From 01789096439b85ebb9d63633377a3603ef4a9535 Mon Sep 17 00:00:00 2001 From: pwielebs Date: Tue, 20 Aug 2019 14:42:53 +0200 Subject: Upgrade CBS java SDK to support SSL - add TrustStoreKeys class for one-way TLS for CBS client - use trust.jks & trust.pass - add unit test - top up version of Vavr lib (due to bug) Issue-ID: DCAEGEN2-1552 Signed-off-by: Piotr Wielebski Change-Id: I372c559cce5db8eba5448d99e12cdf6609c40d00 --- .../cbs/client/api/CbsClientConfigurationTest.java | 122 ++++++++++++++++++++- .../services/cbs/client/impl/CbsClientImplIT.java | 20 ++-- .../cbs/client/impl/CbsClientImplTest.java | 17 +-- .../src/test/resources/test-certs/cacert.pem | 31 ++++++ .../src/test/resources/test-certs/cert.jks | Bin 0 -> 4512 bytes .../src/test/resources/test-certs/jks.pass | 1 + .../src/test/resources/test-certs/trust.jks | Bin 0 -> 1413 bytes .../src/test/resources/test-certs/trust.pass | 1 + 8 files changed, 170 insertions(+), 22 deletions(-) create mode 100644 rest-services/cbs-client/src/test/resources/test-certs/cacert.pem create mode 100644 rest-services/cbs-client/src/test/resources/test-certs/cert.jks create mode 100644 rest-services/cbs-client/src/test/resources/test-certs/jks.pass create mode 100644 rest-services/cbs-client/src/test/resources/test-certs/trust.jks create mode 100644 rest-services/cbs-client/src/test/resources/test-certs/trust.pass (limited to 'rest-services/cbs-client/src/test') diff --git a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java index e00fd6bd..d0df0b6c 100644 --- a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java +++ b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/api/CbsClientConfigurationTest.java @@ -21,18 +21,132 @@ package org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; - +import org.junit.Rule; +import org.junit.contrib.java.lang.system.EnvironmentVariables; import org.junit.jupiter.api.Test; +import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.exceptions.CbsClientConfigurationException; import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsClientConfiguration; +import org.onap.dcaegen2.services.sdk.security.ssl.Passwords; + +import java.net.URISyntaxException; +import java.nio.file.Paths; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; /** * @author Piotr Jaszczyk * @since February 2019 */ class CbsClientConfigurationTest { + + @Rule + public final EnvironmentVariables envs = new EnvironmentVariables(); + + @Test + void fromEnvironment_shouldReturnConfigurationForConnectionWithoutTls_when_DCAE_CA_CERTPATH_isEmpty() { + // given + envs.set("DCAE_CA_CERTPATH", ""); + envs.set("CONFIG_BINDING_SERVICE", "config-binding-service"); + envs.set("CONFIG_BINDING_SERVICE_SERVICE_PORT", "10000"); + envs.set("HOSTNAME", "dcae-prh"); + envs.set("CONSUL_HOST", "consul-server.onap"); + + // when + CbsClientConfiguration configuration = CbsClientConfiguration.fromEnvironment(); + + // then + assertThat(configuration.trustStoreKeys()).isEqualTo(null); + assertThat(configuration.protocol()).isEqualTo("http"); + } + + @Test + void fromEnvironment_shouldReturnConfigurationForConnectionOverTls_when_DCAE_CA_CERTPATH_isSet() throws URISyntaxException { + // given + envs.set("DCAE_CA_CERTPATH", preparePathToCertFile()); + envs.set("CONFIG_BINDING_SERVICE", "config-binding-service"); + envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443"); + envs.set("HOSTNAME", "dcae-prh"); + envs.set("CONSUL_HOST", "consul-server.onap"); + + // when + CbsClientConfiguration configuration = CbsClientConfiguration.fromEnvironment(); + + // then + assertThat(configuration.trustStoreKeys()).isNotNull(); + assertThat(configuration.protocol()).isEqualTo("https"); + } + + @Test + void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_DCAE_CA_CERTPATH_is_Null() { + // given + envs.set("DCAE_CA_CERTPATH", null); + envs.set("CONFIG_BINDING_SERVICE_SERVICE_PORT", "9090"); + envs.set("CONFIG_BINDING_SERVICE", "config-binding-service"); + envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443"); + envs.set("HOSTNAME", "dcae-prh"); + envs.set("CONSUL_HOST", "consul-server.onap"); + + // when + CbsClientConfiguration configuration = CbsClientConfiguration.fromEnvironment(); + + // then + assertThat(configuration.trustStoreKeys()).isNull(); + assertThat(configuration.protocol()).isEqualTo("http"); + } + + @Test + void fromEnvironment_shouldReturn_CbsClientConfigurationException_WhenAllEnvVariablesAreMissing() { + assertThatExceptionOfType(CbsClientConfigurationException.class) + .isThrownBy(CbsClientConfiguration::fromEnvironment); + } + + @Test + void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_DCAE_CA_CERTPATH_isWrong() { + // given + envs.set("DCAE_CA_CERTPATH", "/home/cacert.pem"); + envs.set("HOSTNAME", "dcae-prh"); + envs.set("CONFIG_BINDING_SERVICE", "config-binding-service"); + envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443"); + envs.set("CONSUL_HOST", "consul-server.onap"); + + // then + assertThatExceptionOfType(CbsClientConfigurationException.class) + .isThrownBy(CbsClientConfiguration::fromEnvironment) + .withMessageContaining("Required files do not exist in /home directory"); + } + @Test - void fromEnvironmentShouldFailWhenEnvVariablesAreMissing() { - assertThatExceptionOfType(NullPointerException.class).isThrownBy(CbsClientConfiguration::fromEnvironment); + void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_HOSTNAME_isMissing() throws URISyntaxException { + // given + envs.set("HOSTNAME", ""); + envs.set("DCAE_CA_CERTPATH", preparePathToCertFile()); + envs.set("CONFIG_BINDING_SERVICE", "config-binding-service"); + envs.set("CONFIG_BINDING_SERVICE_PORT_10443_TCP_PORT", "10443"); + envs.set("CONSUL_HOST", "consul-server.onap"); + + // then + assertThatExceptionOfType(CbsClientConfigurationException.class) + .isThrownBy(CbsClientConfiguration::fromEnvironment) + .withMessageContaining("Cannot read HOSTNAME from environment."); + } + + @Test + void fromEnvironment_shouldReturn_CbsClientConfigurationException_When_CONFIG_BINDING_SERVICE_SERVICE_PORT_isEmpty() { + // given + envs.set("CONFIG_BINDING_SERVICE_SERVICE_PORT", ""); + envs.set("DCAE_CA_CERTPATH", ""); + envs.set("HOSTNAME", "dcae-prh"); + envs.set("CONFIG_BINDING_SERVICE", "config-binding-service"); + envs.set("CONSUL_HOST", "consul-server.onap"); + + // then + assertThatExceptionOfType(CbsClientConfigurationException.class) + .isThrownBy(CbsClientConfiguration::fromEnvironment) + .withMessageContaining("Cannot read CONFIG_BINDING_SERVICE_SERVICE_PORT from environment."); + } + + private String preparePathToCertFile() throws URISyntaxException { + return Paths.get(Passwords.class.getResource("/test-certs/cacert.pem").toURI()) + ""; } } \ No newline at end of file diff --git a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java index 43b2a7bb..5804c165 100644 --- a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java +++ b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplIT.java @@ -20,17 +20,8 @@ package org.onap.dcaegen2.services.sdk.rest.services.cbs.client.impl; -import static org.assertj.core.api.Assertions.assertThat; -import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.KAFKA; -import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.MESSAGE_ROUTER; -import static org.onap.dcaegen2.services.sdk.rest.services.adapters.http.test.DummyHttpServer.sendResource; -import static org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamPredicates.streamOfType; - import com.google.gson.JsonObject; import io.vavr.collection.Stream; - -import java.time.Duration; - import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -47,14 +38,22 @@ import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.exceptions.St import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.DataStreams; import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamFromGsonParser; import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamFromGsonParsers; -import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsRequest; import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsClientConfiguration; +import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.CbsRequest; import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.model.ImmutableCbsClientConfiguration; import org.onap.dcaegen2.services.sdk.rest.services.model.logging.RequestDiagnosticContext; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; import reactor.test.StepVerifier; +import java.time.Duration; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.KAFKA; +import static org.onap.dcaegen2.services.sdk.model.streams.StreamType.MESSAGE_ROUTER; +import static org.onap.dcaegen2.services.sdk.rest.services.adapters.http.test.DummyHttpServer.sendResource; +import static org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.streams.StreamPredicates.streamOfType; + /** * @author Piotr Jaszczyk * @since February 2019 @@ -77,6 +76,7 @@ class CbsClientImplIT { .get("/sampleKey/dcae-component", (req, resp) -> sendResource(resp, SAMPLE_KEY)) ); sampleConfiguration = ImmutableCbsClientConfiguration.builder() + .protocol("http") .appName("dcae-component") .hostname(server.host()) .port(server.port()) diff --git a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java index 78b79f9d..40cf7100 