SSL setup for dmaap consumer

Change-Id: I5856554fa05cfd9ad637c0491eb801f9937c967a
Issue-ID: DCAEGEN2-951
Signed-off-by: piotr.karas <piotr.karas@nokia.com>

6 files changed, 138 insertions, 69 deletions

diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java
index 951e0b0b..a80f1346 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactory.java
@@ -20,18 +20,21 @@
 
 package org.onap.dcaegen2.services.prh.service.consumer;
 
+import javax.net.ssl.SSLException;
 import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration;
 
 public class ConsumerReactiveHttpClientFactory {
 
-    private final DMaaPReactiveWebClient reactiveWebClient;
+    private final DMaaPReactiveWebClientFactory reactiveWebClient;
 
-    public ConsumerReactiveHttpClientFactory(DMaaPReactiveWebClient reactiveWebClient) {
+    public ConsumerReactiveHttpClientFactory(DMaaPReactiveWebClientFactory reactiveWebClient) {
         this.reactiveWebClient = reactiveWebClient;
     }
 
-    public DMaaPConsumerReactiveHttpClient create(DmaapConsumerConfiguration consumerConfiguration) {
-        return new DMaaPConsumerReactiveHttpClient(consumerConfiguration, reactiveWebClient.build());
+    public DMaaPConsumerReactiveHttpClient create(DmaapConsumerConfiguration consumerConfiguration)
+            throws SSLException {
+        return new DMaaPConsumerReactiveHttpClient(consumerConfiguration,
+                reactiveWebClient.build(consumerConfiguration));
     }
 
 }
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClient.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientFactory.java
index 9eb6ee62..68dda512 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClient.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientFactory.java
@@ -23,30 +23,62 @@ package org.onap.dcaegen2.services.prh.service.consumer;
 import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.RESPONSE_CODE;
 import static org.onap.dcaegen2.services.prh.model.logging.MdcVariables.SERVICE_NAME;
 
+import io.netty.handler.ssl.SslContext;
+import javax.net.ssl.SSLException;
+import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration;
+import org.onap.dcaegen2.services.prh.ssl.SslFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
+import org.springframework.http.client.reactive.ClientHttpConnector;
+import org.springframework.http.client.reactive.ReactorClientHttpConnector;
 import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
 import org.springframework.web.reactive.function.client.WebClient;
 import reactor.core.publisher.Mono;
+import reactor.netty.http.client.HttpClient;
+
 
 /**
  * @author <a href="mailto:przemyslaw.wasala@nokia.com">Przemysław Wąsala</a> on 7/4/18
  */
-public class DMaaPReactiveWebClient {
+public class DMaaPReactiveWebClientFactory {
 
     private final Logger logger = LoggerFactory.getLogger(this.getClass());
 
+    private final SslFactory sslFactory;
+
+    public DMaaPReactiveWebClientFactory() {
+        this(new SslFactory());
+    }
+
+    DMaaPReactiveWebClientFactory(SslFactory sslFactory) {
+        this.sslFactory = sslFactory;
+    }
+
     /**
      * Construct Reactive WebClient with appropriate settings.
      *
      * @return WebClient
      */
-    public WebClient build() {
+    public WebClient build(DmaapConsumerConfiguration consumerConfiguration) throws SSLException {
+        SslContext sslContext = createSslContext(consumerConfiguration);
+        ClientHttpConnector reactorClientHttpConnector = new ReactorClientHttpConnector(
+                HttpClient.create().secure(sslContextSpec -> sslContextSpec.sslContext(sslContext)));
         return WebClient.builder()
-            .filter(logRequest())
-            .filter(logResponse())
-            .build();
+                .clientConnector(reactorClientHttpConnector)
+                .filter(logRequest())
+                .filter(logResponse())
+                .build();
+    }
+
+    private SslContext createSslContext(DmaapConsumerConfiguration consumerConfiguration) throws SSLException {
+        if (consumerConfiguration.enableDmaapCertAuth()) {
+            return sslFactory.createSecureContext(
+                    consumerConfiguration.keyStore(), consumerConfiguration.keyStorePassword(),
+                    consumerConfiguration.trustStore(), consumerConfiguration.trustStorePassword()
+            );
+        }
+        return sslFactory.createInsecureContext();
     }
 
