile, - trustStorePassword = trustStorePassword, + trustStorePasswordFile = trustStorePassword, streamPublishers = streamPublishers, logLevel = logLevel ) -const val defaultListenPort = 1234 -const val defaultRequestIntervalSec = 3L -const val defaultIdleTimeoutSec = 10L -const val defaultFirstReqDelaySec = 10L +private fun resourcePathAsString(resource: String) = + Paths.get(ConfigurationValidatorTest::class.java.getResource(resource).toURI()).toString() + +private const val defaultListenPort = 1234 +private const val defaultRequestIntervalSec = 3L +private const val defaultIdleTimeoutSec = 10L +private const val defaultFirstReqDelaySec = 10L -const val KEYSTORE = "test.ks.pkcs12" -const val KEYSTORE_PASSWORD = "changeMe" -const val TRUSTSTORE = "trust.ks.pkcs12" -const val TRUSTSTORE_PASSWORD = "changeMeToo" +private const val keyStore = "test.ks.pkcs12" +private const val trustStore = "trust.ks.pkcs12" +private const val keyStorePass = "change.me" +private const val trustStorePass = "change.me.too" +private val keyStorePassFile = resourcePathAsString("/test.ks.pass") +private val trustStorePassFile = resourcePathAsString("/trust.ks.pass") -const val sampleSinkName = "perf3gpp" +private const val sampleSinkName = "perf3gpp" const val sampleMaxPayloadSize = 1024 private val sink = mock().also { @@ -224,4 +229,4 @@ private val sink = mock().also { } private val sampleStreamsDefinition = listOf(sink) -private val sampleRouting = listOf(Route(sink.name(), sink)) \ No newline at end of file +private val sampleRouting = listOf(Route(sink.name(), sink)) diff --git a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt index 919f22c1..485ef9a8 100644 --- a/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt +++ b/sources/hv-collector-configuration/src/test/kotlin/org/onap/dcae/collectors/veshv/config/impl/JsonConfigurationParserTest.kt @@ -28,7 +28,6 @@ import org.jetbrains.spek.api.dsl.it import org.onap.dcae.collectors.veshv.tests.utils.resourceAsStream import org.onap.dcae.collectors.veshv.utils.logging.LogLevel import java.io.StringReader -import java.time.Duration import kotlin.test.fail /** @@ -93,9 +92,9 @@ internal object JsonConfigurationParserTest : Spek({ assertThat(config.sslDisable).isEqualTo(Some(false)) assertThat(config.keyStoreFile).isEqualTo(Some("test.ks.pkcs12")) - assertThat(config.keyStorePassword).isEqualTo(Some("changeMe")) + assertThat(config.keyStorePasswordFile).isEqualTo(Some("test.ks.pass")) assertThat(config.trustStoreFile).isEqualTo(Some("trust.ks.pkcs12")) - assertThat(config.trustStorePassword).isEqualTo(Some("changeMeToo")) + assertThat(config.trustStorePasswordFile).isEqualTo(Some("trust.ks.pass")) } } } diff --git a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json index a5ad52ae..a1eb96a3 100644 --- a/sources/hv-collector-configuration/src/test/resources/sampleConfig.json +++ b/sources/hv-collector-configuration/src/test/resources/sampleConfig.json @@ -6,7 +6,7 @@ "cbs.requestIntervalSec": 900, "security.sslDisable": false, "security.keys.keyStoreFile": "test.ks.pkcs12", - "security.keys.keyStorePassword": "changeMe", + "security.keys.keyStorePasswordFile": "test.ks.pass", "security.keys.trustStoreFile": "trust.ks.pkcs12", - "security.keys.trustStorePassword": "changeMeToo" + "security.keys.trustStorePasswordFile": "trust.ks.pass" } \ No newline at end of file diff --git a/sources/hv-collector-configuration/src/test/resources/test.ks.pass b/sources/hv-collector-configuration/src/test/resources/test.ks.pass new file mode 100644 index 00000000..2d96f185 --- /dev/null +++ b/sources/hv-collector-configuration/src/test/resources/test.ks.pass @@ -0,0 +1 @@ +change.me \ No newline at end of file diff --git a/sources/hv-collector-configuration/src/test/resources/trust.ks.pass b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass new file mode 100644 index 00000000..563231aa --- /dev/null +++ b/sources/hv-collector-configuration/src/test/resources/trust.ks.pass @@ -0,0 +1 @@ +change.me.too \ No newline at end of file diff --git a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt index 822d84f1..5981d9d4 100644 --- a/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt +++ b/sources/hv-collector-ssl/src/main/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/utils.kt @@ -22,7 +22,6 @@ package org.onap.dcae.collectors.veshv.ssl.boundary import arrow.core.None import arrow.core.Some import arrow.core.Try -import arrow.core.getOrElse import org.apache.commons.cli.CommandLine import org.onap.dcae.collectors.veshv.commandline.CommandLineOption import org.onap.dcae.collectors.veshv.commandline.hasOption @@ -38,7 +37,9 @@ import java.nio.file.Paths */ const val KEY_STORE_FILE = "/etc/ves-hv/server.p12" +const val KEY_STORE_PASSWORD_FILE = "/etc/ves-hv/server.pass" const val TRUST_STORE_FILE = "/etc/ves-hv/trust.p12" +const val TRUST_STORE_PASSWORD_FILE = "/etc/ves-hv/trust.pass" fun createSecurityConfiguration(cmdLine: CommandLine): Try = createSecurityConfigurationProvider(cmdLine).map { it() } @@ -55,15 +56,15 @@ private fun disabledSecurityConfiguration() = SecurityConfiguration(None) private fun enabledSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration { val ksFile = cmdLine.stringValue(CommandLineOption.KEY_STORE_FILE, KEY_STORE_FILE) - val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD).getOrElse { "" } + val ksPass = cmdLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE) val tsFile = cmdLine.stringValue(CommandLineOption.TRUST_STORE_FILE, TRUST_STORE_FILE) - val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD).getOrElse { "" } + val tsPass = cmdLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE) val keys = ImmutableSecurityKeys.builder() .keyStore(ImmutableSecurityKeysStore.of(pathFromFile(ksFile))) - .keyStorePassword(Passwords.fromString(ksPass)) + .keyStorePassword(Passwords.fromPath(pathFromFile(ksPass))) .trustStore(ImmutableSecurityKeysStore.of(pathFromFile(tsFile))) - .trustStorePassword(Passwords.fromString(tsPass)) + .trustStorePassword(Passwords.fromPath(pathFromFile(tsPass))) .build() return SecurityConfiguration(Some(keys)) diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt deleted file mode 100644 index ddb3e357..00000000 --- a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/SecurityUtilsTest.kt +++ /dev/null @@ -1,65 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * dcaegen2-collectors-veshv - * ================================================================================ - * Copyright (C) 2019 NOKIA - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.dcae.collectors.veshv.ssl.boundary - -import com.nhaarman.mockitokotlin2.doReturn -import com.nhaarman.mockitokotlin2.mock -import com.nhaarman.mockitokotlin2.verify -import com.nhaarman.mockitokotlin2.whenever -import org.apache.commons.cli.CommandLine -import org.assertj.core.api.Assertions.assertThat -import org.jetbrains.spek.api.Spek -import org.jetbrains.spek.api.dsl.describe -import org.jetbrains.spek.api.dsl.it -import org.jetbrains.spek.api.dsl.on -import org.onap.dcae.collectors.veshv.commandline.CommandLineOption -import org.onap.dcae.collectors.veshv.commandline.hasOption - - -internal object SecurityUtilsTest : Spek({ - - describe("creating securty configuration provider") { - - on("command line without ssl disable") { - val commandLine: CommandLine = mock() - whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false) - - it("should create configuration with some keys") { - val configuration = createSecurityConfiguration(commandLine) - - verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) - assertThat(configuration.isSuccess()).isTrue() - configuration.map { assertThat(it.keys.isDefined()).isTrue() } - } - } - on("command line with ssl disabled") { - val commandLine: CommandLine = mock() - whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(true) - - it("should create configuration without keys") { - val configuration = createSecurityConfiguration(commandLine) - - verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) - assertThat(configuration.isSuccess()).isTrue() - configuration.map { assertThat(it.keys.isEmpty()).isTrue() } - } - } - } -}) diff --git a/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt new file mode 100644 index 00000000..c7c414f8 --- /dev/null +++ b/sources/hv-collector-ssl/src/test/kotlin/org/onap/dcae/collectors/veshv/ssl/boundary/UtilsKtTest.kt @@ -0,0 +1,76 @@ +/* + * ============LICENSE_START======================================================= + * dcaegen2-collectors-veshv + * ================================================================================ + * Copyright (C) 2019 NOKIA + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dcae.collectors.veshv.ssl.boundary + +import com.nhaarman.mockitokotlin2.doReturn +import com.nhaarman.mockitokotlin2.eq +import com.nhaarman.mockitokotlin2.mock +import com.nhaarman.mockitokotlin2.verify +import com.nhaarman.mockitokotlin2.whenever +import org.apache.commons.cli.CommandLine +import org.assertj.core.api.Assertions.assertThat +import org.jetbrains.spek.api.Spek +import org.jetbrains.spek.api.dsl.describe +import org.jetbrains.spek.api.dsl.it +import org.jetbrains.spek.api.dsl.on +import org.onap.dcae.collectors.veshv.commandline.CommandLineOption +import org.onap.dcae.collectors.veshv.commandline.hasOption +import org.onap.dcae.collectors.veshv.commandline.stringValue +import java.nio.file.Paths + + +internal object UtilsKtTest : Spek({ + + describe("creating securty configuration provider") { + + on("command line without ssl disable") { + val passwordFile = resourcePathAsString("/ssl/password") + val commandLine: CommandLine = mock() + whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(false) + whenever(commandLine.stringValue(CommandLineOption.TRUST_STORE_PASSWORD_FILE, TRUST_STORE_PASSWORD_FILE)) + .doReturn(passwordFile) + whenever(commandLine.stringValue(CommandLineOption.KEY_STORE_PASSWORD_FILE, KEY_STORE_PASSWORD_FILE)) + .doReturn(passwordFile) + + it("should create configuration with some keys") { + val configuration = createSecurityConfiguration(commandLine) + + verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) + assertThat(configuration.isSuccess()).isTrue() + configuration.map { assertThat(it.keys.isDefined()).isTrue() } + } + } + on("command line with ssl disabled") { + val commandLine: CommandLine = mock() + whenever(commandLine.hasOption(CommandLineOption.SSL_DISABLE)).doReturn(true) + + it("should create configuration without keys") { + val configuration = createSecurityConfiguration(commandLine) + + verify(commandLine).hasOption(CommandLineOption.SSL_DISABLE) + assertThat(configuration.isSuccess()).isTrue() + configuration.map { assertThat(it.keys.isEmpty()).isTrue() } + } + } + } +}) + +private fun resourcePathAsString(resource: String) = + Paths.get(UtilsKtTest::class.java.getResource(resource).toURI()).toString() diff --git a/sources/hv-collector-ssl/src/test/resources/ssl/password b/sources/hv-collector-ssl/src/test/resources/ssl/password new file mode 100644 index 00000000..e69c2de9 --- /dev/null +++ b/sources/hv-collector-ssl/src/test/resources/ssl/password @@ -0,0 +1 @@ +onaponap \ No newline at end of file diff --git a/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt b/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt index 28cc0556..7fa23f7f 100644 --- a/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt +++ b/sources/hv-collector-xnf-simulator/src/main/kotlin/org/onap/dcae/collectors/veshv/simulators/xnf/impl/config/ArgXnfSimulatorConfiguration.kt @@ -25,12 +25,12 @@ import org.apache.commons.cli.DefaultParser import org.onap.dcae.collectors.veshv.commandline.ArgBasedConfiguration import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.HEALTH_CHECK_API_PORT import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_FILE -import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.KEY_STORE_PASSWORD_FILE import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.LISTEN_PORT import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.MAXIMUM_PAYLOAD_SIZE_BYTES import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.SSL_DISABLE import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_FILE -import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_PASSWORD +import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.TRUST_STORE_PASSWORD_FILE import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.VES_HV_HOST import org.onap.dcae.collectors.veshv.commandline.CommandLineOption.VES_HV_PORT import org.onap.dcae.collectors.veshv.commandline.intValue @@ -55,9 +55,9 @@ internal class ArgXnfSimulatorConfiguration : ArgBasedConfiguration = binding { -- cgit 1.2.3-korg