summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-02-15 14:49:54 +0100
committerPiotr Jaszczyk <piotr.jaszczyk@nokia.com>2019-02-18 15:20:20 +0100
commit28a5b0d5b6c844ca78665bded229e67a429800b7 (patch)
treee3fad7c857de1a734027fa9ccc3e9dcbb3cc29a5
parent244b070d680eaac727091193b0998c76c78cc230 (diff)
Remove vavr from SSL API
It is still used internally, but methods does not depend on it. The goal was to support clean integration with any JVM app, ie. apps using Kotlin are rather using Arrow or nothing at all. Issue-ID: DCAEGEN2-1069 Change-Id: I1a9151bacd287d65ca8c84057de2f3c174cf8145 Signed-off-by: Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Password.java18
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Passwords.java112
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeys.java1
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeysStore.java4
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java89
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/PasswordEvictedException.java32
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingPasswordFromFileException.java36
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingSecurityKeysStoreException.java36
-rw-r--r--security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/SecurityConfigurationException.java36
-rw-r--r--security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordTest.java16
-rw-r--r--security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordsTest.java64
-rw-r--r--services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java4
-rw-r--r--services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java2
13 files changed, 373 insertions, 77 deletions
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Password.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Password.java
index 35fc7bbe..c2feb17e 100644
--- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Password.java
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Password.java
@@ -26,6 +26,7 @@ import io.vavr.control.Try;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import org.jetbrains.annotations.NotNull;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.PasswordEvictedException;
/**
* Simple password representation.
@@ -50,9 +51,10 @@ public class Password {
*
* @param user of the password
*/
- public <T> Try<T> use(Function1<char[], Try<T>> user) {
- if (value == null)
- return Try.failure(new GeneralSecurityException("Password had been already used so it is in cleared state"));
+ public <T> T use(Function1<char[], T> user) {
+ if (value == null) {
+ throw new PasswordEvictedException("Password had been already used so it is in cleared state");
+ }
try {
return user.apply(value);
@@ -69,4 +71,14 @@ public class Password {
Arrays.fill(value, (char) 0);
value = null;
}
+
+ /**
+ * For security reasons this will return a constant value.
+ *
+ * @return some predefined string not containing the actual password
+ */
+ @Override
+ public String toString() {
+ return "<password>";
+ }
}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Passwords.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Passwords.java
index 39828086..38dae0df 100644
--- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Passwords.java
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/Passwords.java
@@ -20,8 +20,12 @@
package org.onap.dcaegen2.services.sdk.security.ssl;
-import io.vavr.control.Try;
+import static io.vavr.Function0.constant;
+
import java.io.File;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
@@ -30,6 +34,7 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
import org.jetbrains.annotations.NotNull;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingPasswordFromFileException;
/**
* Utility functions for loading passwords.
@@ -42,22 +47,97 @@ public final class Passwords {
private Passwords() {
}
- public static @NotNull Try<Password> fromFile(File file) {
- return fromPath(file.toPath());
+ /**
+ * Creates password from given char array.
+ *
+ * Will directly used the provided array, ie. it will be cleared after password was used.
+ *
+ * @param passwd array containing password
+ * @return Password instance wrapping the provided array
+ */
+ public static @NotNull Password wrap(char[] passwd) {
+ return new Password(passwd);
+ }
+
+ /**
+ * Creates password from given CharSequence.
+ *
+ * <em>WARNING</em>: Avoid using this method. It will be impossible to clear memory containing the password.
+ *
+ *
+ * @param passwd the password as CharSequence
+ * @return Password instance
+ */
+ public static @NotNull Password fromString(CharSequence passwd) {
+ return constant(passwd)
+ .andThen(CharBuffer::wrap)
+ .andThen(Passwords::convertToCharArray)
+ .andThen(Passwords::wrap)
+ .apply();
+ }
+
+ /**
+ * Reads password from file.
+ *
+ * @param file to read
+ * @return Password instance with contents of the file
+ * @throws ReadingPasswordFromFileException when file could not be read
+ */
+ public static @NotNull Password fromFile(File file) {
+ return constant(file)
+ .andThen(File::toPath)
+ .andThen(Passwords::fromPath)
+ .apply();
+ }
+
+ /**
+ * Reads password from file.