     private ExchangeFilterFunction logResponse() {
diff --git a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java
index d4687c51..b262e6e9 100644
--- a/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java
+++ b/prh-dmaap-client/src/main/java/org/onap/dcaegen2/services/prh/service/producer/DMaaPPublisherReactiveHttpClient.java
@@ -29,6 +29,8 @@ import java.net.URI;
 import java.util.UUID;
 import org.onap.dcaegen2.services.prh.config.DmaapPublisherConfiguration;
 import org.onap.dcaegen2.services.prh.model.ConsumerDmaapModel;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
@@ -45,6 +47,7 @@ import reactor.core.publisher.Mono;
  */
 public class DMaaPPublisherReactiveHttpClient {
 
+    private final Logger logger = LoggerFactory.getLogger(DMaaPPublisherReactiveHttpClient.class);
     private final String dmaapHostName;
     private final Integer dmaapPortNumber;
     private final String dmaapProtocol;
@@ -77,6 +80,7 @@ public class DMaaPPublisherReactiveHttpClient {
     public Mono<ResponseEntity<String>> getDMaaPProducerResponse(ConsumerDmaapModel consumerDmaapModelMono) {
         return Mono.defer(() -> {
             HttpEntity<String> request = new HttpEntity<>(createJsonBody(consumerDmaapModelMono), getAllHeaders());
+            logger.info("Request: {} {}", getUri(), request);
             return Mono.just(restTemplate.exchange(getUri(), HttpMethod.POST, request, String.class));
 
         });
diff --git a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactoryTest.java b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactoryTest.java
index 6e864432..a75b21de 100644
--- a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactoryTest.java
+++ b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/ConsumerReactiveHttpClientFactoryTest.java
@@ -30,13 +30,13 @@ import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration;
 class ConsumerReactiveHttpClientFactoryTest {
 
     private DmaapConsumerConfiguration dmaapConsumerConfiguration = mock(DmaapConsumerConfiguration.class);
-    private DMaaPReactiveWebClient reactiveWebClient = mock(DMaaPReactiveWebClient.class);
+    private DMaaPReactiveWebClientFactory reactiveWebClientFactory = mock(DMaaPReactiveWebClientFactory.class);
     private ConsumerReactiveHttpClientFactory httpClientFactory =
-            new ConsumerReactiveHttpClientFactory(reactiveWebClient);
+            new ConsumerReactiveHttpClientFactory(reactiveWebClientFactory);
 
