Upgrade CBS java SDK to support SSL

 - add TrustStoreKeys class for one-way TLS for CBS client
 - use trust.jks & trust.pass
 - add unit test
 - top up version of Vavr lib (due to bug)

Issue-ID: DCAEGEN2-1552
Signed-off-by: Piotr Wielebski <piotr.wielebski@nokia.com>
Change-Id: I372c559cce5db8eba5448d99e12cdf6609c40d00

8 files changed, 170 insertions, 22 deletions

diff --git a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java
index e00fd6bd..d0df0b6c 100644
--- a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java
+++ b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java
@@ -21,18 +21,132 @@
 package org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api;
 
 
-import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
-
+import org.junit.Rule;
+import org.junit.contrib.java.lang.system.EnvironmentVariables;
 import org.junit.jupiter.api.Test;
+import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.exceptions.CbsClientConfigurationException;
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsClientConfiguration;
+import org.onap.dcaegen2.services.sdk.security.ssl.Passwords;
+
+import java.net.URISyntaxException;
+import java.nio.file.Paths;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 
 /**
  * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
  * @since February 2019
  */
 class CbsClientConfigurationTest {
+
+    @Rule
+    public final EnvironmentVariables envs = new EnvironmentVariables();
+
+    @Test
+    void fromEnvironment_shouldReturnConfigurationForConnectionWithoutTls_when_DCAE_CA_CERTPATH_isEmpty() {
+        // given
+        envs.set("DCAE_CA_CERTPATH", "");
+        envs.set("CONFIG_BINDING_SERVICE", "config-binding-service");
+        envs.set("CONFIG_BINDING_SERVICE_SERVICE_PORT", "10000");
+        envs.set("HOSTNAME", "dcae-prh");
+        envs.set("CONSUL_HOST", "consul-server.onap");
+
+        // when
+        CbsClientConfiguration configuration = CbsClientConfiguration.fromEnvironment();
+
+        // then
+        assertThat(configuration.trustStoreKeys()).isEqualTo(null);
+        assertThat(configuration.protocol()).isEqualTo("http");
+    }
+
+    @Test
+    void fromEnvironment_shouldReturnConfigurationForConnectionOverTls_when_DCAE_CA_CERTPATH_isSet() throws URISyntaxException {
+        // given
+        envs.set("DCAE_CA_CERTPATH", preparePathToCertFile());
+        envs.set("CONFIG_BINDING_SERVICE", "config-binding-service");
+        envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443");
+        envs.set("HOSTNAME", "dcae-prh");
+        envs.set("CONSUL_HOST", "consul-server.onap");
+
+        // when
+        CbsClientConfiguration configuration = CbsClientConfiguration.fromEnvironment();
+
+        // then
+        assertThat(configuration.trustStoreKeys()).isNotNull();
+        assertThat(configuration.protocol()).isEqualTo("https");
+    }
+
+    @Test
+    void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_DCAE_CA_CERTPATH_is_Null() {
+        // given
+        envs.set("DCAE_CA_CERTPATH", null);
+        envs.set("CONFIG_BINDING_SERVICE_SERVICE_PORT", "9090");
+        envs.set("CONFIG_BINDING_SERVICE", "config-binding-service");
+        envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443");
+        envs.set("HOSTNAME", "dcae-prh");