+ *
+ * @param path of the file to read
+ * @return Password instance with contents of the file
+ * @throws ReadingPasswordFromFileException when file could not be read
+ */
+ public static @NotNull Password fromPath(Path path) {
+ try {
+ return constant(Files.readAllBytes(path))
+ .andThen(Passwords::decodeChars)
+ .andThen(Passwords::convertToCharArray)
+ .andThen(Passwords::wrap)
+ .apply();
+ } catch (IOException e) {
+ throw new ReadingPasswordFromFileException("Could not read password from " + path, e);
+ }
}
- public static @NotNull Try<Password> fromPath(Path path) {
- return Try.of(() -> {
- final byte[] bytes = Files.readAllBytes(path);
- final CharBuffer password = decodeChars(bytes);
- final char[] result = convertToCharArray(password);
- return new Password(result);
- });
+ /**
+ * Reads password from resource.
+ *
+ * @param resource URL starting with slash
+ * @return Password instance with contents of the resource
+ * @throws ReadingPasswordFromFileException when resource could not be read
+ */
+ public static @NotNull Password fromResource(String resource) {
+ return constant(resource)
+ .andThen(Passwords::resourceAsUrl)
+ .andThen(Passwords::asPath)
+ .andThen(Passwords::fromPath)
+ .apply();
}
- public static @NotNull Try<Password> fromResource(String resource) {
- return Try.of(() -> Paths.get(Passwords.class.getResource(resource).toURI()))
- .flatMap(Passwords::fromPath);
+ private static @NotNull URL resourceAsUrl(String resource) {
+ final URL resourceUrl = Passwords.class.getResource(resource);
+ if (resourceUrl == null) {
+ throw new ReadingPasswordFromFileException("Could not find resource " + resource);
+ }
+ return resourceUrl;
+ }
+
+ private static Path asPath(URL resourceUrl) {
+ try {
+ return Paths.get(resourceUrl.toURI());
+ } catch (URISyntaxException e) {
+ throw new ReadingPasswordFromFileException("Could not read password", e);
+ }
}
private static @NotNull CharBuffer decodeChars(byte[] bytes) {
@@ -80,8 +160,10 @@ public final class Passwords {
}
private static void clearBuffer(CharBuffer password) {
- while (password.remaining() > 0) {
- password.put((char) 0);
+ if(!password.isReadOnly()) {
+ while (password.remaining() > 0) {
+ password.put((char) 0);
+ }
}
}
}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeys.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeys.java
index 244e33c8..70cb6c02 100644
--- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeys.java
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeys.java
@@ -28,7 +28,6 @@ import org.immutables.value.Value;
*/
@Value.Immutable
public interface SecurityKeys {
-
SecurityKeysStore keyStore();
Password keyStorePassword();
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeysStore.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeysStore.java
index 0ebfc451..401055ca 100644
--- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeysStore.java
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SecurityKeysStore.java
@@ -22,6 +22,7 @@ package org.onap.dcaegen2.services.sdk.security.ssl;
import java.nio.file.Path;
import org.immutables.value.Value;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException;
/**
* @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
@@ -44,10 +45,11 @@ public interface SecurityKeysStore {
* not be possible.
*
* @return key store type
+ * @throws org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException when file type is unknown
*/
@Value.Default
default String type() {
return KeyStoreTypes.inferTypeFromExtension(path())
- .getOrElseThrow(() -> new IllegalStateException("Could not determine key store type by file name"));
+ .getOrElseThrow(() -> new SecurityConfigurationException("Could not determine key store type by file name"));
}
}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java
index 1f3f4cfd..076490a9 100644
--- a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/SslFactory.java
@@ -20,32 +20,46 @@
package org.onap.dcaegen2.services.sdk.security.ssl;
+import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
-import io.vavr.control.Try;
import java.io.IOException;
import java.nio.file.Files;
-import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingSecurityKeysStoreException;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.SecurityConfigurationException;
+/**
+ * @since 1.1.1
+ */
public class SslFactory {
+ private static final String EXCEPTION_MESSAGE = "Could not create SSL context";
+
/**
* Creates Netty SSL <em>client</em> context using provided security keys.
