Implement TLS over HTTP

Issue-ID: CERT-10 Change-Id: I25421331f249ea0a33fe9280534df8e66d08463f Signed-off-by: Gokul Singaraju <goksing@gmail.com>
author: Gokul Singaraju <goksing@gmail.com> 2017-12-19 12:31:40 -0500
committer: Gokul Singaraju <goksing@gmail.com> 2017-12-19 12:32:04 -0500
commit: a19bd423c1e4d2f5552bab090ba2650c38fa7192 (patch)
tree: f084cc45de2186ec51254e32fec6995fc3d3bb2c /vnfs/VES5.0/evel/evel-test-collector
parent: 722be323a2e68989a87801d03e1b92cdd0c085e3 (diff)
3 files changed, 62 insertions, 1 deletions
diff --git a/vnfs/VES5.0/evel/evel-test-collector/code/collector/collector.py b/vnfs/VES5.0/evel/evel-test-collector/code/collector/collector.py
index b9473ae5..58bebc74 100644
--- a/vnfs/VES5.0/evel/evel-test-collector/code/collector/collector.py
+++ b/vnfs/VES5.0/evel/evel-test-collector/code/collector/collector.py
@@ -38,6 +38,7 @@ import string
 import json
 import jsonschema
 from functools import partial
+import ssl
 
 _hello_resp = '''\
 <html>
@@ -407,7 +408,8 @@ USAGE
         defaults = {'log_file': 'collector.log',
                     'vel_port': '12233',
                     'vel_path': '',
-                    'vel_topic_name': ''
+                    'vel_topic_name': '',
+                    'transport_prot': 'http'
                    }
         overrides = {}
         config = ConfigParser.SafeConfigParser(defaults)
@@ -419,9 +421,16 @@ USAGE
         log_file = config.get(config_section, 'log_file', vars=overrides)
         vel_port = config.get(config_section, 'vel_port', vars=overrides)
         vel_path = config.get(config_section, 'vel_path', vars=overrides)
+        transport_prot = config.get(config_section, 'protocol', vars=overrides)
         vel_topic_name = config.get(config_section,
                                     'vel_topic_name',
                                     vars=overrides)
+
+        if (transport_prot.lower() != 'http' and transport_prot.lower() != 'https' ):
+            logger.error('Invalid Transport must be http or https ({0}) '
+                         'specified'.format(transport_prot))
+            raise RuntimeError('Invalid Transport protcol specified ({0}) '
+                               'specified'.format(transport_prot))
         global vel_username
         global vel_password
         vel_username = config.get(config_section,
@@ -457,6 +466,28 @@ USAGE
         handler = logging.handlers.RotatingFileHandler(log_file,
                                                        maxBytes=1000000,
                                                        backupCount=10)
+
+        if (transport_prot.lower() == 'https' ):
+           transport_prot = transport_prot.lower()
+           ca_file = config.get(config_section, 'ca_file', vars=overrides)
+           cert_file = config.get(config_section, 'cert_file', vars=overrides)
+           key_file = config.get(config_section, 'key_file', vars=overrides)
+           if not os.path.exists(ca_file):
+                logger.error('Event Listener SSL CA File ({0}) not found. '
+                           'No validation will be undertaken.'.format(ca_file))
+                raise RuntimeError('Invalid CA file ({0}) '
+                               'specified'.format(ca_file))
+           if not os.path.exists(cert_file):
+                logger.error('Event Listener SSL Certificate File ({0}) not found. '
+                           'No validation will be undertaken.'.format(cert_file))
+                raise RuntimeError('Invalid Certificate file ({0}) '
+                               'specified'.format(cert_file))
+           if not os.path.exists(key_file):
+                logger.error('Event Listener SSL Key File ({0}) not found. '
+                           'No validation will be undertaken.'.format(key_file))
+                raise RuntimeError('Invalid Key file ({0}) '
+                               'specified'.format(key_file))
+
         if (platform.system() == 'Windows'):
             date_format = '%Y-%m-%d %H:%M:%S'
         else:
@@ -472,6 +503,7 @@ USAGE
         # Log the details of the configuration.
         #----------------------------------------------------------------------
         logger.debug('Log file = {0}'.format(log_file))
+        logger.debug('Event Listener Transport = {0}'.format(transport_prot))
         logger.debug('Event Listener Port = {0}'.format(vel_port))
         logger.debug('Event Listener Path = {0}'.format(vel_path))
         logger.debug('Event Listener Topic = {0}'.format(vel_topic_name))
@@ -587,6 +619,10 @@ USAGE
         dispatcher.register('GET', test_control_url, test_control_listener)
 