100644 --- a/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java +++ b/rest-services/cbs-client/src/test/java/org/onap/dcaegen2/services/sdk/rest/services/cbs/client/impl/CbsClientImplTest.java @@ -20,14 +20,7 @@ package org.onap.dcaegen2.services.sdk.rest.services.cbs.client.impl; -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; - import com.google.gson.JsonObject; -import java.net.InetSocketAddress; import org.junit.jupiter.api.Test; import org.onap.dcaegen2.services.sdk.rest.services.adapters.http.HttpMethod; import org.onap.dcaegen2.services.sdk.rest.services.adapters.http.HttpRequest; @@ -40,6 +33,14 @@ import org.onap.dcaegen2.services.sdk.rest.services.cbs.client.api.CbsRequests; import org.onap.dcaegen2.services.sdk.rest.services.model.logging.RequestDiagnosticContext; import reactor.core.publisher.Mono; +import java.net.InetSocketAddress; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.BDDMockito.given; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; + /** * @author Piotr Jaszczyk * @since February 2019 @@ -52,7 +53,7 @@ class CbsClientImplTest { // given InetSocketAddress cbsAddress = InetSocketAddress.createUnresolved("cbshost", 6969); String serviceName = "dcaegen2-ves-collector"; - final CbsClient cut = new CbsClientImpl(httpClient, serviceName, cbsAddress); + final CbsClient cut = new CbsClientImpl(httpClient, serviceName, cbsAddress, "http"); final HttpResponse httpResponse = ImmutableHttpResponse.builder() .url("http://xxx") .statusCode(200) diff --git a/rest-services/cbs-client/src/test/resources/test-certs/cacert.pem b/rest-services/cbs-client/src/test/resources/test-certs/cacert.pem new file mode 100644 index 00000000..897c8ae4 --- /dev/null +++ b/rest-services/cbs-client/src/test/resources/test-certs/cacert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV +BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx +NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK +DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7 +XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn +H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM +pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7 +NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg +2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY +wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd +ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM +P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6 +aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY +PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G +A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ +UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN +BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz +L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9 +7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx +c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf +jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2 +RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h +PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF +CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+ +Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A +cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR +ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX +dYY= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/rest-services/cbs-client/src/test/resources/test-certs/cert.jks b/rest-services/cbs-client/src/test/resources/test-certs/cert.jks new file mode 100644 index 00000000..e74ce64f Binary files /dev/null and b/rest-services/cbs-client/src/test/resources/test-certs/cert.jks differ diff --git a/rest-services/cbs-client/src/test/resources/test-certs/jks.pass b/rest-services/cbs-client/src/test/resources/test-certs/jks.pass new file mode 100644 index 00000000..39823872 --- /dev/null +++ b/rest-services/cbs-client/src/test/resources/test-certs/jks.pass @@ -0,0 +1 @@ +mYHC98!qX}7h?W}jRv}MIXTJ \ No newline at end of file diff --git a/rest-services/cbs-client/src/test/resources/test-certs/trust.jks b/rest-services/cbs-client/src/test/resources/test-certs/trust.jks new file mode 100644 index 00000000..10103cfb Binary files /dev/null and b/rest-services/cbs-client/src/test/resources/test-certs/trust.jks differ diff --git a/rest-services/cbs-client/src/test/resources/test-certs/trust.pass b/rest-services/cbs-client/src/test/resources/test-certs/trust.pass new file mode 100644 index 00000000..168e64bd --- /dev/null +++ b/rest-services/cbs-client/src/test/resources/test-certs/trust.pass @@ -0,0 +1 @@ +*TQH?Lnszprs4LmlAj38yds( \ No newline at end of file -- cgit 1.2.3-korg