+        envs.set("CONSUL_HOST", "consul-server.onap");
+
+        // when
+        CbsClientConfiguration configuration = CbsClientConfiguration.fromEnvironment();
+
+        // then
+        assertThat(configuration.trustStoreKeys()).isNull();
+        assertThat(configuration.protocol()).isEqualTo("http");
+    }
+
+    @Test
+    void fromEnvironment_shouldReturn_CbsClientConfigurationException_WhenAllEnvVariablesAreMissing() {
+        assertThatExceptionOfType(CbsClientConfigurationException.class)
+                .isThrownBy(CbsClientConfiguration::fromEnvironment);
+    }
+
+    @Test
+    void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_DCAE_CA_CERTPATH_isWrong() {
+        // given
+        envs.set("DCAE_CA_CERTPATH", "/home/cacert.pem");
+        envs.set("HOSTNAME", "dcae-prh");
+        envs.set("CONFIG_BINDING_SERVICE", "config-binding-service");
+        envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443");
+        envs.set("CONSUL_HOST", "consul-server.onap");
+
+        // then
+        assertThatExceptionOfType(CbsClientConfigurationException.class)
+                .isThrownBy(CbsClientConfiguration::fromEnvironment)
+                .withMessageContaining("Required files do not exist in /home directory");
+    }
+
     @Test
-    void fromEnvironmentShouldFailWhenEnvVariablesAreMissing() {
-        assertThatExceptionOfType(NullPointerException.class).isThrownBy(CbsClientConfiguration::fromEnvironment);
+    void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_HOSTNAME_isMissing() throws URISyntaxException {
+        // given
+        envs.set("HOSTNAME", "");
+        envs.set("DCAE_CA_CERTPATH", preparePathToCertFile());
+        envs.set("CONFIG_BINDING_SERVICE", "config-binding-service");
+        envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443");
+        envs.set("CONSUL_HOST", "consul-server.onap");
+
+        // then
+        assertThatExceptionOfType(CbsClientConfigurationException.class)
+                .isThrownBy(CbsClientConfiguration::fromEnvironment)
+                .withMessageContaining("Cannot read HOSTNAME from environment.");
+    }
+
+    @Test
+    void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_CONFIG_BINDING_SERVICE_SERVICE_PORT_isEmpty() {
+        // given
+        envs.set("CONFIG_BINDING_SERVICE_SERVICE_PORT", "");
+        envs.set("DCAE_CA_CERTPATH", "");
+        envs.set("HOSTNAME", "dcae-prh");
+        envs.set("CONFIG_BINDING_SERVICE", "config-binding-service");
+        envs.set("CONSUL_HOST", "consul-server.onap");
+
+        // then
+        assertThatExceptionOfType(CbsClientConfigurationException.class)
+                .isThrownBy(CbsClientConfiguration::fromEnvironment)
+                .withMessageContaining("Cannot read CONFIG_BINDING_SERVICE_SERVICE_PORT from environment.");
+    }
+
+    private String preparePathToCertFile() throws URISyntaxException {
+        return Paths.get(Passwords.class.getResource("/test-certs/cacert.pem").toURI()) + "";
     }
 }
\ No newline at end of file
diff --git a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java
index 43b2a7bb..5804c165 100644
--- a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java
+++ b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java
@@ -20,17 +20,8 @@
 