*
* @param keys - Security keys to be used
* @return configured SSL context
*/
- public Try<SslContext> createSecureClientContext(final SecurityKeys keys) {
- return Try.success(SslContextBuilder.forClient())
- .flatMap(ctx -> keyManagerFactory(keys).map(ctx::keyManager))
- .flatMap(ctx -> trustManagerFactory(keys).map(ctx::trustManager))
- .mapTry(SslContextBuilder::build);
+ public SslContext createSecureClientContext(final SecurityKeys keys) {
+ try {
+ return SslContextBuilder.forClient()
+ .keyManager(keyManagerFactory(keys))
+ .trustManager(trustManagerFactory(keys))
+ .build();
+ } catch (SSLException e) {
+ throw new SecurityConfigurationException(EXCEPTION_MESSAGE, e);
+ }
}
/**
@@ -54,11 +68,15 @@ public class SslFactory {
* @param keys - Security keys to be used
* @return configured SSL context
*/
- public Try<SslContext> createSecureServerContext(final SecurityKeys keys) {
- return keyManagerFactory(keys)
- .map(SslContextBuilder::forServer)
- .flatMap(ctx -> trustManagerFactory(keys).map(ctx::trustManager))
- .mapTry(SslContextBuilder::build);
+ public SslContext createSecureServerContext(final SecurityKeys keys) {
+ try {
+ return SslContextBuilder.forServer(keyManagerFactory(keys))
+ .trustManager(trustManagerFactory(keys))
+ .clientAuth(ClientAuth.REQUIRE)
+ .build();
+ } catch (SSLException e) {
+ throw new SecurityConfigurationException(EXCEPTION_MESSAGE, e);
+ }
}
/**
@@ -68,40 +86,53 @@ public class SslFactory {
* @deprecated Do not use in production. Will trust anyone.
*/
@Deprecated
- public Try<SslContext> createInsecureClientContext() {
- return Try.success(SslContextBuilder.forClient())
- .map(ctx -> ctx.trustManager(InsecureTrustManagerFactory.INSTANCE))
- .mapTry(SslContextBuilder::build);
+ public SslContext createInsecureClientContext() {
+ try {
+ return SslContextBuilder.forClient()
+ .trustManager(InsecureTrustManagerFactory.INSTANCE)
+ .build();
+ } catch (SSLException e) {
+ throw new SecurityConfigurationException(EXCEPTION_MESSAGE, e);
+ }
}
- private Try<TrustManagerFactory> trustManagerFactory(SecurityKeys keys) {
+ private TrustManagerFactory trustManagerFactory(SecurityKeys keys) {
return trustManagerFactory(keys.trustStore(), keys.trustStorePassword());
}
- private Try<KeyManagerFactory> keyManagerFactory(SecurityKeys keys) {
+ private KeyManagerFactory keyManagerFactory(SecurityKeys keys) {
return keyManagerFactory(keys.keyStore(), keys.keyStorePassword());
}
- private Try<KeyManagerFactory> keyManagerFactory(SecurityKeysStore store, Password password) {
- return password.useChecked(passwordChars -> {
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- kmf.init(loadKeyStoreFromFile(store, passwordChars), passwordChars);
- return kmf;
+ private KeyManagerFactory keyManagerFactory(SecurityKeysStore store, Password password) {
+ return password.use(passwordChars -> {
+ try {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(loadKeyStoreFromFile(store, passwordChars), passwordChars);
+ return kmf;
+ } catch (GeneralSecurityException | IOException ex) {
+ throw new ReadingSecurityKeysStoreException("Could not read private keys from store", ex);
+ }
});
}
- private Try<TrustManagerFactory> trustManagerFactory(SecurityKeysStore store, Password password) {
- return password.useChecked(passwordChars -> {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(loadKeyStoreFromFile(store, passwordChars));
- return tmf;
+ private TrustManagerFactory trustManagerFactory(SecurityKeysStore store, Password password) {
+ return password.use(passwordChars -> {
+ try {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(loadKeyStoreFromFile(store, passwordChars));
+ return tmf;
+ } catch (GeneralSecurityException | IOException ex) {
+ throw new ReadingSecurityKeysStoreException("Could not read trusted keys from store", ex);
+ }
});
}
private KeyStore loadKeyStoreFromFile(SecurityKeysStore store, char[] keyStorePassword)
- throws GeneralSecurityException, IOException {
+ throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
KeyStore ks = KeyStore.getInstance(store.type());
ks.load(Files.newInputStream(store.path(), StandardOpenOption.READ), keyStorePassword);
return ks;
+
}
}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/PasswordEvictedException.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/PasswordEvictedException.java
new file mode 100644
index 00000000..508fc6e2
--- /dev/null
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/PasswordEvictedException.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START====================================
+ * DCAEGEN2-SERVICES-SDK
+ * =========================================================
+ * Copyright (C) 2019 Nokia. All rights reserved.
+ * =========================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================
+ */
+
+package org.onap.dcaegen2.services.sdk.security.ssl.exceptions;
+
+/**
+ * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
+ * @since 1.1.2
+ */
+public class PasswordEvictedException extends RuntimeException {
+
+ public PasswordEvictedException(String message) {
+ super(message);
+ }
+}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingPasswordFromFileException.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingPasswordFromFileException.java
new file mode 100644
index 00000000..b39e01c9
--- /dev/null
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingPasswordFromFileException.java
@@ -0,0 +1,36 @@
+/*
+ * ============LICENSE_START====================================
+ * DCAEGEN2-SERVICES-SDK
+ * =========================================================
+ * Copyright (C) 2019 Nokia. All rights reserved.