     @Test
-    void create_shouldReturnNotNullFactoryInstance() {
+    void create_shouldReturnNotNullFactoryInstance() throws Exception {
         Assertions.assertNotNull(httpClientFactory.create(dmaapConsumerConfiguration));
-        verify(reactiveWebClient).build();
+        verify(reactiveWebClientFactory).build(dmaapConsumerConfiguration);
     }
 }
\ No newline at end of file
diff --git a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientFactoryTest.java b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientFactoryTest.java
new file mode 100644
index 00000000..887d5d33
--- /dev/null
+++ b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientFactoryTest.java
@@ -0,0 +1,86 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcaegen2.services.prh.service.consumer;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration;
+import org.onap.dcaegen2.services.prh.ssl.SslFactory;
+import org.springframework.web.reactive.function.client.WebClient;
+
+/**
+ * @author <a href="mailto:przemyslaw.wasala@nokia.com">Przemysław Wąsala</a> on 7/5/18
+ */
+class DMaaPReactiveWebClientFactoryTest {
+
+    private static final String KEY_STORE = "keyStore";
+    private static final String KEY_STORE_PASS = "keyStorePass";
+    private static final String TRUST_STORE = "trustStore";
+    private static final String TRUST_STORE_PASS = "trustStorePass";
+    private SslFactory sslFactory = mock(SslFactory.class);
+    private DMaaPReactiveWebClientFactory webClientFactory = new DMaaPReactiveWebClientFactory(sslFactory);
+
+    @Test
+    void builder_shouldBuildDMaaPReactiveWebClientwithInsecureSslContext() throws Exception {
+        //given
+        DmaapConsumerConfiguration dmaapConsumerConfiguration = givenDmaapConfigurationWithSslDisabled();
+
+        //when
+        WebClient dmaapReactiveWebClient = webClientFactory.build(dmaapConsumerConfiguration);
+
+        //then
+        Assertions.assertNotNull(dmaapReactiveWebClient);
+        verify(sslFactory).createInsecureContext();
+    }
+
+    @Test
+    void builder_shouldBuildDMaaPReactiveWebClientwithSecureSslContext() throws Exception {
+        //given
+        DmaapConsumerConfiguration dmaapConsumerConfiguration = givenDmaapConfigurationWithSslEnabled();
+
+        //when
+        WebClient dmaapReactiveWebClient = webClientFactory.build(dmaapConsumerConfiguration);
+
+        //then
+        Assertions.assertNotNull(dmaapReactiveWebClient);
+        verify(sslFactory).createSecureContext(KEY_STORE, KEY_STORE_PASS, TRUST_STORE, TRUST_STORE_PASS);
+    }
+
+    private DmaapConsumerConfiguration givenDmaapConfigurationWithSslDisabled() {
+        DmaapConsumerConfiguration dmaapConsumerConfiguration = mock(DmaapConsumerConfiguration.class);
+        when(dmaapConsumerConfiguration.enableDmaapCertAuth()).thenReturn(false);
+        return dmaapConsumerConfiguration;
+    }
+
+    private DmaapConsumerConfiguration givenDmaapConfigurationWithSslEnabled() {
+        DmaapConsumerConfiguration dmaapConsumerConfiguration = mock(DmaapConsumerConfiguration.class);
+        when(dmaapConsumerConfiguration.enableDmaapCertAuth()).thenReturn(true);
+        when(dmaapConsumerConfiguration.keyStore()).thenReturn(KEY_STORE);
+        when(dmaapConsumerConfiguration.keyStorePassword()).thenReturn(KEY_STORE_PASS);
+        when(dmaapConsumerConfiguration.trustStore()).thenReturn(TRUST_STORE);
+        when(dmaapConsumerConfiguration.trustStorePassword()).thenReturn(TRUST_STORE_PASS);
+        return dmaapConsumerConfiguration;
+    }
+}
\ No newline at end of file
diff --git a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientTest.java b/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientTest.java
deleted file mode 100644
index 6b06c06a..00000000
--- a/prh-dmaap-client/src/test/java/org/onap/dcaegen2/services/prh/service/consumer/DMaaPReactiveWebClientTest.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * ============LICENSE_START=======================================================
- * PNF-REGISTRATION-HANDLER
- * ================================================================================
- * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dcaegen2.services.prh.service.consumer;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.Test;
-import org.onap.dcaegen2.services.prh.config.DmaapConsumerConfiguration;
-import org.springframework.web.reactive.function.client.WebClient;
-
-/**
- * @author <a href="mailto:przemyslaw.wasala@nokia.com">Przemysław Wąsala</a> on 7/5/18
- */
-class DMaaPReactiveWebClientTest {
-
-
-    @Test
-    void builder_shouldBuildDMaaPReactiveWebClient() {
-        //given
-        DmaapConsumerConfiguration dmaapConsumerConfiguration = mock(DmaapConsumerConfiguration.class);
-        String dmaaPContentType = "*/*";
-        String dmaaPUserName = "DMaaP";
-        String dmaaPUserPassword = "DMaaP";
-
-        //when
-        when(dmaapConsumerConfiguration.dmaapContentType()).thenReturn(dmaaPContentType);
-        when(dmaapConsumerConfiguration.dmaapUserName()).thenReturn(dmaaPUserName);
-        when(dmaapConsumerConfiguration.dmaapUserPassword()).thenReturn(dmaaPUserPassword);
-        WebClient dmaapreactiveWebClient = new DMaaPReactiveWebClient()
-            .build();
-
-        //then
-        Assertions.assertNotNull(dmaapreactiveWebClient);
-
-    }
-}
\ No newline at end of file