 package org.onap.dcaegen2.services.sdk.rest.services.cbs.client.impl;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.KAFKA;
-import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.MESSAGE_ROUTER;
-import static org.onap.dcaegen2.services.sdk.rest.services.adapters.http.test.DummyHttpServer.sendResource;
-import static org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamPredicates.streamOfType;
-
 import com.google.gson.JsonObject;
 import io.vavr.collection.Stream;
-
-import java.time.Duration;
-
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
@@ -47,14 +38,22 @@ import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.exceptions.St
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.DataStreams;
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamFromGsonParser;
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamFromGsonParsers;
-import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsRequest;
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsClientConfiguration;
+import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsRequest;
 import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.ImmutableCbsClientConfiguration;
 import org.onap.dcaegen2.services.sdk.rest.services.model.logging.RequestDiagnosticContext;
 import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import reactor.test.StepVerifier;
 
+import java.time.Duration;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.KAFKA;
+import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.MESSAGE_ROUTER;
+import static org.onap.dcaegen2.services.sdk.rest.services.adapters.http.test.DummyHttpServer.sendResource;
+import static org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamPredicates.streamOfType;
+
 /**
  * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
  * @since February 2019
@@ -77,6 +76,7 @@ class CbsClientImplIT {
                         .get("/sampleKey/dcae-component", (req, resp) -> sendResource(resp, SAMPLE_KEY))
         );
         sampleConfiguration = ImmutableCbsClientConfiguration.builder()
+                .protocol("http")
                 .appName("dcae-component")
                 .hostname(server.host())
                 .port(server.port())
diff --git a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java
index 78b79f9d..40cf7100 100644
--- a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java
+++ b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java
@@ -20,14 +20,7 @@
 
 package org.onap.dcaegen2.services.sdk.rest.services.cbs.client.impl;
 
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-
 import com.google.gson.JsonObject;
-import java.net.InetSocketAddress;
 import org.junit.jupiter.api.Test;
 import org.onap.dcaegen2.services.sdk.rest.services.adapters.http.HttpMethod;
 import org.onap.dcaegen2.services.sdk.rest.services.adapters.http.HttpRequest;
@@ -40,6 +33,14 @@ import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsRequests;
 import org.onap.dcaegen2.services.sdk.rest.services.model.logging.RequestDiagnosticContext;
 import reactor.core.publisher.Mono;
 
+import java.net.InetSocketAddress;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
+
 /**
  * @author <a href="mailto:piotr.jaszczyk@nokia.com">Piotr Jaszczyk</a>
  * @since February 2019
@@ -52,7 +53,7 @@ class CbsClientImplTest {
         // given
         InetSocketAddress cbsAddress = InetSocketAddress.createUnresolved("cbshost", 6969);
         String serviceName = "dcaegen2-ves-collector";
-        final CbsClient cut = new CbsClientImpl(httpClient, serviceName, cbsAddress);
+        final CbsClient cut = new CbsClientImpl(httpClient, serviceName, cbsAddress, "http");
         final HttpResponse httpResponse = ImmutableHttpResponse.builder()
                 .url("http://xxx")
                 .statusCode(200)
diff --git a/rest-services/cbs-client/src/test/resources/test-certs/cacert.pem b/rest-services/cbs-client/src/test/resources/test-certs/cacert.pem
new file mode 100644
index 00000000..897c8ae4
--- /dev/null
+++ b/rest-services/cbs-client/src/test/resources/test-certs/cacert.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
+BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
+NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
+DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
+XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
+H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
+pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
+NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
+2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
+wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
+ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
+P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
+aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
+PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
+A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
+UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
+BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
+L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
+7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
+c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
+jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
+RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
+PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
+CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
+Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
+cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
+ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
+dYY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/rest-services/cbs-client/src/test/resources/test-certs/cert.jks b/rest-services/cbs-client/src/test/resources/test-certs/cert.jks
new file mode 100644
index 00000000..e74ce64f
--- /dev/null
+++ b/rest-services/cbs-client/src/test/resources/test-certs/cert.jks
diff --git a/rest-services/cbs-client/src/test/resources/test-certs/jks.pass b/rest-services/cbs-client/src/test/resources/test-certs/jks.pass
new file mode 100644
index 00000000..39823872
--- /dev/null
+++ b/rest-services/cbs-client/src/test/resources/test-certs/jks.pass
@@ -0,0 +1 @@
+mYHC98!qX}7h?W}jRv}MIXTJ
\ No newline at end of file
diff --git a/rest-services/cbs-client/src/test/resources/test-certs/trust.jks b/rest-services/cbs-client/src/test/resources/test-certs/trust.jks
new file mode 100644
index 00000000..10103cfb
--- /dev/null
+++ b/rest-services/cbs-client/src/test/resources/test-certs/trust.jks
diff --git a/rest-services/cbs-client/src/test/resources/test-certs/trust.pass b/rest-services/cbs-client/src/test/resources/test-certs/trust.pass
new file mode 100644
index 00000000..168e64bd
--- /dev/null
+++ b/rest-services/cbs-client/src/test/resources/test-certs/trust.pass
@@ -0,0 +1 @@
+*TQH?Lnszprs4LmlAj38yds(
\ No newline at end of file