+ * =========================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================
+ */
+
+package org.onap.dcaegen2.services.sdk.security.ssl.exceptions;
+
+/**
+ * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
+ * @since 1.1.2
+ */
+public class ReadingPasswordFromFileException extends SecurityConfigurationException {
+
+ public ReadingPasswordFromFileException(String message) {
+ super(message);
+ }
+
+ public ReadingPasswordFromFileException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingSecurityKeysStoreException.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingSecurityKeysStoreException.java
new file mode 100644
index 00000000..f8e0cfd5
--- /dev/null
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/ReadingSecurityKeysStoreException.java
@@ -0,0 +1,36 @@
+/*
+ * ============LICENSE_START====================================
+ * DCAEGEN2-SERVICES-SDK
+ * =========================================================
+ * Copyright (C) 2019 Nokia. All rights reserved.
+ * =========================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================
+ */
+
+package org.onap.dcaegen2.services.sdk.security.ssl.exceptions;
+
+/**
+ * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
+ * @since 1.1.2
+ */
+public class ReadingSecurityKeysStoreException extends SecurityConfigurationException {
+
+ public ReadingSecurityKeysStoreException(String message) {
+ super(message);
+ }
+
+ public ReadingSecurityKeysStoreException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/SecurityConfigurationException.java b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/SecurityConfigurationException.java
new file mode 100644
index 00000000..08c38df7
--- /dev/null
+++ b/security/ssl/src/main/java/org/onap/dcaegen2/services/sdk/security/ssl/exceptions/SecurityConfigurationException.java
@@ -0,0 +1,36 @@
+/*
+ * ============LICENSE_START====================================
+ * DCAEGEN2-SERVICES-SDK
+ * =========================================================
+ * Copyright (C) 2019 Nokia. All rights reserved.
+ * =========================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================
+ */
+
+package org.onap.dcaegen2.services.sdk.security.ssl.exceptions;
+
+/**
+ * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
+ * @since 1.1.2
+ */
+public class SecurityConfigurationException extends RuntimeException {
+
+ public SecurityConfigurationException(String message) {
+ super(message);
+ }
+
+ public SecurityConfigurationException(String message, Throwable cause) {
+ super(message, cause);
+ }
+}
diff --git a/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordTest.java b/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordTest.java
index ede227eb..41143f61 100644
--- a/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordTest.java
+++ b/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordTest.java
@@ -24,10 +24,10 @@ import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import io.vavr.collection.Array;
-import io.vavr.control.Try;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import org.junit.jupiter.api.Test;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.PasswordEvictedException;
/**
* @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
@@ -66,10 +66,10 @@ class PasswordTest {
final Password cut = new Password("ala ma kota".toCharArray());
// when & then
- useThePassword(cut).get();
+ useThePassword(cut);
- assertThatExceptionOfType(GeneralSecurityException.class).isThrownBy(() ->
- useThePassword(cut).get());
+ assertThatExceptionOfType(PasswordEvictedException.class).isThrownBy(() ->
+ useThePassword(cut));
}
@Test
@@ -80,8 +80,8 @@ class PasswordTest {
// when & then
cut.clear();
- assertThatExceptionOfType(GeneralSecurityException.class).isThrownBy(() ->
- useThePassword(cut).get());
+ assertThatExceptionOfType(PasswordEvictedException.class).isThrownBy(() ->
+ useThePassword(cut));
}
@Test
@@ -97,8 +97,8 @@ class PasswordTest {
assertAllCharsAreNull(passwordChars);
}
- private Try<Object> useThePassword(Password cut) {
- return cut.use((pass) -> Try.success(42));
+ private void useThePassword(Password cut) {
+ cut.use((pass) -> null);
}
private void assertAllCharsAreNull(char[] passwordChars) {
diff --git a/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordsTest.java b/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordsTest.java
index 07c5afe8..13d7f213 100644
--- a/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordsTest.java
+++ b/security/ssl/src/test/java/org/onap/dcaegen2/services/sdk/security/ssl/PasswordsTest.java
@@ -21,15 +21,17 @@
package org.onap.dcaegen2.services.sdk.security.ssl;
import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import io.vavr.control.Try;
