From 48c86d015c5a12cd54101d703d021d953d81509f Mon Sep 17 00:00:00 2001 From: pkaras Date: Thu, 25 Oct 2018 14:56:21 +0200 Subject: certificate configuration for DMaaP and AAI Change-Id: If074b4b1b5dce0dd5a69cd464cf6259177580736 Issue-ID: DCAEGEN2-888 Signed-off-by: Pawel --- .../services/prh/configuration/AppConfig.java | 77 +++++++++++++++++++++- .../prh/configuration/CloudConfigParser.java | 23 +++++++ .../prh/configuration/CloudConfiguration.java | 3 +- .../services/prh/configuration/PrhAppConfig.java | 29 ++++---- .../src/main/resources/prh_endpoints.json | 9 +++ 5 files changed, 125 insertions(+), 16 deletions(-) (limited to 'prh-app-server/src/main') diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/AppConfig.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/AppConfig.java index c5c77ec2..643462f1 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/AppConfig.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/AppConfig.java @@ -32,7 +32,6 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Configuration; - /** * @author Przemysław Wąsala on 4/9/18 */ @@ -120,6 +119,27 @@ public class AppConfig extends PrhAppConfig { @Value("${aai.aaiClientConfiguration.aaiPnfPath:}") public String aaiPnfPath; + @Value("${security.keyFile:}") + public String keyFile; + + @Value("${security.trustStore:}") + public String trustStore; + + @Value("${security.trustStorePassword:}") + public String trustStorePassword; + + @Value("${security.keyStore:}") + public String keyStore; + + @Value("${security.keyStorePassword:}") + public String keyStorePassword; + + @Value("${security.enableAaiCertAuth:}") + public Boolean enableAaiCertAuth; + + @Value("${security.enableDmaapCertAuth:}") + public Boolean enableDmaapCertAuth; + @Override public DmaapConsumerConfiguration getDmaapConsumerConfiguration() { return new ImmutableDmaapConsumerConfiguration.Builder() @@ -153,6 +173,24 @@ public class AppConfig extends PrhAppConfig { .orElse(dmaapConsumerConfiguration.consumerGroup())) .consumerId(Optional.ofNullable(consumerId).filter(isEmpty.negate()) .orElse(dmaapConsumerConfiguration.consumerId())) + .keyFile( + Optional.ofNullable(keyFile).filter(p -> !p.isEmpty()) + .orElse(dmaapConsumerConfiguration.keyFile())) + .trustStore( + Optional.ofNullable(trustStore).filter(p -> !p.isEmpty()) + .orElse(dmaapConsumerConfiguration.trustStore())) + .trustStorePassword( + Optional.ofNullable(trustStorePassword).filter(isEmpty.negate()) + .orElse(dmaapConsumerConfiguration.trustStorePassword())) + .keyStore( + Optional.ofNullable(keyStore).filter(p -> !p.isEmpty()) + .orElse(dmaapConsumerConfiguration.keyStore())) + .keyStorePassword( + Optional.ofNullable(keyStorePassword).filter(isEmpty.negate()) + .orElse(dmaapConsumerConfiguration.keyStorePassword())) + .enableDmaapCertAuth( + Optional.ofNullable(enableDmaapCertAuth).filter(p -> !p.toString().isEmpty()) + .orElse(dmaapConsumerConfiguration.enableDmaapCertAuth())) .build(); } @@ -177,6 +215,24 @@ public class AppConfig extends PrhAppConfig { .aaiPnfPath( Optional.ofNullable(aaiPnfPath).filter(isEmpty.negate()).orElse(aaiClientConfiguration.aaiPnfPath())) .aaiHeaders(aaiClientConfiguration.aaiHeaders()) + .keyFile( + Optional.ofNullable(keyFile).filter(p -> !p.isEmpty()) + .orElse(aaiClientConfiguration.keyFile())) + .trustStore( + Optional.ofNullable(trustStore).filter(p -> !p.isEmpty()) + .orElse(aaiClientConfiguration.trustStore())) + .trustStorePassword( + Optional.ofNullable(trustStorePassword).filter(isEmpty.negate()) + .orElse(aaiClientConfiguration.trustStorePassword())) + .keyStore( + Optional.ofNullable(keyStore).filter(p -> !p.isEmpty()) + .orElse(aaiClientConfiguration.keyStore())) + .keyStorePassword( + Optional.ofNullable(keyStorePassword).filter(isEmpty.negate()) + .orElse(aaiClientConfiguration.keyStorePassword())) + .enableAaiCertAuth( + Optional.ofNullable(enableAaiCertAuth).filter(p -> !p.toString().isEmpty()) + .orElse(aaiClientConfiguration.enableAaiCertAuth())) .build(); } @@ -204,7 +260,24 @@ public class AppConfig extends PrhAppConfig { .dmaapUserPassword( Optional.ofNullable(producerDmaapUserPassword).filter(isEmpty.negate()) .orElse(dmaapPublisherConfiguration.dmaapUserPassword())) + .keyFile( + Optional.ofNullable(keyFile).filter(p -> !p.isEmpty()) + .orElse(dmaapPublisherConfiguration.keyFile())) + .trustStore( + Optional.ofNullable(trustStore).filter(p -> !p.isEmpty()) + .orElse(dmaapPublisherConfiguration.trustStore())) + .trustStorePassword( + Optional.ofNullable(trustStorePassword).filter(isEmpty.negate()) + .orElse(dmaapPublisherConfiguration.trustStorePassword())) + .keyStore( + Optional.ofNullable(keyStore).filter(p -> !p.isEmpty()) + .orElse(dmaapPublisherConfiguration.keyStore())) + .keyStorePassword( + Optional.ofNullable(keyStorePassword).filter(isEmpty.negate()) + .orElse(dmaapPublisherConfiguration.keyStorePassword())) + .enableDmaapCertAuth( + Optional.ofNullable(enableDmaapCertAuth).filter(p -> !p.toString().isEmpty()) + .orElse(dmaapPublisherConfiguration.enableDmaapCertAuth())) .build(); } - } diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfigParser.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfigParser.java index 32d8a562..2e57256e 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfigParser.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfigParser.java @@ -33,6 +33,11 @@ import org.onap.dcaegen2.services.prh.config.ImmutableDmaapPublisherConfiguratio */ class CloudConfigParser { + private static final String SECURITY_KEY_FILE = "security.keyFile"; + private static final String SECURITY_TRUST_STORE = "security.trustStore"; + private static final String SECURITY_KEY_STORE = "security.keyStore"; + private static final String KEY_STORE_PASS = "security.keyStorePassword"; + private static final String TRUST_STORE_PASS = "security.trustStorePassword"; private final JsonObject jsonObject; CloudConfigParser(JsonObject jsonObject) { @@ -48,6 +53,12 @@ class CloudConfigParser { .dmaapContentType(jsonObject.get("dmaap.dmaapProducerConfiguration.dmaapContentType").getAsString()) .dmaapHostName(jsonObject.get("dmaap.dmaapProducerConfiguration.dmaapHostName").getAsString()) .dmaapUserName(jsonObject.get("dmaap.dmaapProducerConfiguration.dmaapUserName").getAsString()) + .keyFile(jsonObject.get(SECURITY_KEY_FILE).getAsString()) + .trustStore(jsonObject.get(SECURITY_TRUST_STORE).getAsString()) + .trustStorePassword(jsonObject.get(TRUST_STORE_PASS).getAsString()) + .keyStore(jsonObject.get(SECURITY_KEY_STORE).getAsString()) + .keyStorePassword(jsonObject.get(KEY_STORE_PASS).getAsString()) + .enableDmaapCertAuth(jsonObject.get("security.enableDmaapCertAuth").getAsBoolean()) .build(); } @@ -62,6 +73,12 @@ class CloudConfigParser { .aaiUserPassword(jsonObject.get("aai.aaiClientConfiguration.aaiUserPassword").getAsString()) .aaiProtocol(jsonObject.get("aai.aaiClientConfiguration.aaiProtocol").getAsString()) .aaiBasePath(jsonObject.get("aai.aaiClientConfiguration.aaiBasePath").getAsString()) + .keyFile(jsonObject.get(SECURITY_KEY_FILE).getAsString()) + .trustStore(jsonObject.get(SECURITY_TRUST_STORE).getAsString()) + .trustStorePassword(jsonObject.get(TRUST_STORE_PASS).getAsString()) + .keyStore(jsonObject.get(SECURITY_KEY_STORE).getAsString()) + .keyStorePassword(jsonObject.get(KEY_STORE_PASS).getAsString()) + .enableAaiCertAuth(jsonObject.get("security.enableAaiCertAuth").getAsBoolean()) .build(); } @@ -78,6 +95,12 @@ class CloudConfigParser { .dmaapProtocol(jsonObject.get("dmaap.dmaapConsumerConfiguration.dmaapProtocol").getAsString()) .consumerId(jsonObject.get("dmaap.dmaapConsumerConfiguration.consumerId").getAsString()) .consumerGroup(jsonObject.get("dmaap.dmaapConsumerConfiguration.consumerGroup").getAsString()) + .keyFile(jsonObject.get(SECURITY_KEY_FILE).getAsString()) + .trustStore(jsonObject.get(SECURITY_TRUST_STORE).getAsString()) + .trustStorePassword(jsonObject.get(TRUST_STORE_PASS).getAsString()) + .keyStore(jsonObject.get(SECURITY_KEY_STORE).getAsString()) + .keyStorePassword(jsonObject.get(KEY_STORE_PASS).getAsString()) + .enableDmaapCertAuth(jsonObject.get("security.enableDmaapCertAuth").getAsBoolean()) .build(); } } \ No newline at end of file diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfiguration.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfiguration.java index e598b4b3..1e1e0491 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfiguration.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/CloudConfiguration.java @@ -104,9 +104,8 @@ public class CloudConfiguration extends AppConfig { return Optional.ofNullable(aaiClientCloudConfiguration).orElse(super.getAaiClientConfiguration()); } - @Override public DmaapConsumerConfiguration getDmaapConsumerConfiguration() { return Optional.ofNullable(dmaapConsumerCloudConfiguration).orElse(super.getDmaapConsumerConfiguration()); } -} +} \ No newline at end of file diff --git a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java index 18cd1f8f..54c63532 100644 --- a/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java +++ b/prh-app-server/src/main/java/org/onap/dcaegen2/services/prh/configuration/PrhAppConfig.java @@ -26,8 +26,6 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; import com.google.gson.TypeAdapterFactory; -import java.io.BufferedInputStream; -import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; @@ -59,6 +57,7 @@ public abstract class PrhAppConfig implements Config { private static final String AAI_CONFIG = "aaiClientConfiguration"; private static final String DMAAP_PRODUCER = "dmaapProducerConfiguration"; private static final String DMAAP_CONSUMER = "dmaapConsumerConfiguration"; + private static final String SECURITY = "security"; private static final Logger LOGGER = LoggerFactory.getLogger(PrhAppConfig.class); @@ -92,22 +91,25 @@ public abstract class PrhAppConfig implements Config { GsonBuilder gsonBuilder = new GsonBuilder(); ServiceLoader.load(TypeAdapterFactory.class).forEach(gsonBuilder::registerTypeAdapterFactory); JsonParser parser = new JsonParser(); - JsonObject jsonObject; try (InputStream inputStream = resourceFile.getInputStream()) { JsonElement rootElement = getJsonElement(parser, inputStream); if (rootElement.isJsonObject()) { - jsonObject = rootElement.getAsJsonObject(); + JsonObject jsonObject = concatenateJsonObjects( + rootElement.getAsJsonObject().getAsJsonObject(CONFIG).getAsJsonObject(AAI).getAsJsonObject(AAI_CONFIG), + rootElement.getAsJsonObject().getAsJsonObject(CONFIG).getAsJsonObject(SECURITY)); aaiClientConfiguration = deserializeType(gsonBuilder, - jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(AAI).getAsJsonObject(AAI_CONFIG), + jsonObject, AaiClientConfiguration.class); - dmaapConsumerConfiguration = deserializeType(gsonBuilder, - jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_CONSUMER), + concatenateJsonObjects( + rootElement.getAsJsonObject().getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_CONSUMER), + rootElement.getAsJsonObject().getAsJsonObject(CONFIG).getAsJsonObject(SECURITY)), DmaapConsumerConfiguration.class); - dmaapPublisherConfiguration = deserializeType(gsonBuilder, - jsonObject.getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_PRODUCER), + concatenateJsonObjects( + rootElement.getAsJsonObject().getAsJsonObject(CONFIG).getAsJsonObject(DMAAP).getAsJsonObject(DMAAP_PRODUCER), + rootElement.getAsJsonObject().getAsJsonObject(CONFIG).getAsJsonObject(SECURITY)), DmaapPublisherConfiguration.class); } } catch (IOException e) { @@ -121,6 +123,12 @@ public abstract class PrhAppConfig implements Config { return parser.parse(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); } + private JsonObject concatenateJsonObjects(JsonObject target, JsonObject source) { + source.entrySet() + .forEach(entry -> target.add(entry.getKey(), entry.getValue())); + return target; + } + private T deserializeType(@NotNull GsonBuilder gsonBuilder, @NotNull JsonObject jsonObject, @NotNull Class type) { return gsonBuilder.create().fromJson(jsonObject, type); @@ -130,7 +138,4 @@ public abstract class PrhAppConfig implements Config { this.resourceFile = resourceFile; } - InputStream getInputStream(@NotNull String filepath) throws IOException { - return new BufferedInputStream(new FileInputStream(filepath)); - } } \ No newline at end of file diff --git a/prh-app-server/src/main/resources/prh_endpoints.json b/prh-app-server/src/main/resources/prh_endpoints.json index b3bff7d9..75917f12 100644 --- a/prh-app-server/src/main/resources/prh_endpoints.json +++ b/prh-app-server/src/main/resources/prh_endpoints.json @@ -42,6 +42,15 @@ "Content-Type": "application/merge-patch+json" } } + }, + "security": { + "keyFile" : "/opt/app/prh/local/org.onap.prh.keyfile", + "trustStore" : "change it", + "trustStorePassword" : "change it", + "keyStore" : "change it", + "keyStorePassword" : "change it", + "enableAaiCertAuth" : "false", + "enableDmaapCertAuth" : "false" } } } \ No newline at end of file -- cgit 1.2.3-korg