         httpd = make_server('', int(vel_port), dispatcher)
+        if (transport_prot == 'https' ):
+            #httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, ca_certs = "../../../sslcerts/test.ca.pem", certfile="../../../sslcerts/www.testsite.com.crt", keyfile="../../../sslcerts/www.testsite.com.key", cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_TLSv1_2)
+            logger.debug('Invoking HTTP Secure mode : ca file {0} cert file {1} key file {2} '.format(ca_file,cert_file,key_file))
+            httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True, ca_certs=ca_file, certfile=cert_file, keyfile=key_file, cert_reqs=ssl.CERT_REQUIRED, ssl_version=ssl.PROTOCOL_TLSv1_2)
         print('Serving on port {0}...'.format(vel_port))
         httpd.serve_forever()
 
diff --git a/vnfs/VES5.0/evel/evel-test-collector/config/collector.conf b/vnfs/VES5.0/evel/evel-test-collector/config/collector.conf
index 3e23c594..66544288 100644
--- a/vnfs/VES5.0/evel/evel-test-collector/config/collector.conf
+++ b/vnfs/VES5.0/evel/evel-test-collector/config/collector.conf
@@ -60,6 +60,11 @@ vel_path = vendor_event_listener/
 vel_username =
 vel_password =
 vel_topic_name = example_vnf
+protocol = HTTP
+#protocol = HTTPS
+#ca_file = ../../../sslcerts/test.ca.pem
+#cert_file = ../../../sslcerts/www.testsite.com.crt
+#key_file = ../../../sslcerts/www.testsite.com.key
 
 #------------------------------------------------------------------------------
 # Settings to be used when running in a windows test environment rather than
@@ -96,4 +101,9 @@ vel_path =
 vel_username = will
 vel_password = pill
 vel_topic_name =
+protocol = HTTP
+#protocol = HTTPS
+#ca_file = ../../../sslcerts/test.ca.pem
+#cert_file = ../../../sslcerts/www.testsite.com.crt
+#key_file = ../../../sslcerts/www.testsite.com.key
 
diff --git a/vnfs/VES5.0/evel/evel-test-collector/docs/ssl_certsample b/vnfs/VES5.0/evel/evel-test-collector/docs/ssl_certsample
new file mode 100644
index 00000000..f8281779
--- /dev/null
+++ b/vnfs/VES5.0/evel/evel-test-collector/docs/ssl_certsample
@@ -0,0 +1,15 @@
+# Generate CA key and certificate
+openssl genrsa -des3 -out test.ca.key 8192
+openssl req -new -key test.ca.key -x509 -days 30 -out test.ca.crt
+
+# Generate server key and certificate
+openssl genrsa -out www.testsite.com.key 1024
+openssl req -new -key www.testsite.com.key -out www.testsite.com.csr
+openssl x509 -req -days 30 -in www.testsite.com.csr -CA test.ca.crt -CAkey test.ca.key -CAcreateserial -out www.testsite.com.crt
+
+# Generate client key and certificate
+openssl genrsa -out testclient.key 1024
+openssl req -new -key testclient.key -out testclient.csr
+openssl x509 -req -days 30 -in testclient.csr -CA test.ca.crt -CAkey test.ca.key -CAcreateserial -out testclient.crt
+
+openssl pkcs12 -export -clcerts -in testclient.crt -inkey testclient.key -out testclient.p12
author	Gokul Singaraju <goksing@gmail.com>	2017-12-19 12:31:40 -0500
committer	Gokul Singaraju <goksing@gmail.com>	2017-12-19 12:32:04 -0500
commit	a19bd423c1e4d2f5552bab090ba2650c38fa7192 (patch)
tree	f084cc45de2186ec51254e32fec6995fc3d3bb2c /vnfs/VES5.0/evel/evel-test-collector
parent	722be323a2e68989a87801d03e1b92cdd0c085e3 (diff)