import java.io.File;
import java.net.URISyntaxException;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.UUID;
+import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
+import org.onap.dcaegen2.services.sdk.security.ssl.exceptions.ReadingPasswordFromFileException;
/**
* @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
@@ -38,28 +40,62 @@ import org.junit.jupiter.api.Test;
class PasswordsTest {
@Test
+ void wrap() {
+ // given
+ final char[] passwd = {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
+
+ // when
+ final Password result = Passwords.wrap(passwd);
+
+ // then
+ assertThat(extractPassword(result)).isEqualTo("password");
+ assertThat(passwd).containsOnly('\0');
+ }
+
+ @Test
+ void fromString() {
+ // given
+ final String passwd = "password";
+
+ // when
+ final Password result = Passwords.fromString(passwd);
+
+ // then
+ assertThat(extractPassword(result)).isEqualTo("password");
+ }
+
+ @Test
void fromFile() {
// given
final File file = new File("./src/test/resources/password.txt");
// when
- final Try<Password> result = Passwords.fromFile(file);
+ final Password result = Passwords.fromFile(file);
// then
- assertSuccessful(result);
assertThat(extractPassword(result)).isEqualTo("ja baczewski\n2nd line");
}
@Test
+ void fromFileWhenNotExisting() {
+ // given
+ final File file = new File("./not existing file");
+
+ // when & then
+ assertThatThrownBy(() -> Passwords.fromFile(file))
+ .isInstanceOf(ReadingPasswordFromFileException.class)
+ .hasCauseInstanceOf(NoSuchFileException.class);
+ }
+
+ @Test
void fromPath() throws URISyntaxException {
// given
final Path path = Paths.get(PasswordsTest.class.getResource("/password.txt").toURI());
// when
- final Try<Password> result = Passwords.fromPath(path);
+ final Password result = Passwords.fromPath(path);
// then
- assertSuccessful(result);
assertThat(extractPassword(result)).isEqualTo("ja baczewski\n2nd line");
}
@@ -69,11 +105,10 @@ class PasswordsTest {
final Path path = Paths.get("/", UUID.randomUUID().toString());
// when
- final Try<Password> result = Passwords.fromPath(path);
+ Assertions.assertThrows(ReadingPasswordFromFileException.class, () -> {
+ Passwords.fromPath(path);
+ });
- // then
- assertThat(result.isFailure()).describedAs("Try.failure?").isTrue();
- assertThat(result.getCause()).isInstanceOf(NoSuchFileException.class);
}
@Test
@@ -82,18 +117,13 @@ class PasswordsTest {
final String resource = "/password.txt";
// when
- final Try<Password> result = Passwords.fromResource(resource);
+ final Password result = Passwords.fromResource(resource);
// then
- assertSuccessful(result);
assertThat(extractPassword(result)).isEqualTo("ja baczewski\n2nd line");
}
- private void assertSuccessful(Try<Password> result) {
- assertThat(result.isSuccess()).describedAs("Try.success?").isTrue();
- }
-
- private String extractPassword(Try<Password> result) {
- return result.flatMap(pass -> pass.useChecked(String::new)).get();
+ private String extractPassword(Password pass) {
+ return pass.use(String::new);
}
} \ No newline at end of file
diff --git a/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java b/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java
index 87cf9fef..ec16e9e4 100644
--- a/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java
+++ b/services/hv-ves-client/producer/ct/src/test/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/ct/SystemUnderTestWrapper.java
@@ -62,9 +62,9 @@ public class SystemUnderTestWrapper {
start(ImmutableProducerOptions.builder()
.securityKeys(ImmutableSecurityKeys.builder()
.keyStore(ImmutableSecurityKeysStore.of(resource("/client.p12").get()))
- .keyStorePassword(Passwords.fromResource("/client.pass").get())
+ .keyStorePassword(Passwords.fromResource("/client.pass"))
.trustStore(ImmutableSecurityKeysStore.of(resource("/trust.p12").get()))
- .trustStorePassword(Passwords.fromResource("/trust.pass").get())
+ .trustStorePassword(Passwords.fromResource("/trust.pass"))
.build()));
}
diff --git a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java
index e135445e..185fca71 100644
--- a/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java
+++ b/services/hv-ves-client/producer/impl/src/main/java/org/onap/dcaegen2/services/sdk/services/hvves/client/producer/impl/HvVesProducerFactoryImpl.java
@@ -48,7 +48,7 @@ public class HvVesProducerFactoryImpl extends HvVesProducerFactory {
LOGGER.warn("Using insecure connection");
} else {
LOGGER.info("Using secure tunnel");
- final SslContext ctx = sslFactory.createSecureClientContext(options.securityKeys()).get();
+ final SslContext ctx = sslFactory.createSecureClientContext(options.securityKeys());
tcpClient = tcpClient.secure(ssl -> ssl.sslContext(ctx));
}