From 55b339f77d4944b17a4eeefb8ade6ff5f05a422d Mon Sep 17 00:00:00 2001 From: Matthieu Geerebaert Date: Fri, 10 Jan 2020 16:05:10 +0100 Subject: Add support for HTTPS with self signed certificates Dual port 8080 & 8443 Change-Id: I4acda5a1064a62d663243be810b1e3d3e458e742 Issue-ID: EXTAPI-255 Signed-off-by: MatthieuGeerebaert --- .env | 5 ++- Dockerfile | 6 ++- docker-compose.yml | 4 +- docs/installation/installation.rst | 5 +++ .../nbi/configuration/HttpAndHttpsContainer.java | 47 +++++++++++++++++++++ src/main/resources/application-ssl.properties | 24 +++++++++++ src/main/resources/application.properties | 8 ++-- src/main/resources/keystore/nbi.onap.p12 | Bin 0 -> 2651 bytes src/test/java/karate-config.js | 3 +- .../karatetest/features/02--ServiceOrder.feature | 4 +- .../05--ListenerResourceTestTarget.feature | 12 +++--- 11 files changed, 100 insertions(+), 18 deletions(-) create mode 100644 src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java create mode 100644 src/main/resources/application-ssl.properties create mode 100644 src/main/resources/keystore/nbi.onap.p12 diff --git a/.env b/.env index b5e681d..df2e722 100644 --- a/.env +++ b/.env @@ -18,7 +18,8 @@ NBI_VERSION=v4 # APPLICATION SERVER_CONTEXTPATH=/nbi/api/v4 -SERVER_PORT=8080 +SERVER_PORT=8443 +HTTP_PORT=8080 # ONAP ONAP_LCPCLOUDREGIONID= @@ -27,7 +28,7 @@ ONAP_CLOUDOWNER= NEXUS_DOCKER_REPO=nexus3.onap.org:10001 # NBI -NBI_URL=http://localhost:8080/nbi/api/v4 +NBI_URL=https://localhost:8443/nbi/api/v4 NBI_CALLFORVNF=false # SDC diff --git a/Dockerfile b/Dockerfile index ab23eec..6d2c3de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,8 +36,10 @@ RUN for cert in $(ls -d /certs/*); do \ USER appuser:appgroup -ENV SERVER_PORT=${SERVER_PORT:-8080} -ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom" +ENV SERVER_PORT=${SERVER_PORT:-8443} +ENV HTTP_PORT=${HTTP_PORT:-8080} +ENV JAVA_OPTS="-Dspring.profiles.active=ssl -Djava.security.egd=file:/dev/./urandom" EXPOSE $SERVER_PORT +EXPOSE $HTTP_PORT ENTRYPOINT java -XX:+UseContainerSupport $JAVA_OPTS -jar /app.jar diff --git a/docker-compose.yml b/docker-compose.yml index 607475c..47b98ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,9 +35,11 @@ services: MYSQL_USER: rene # APP *************************************************************************************** nbi: - image: ${NEXUS_DOCKER_REPO}/onap/externalapi/nbi:${DOCKER_IMAGE_VERSION:-latest} + # image: ${NEXUS_DOCKER_REPO}/onap/externalapi/nbi:${DOCKER_IMAGE_VERSION:-latest} + build: . ports: - 8080:8080 + - 8443:8443 env_file: - .env environment: diff --git a/docs/installation/installation.rst b/docs/installation/installation.rst index 9850c92..95b7279 100644 --- a/docs/installation/installation.rst +++ b/docs/installation/installation.rst @@ -53,6 +53,7 @@ Requirements * Docker * Docker-compose +* Free ports 8080 and 8443 Edit *docker-compose.yml* to select previous generated local build, replace:: @@ -80,6 +81,10 @@ Test http://localhost:8080/nbi/api/v4/status +and + +https://localhost:8443/nbi/api/v4/status + You should get:: { diff --git a/src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java b/src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java new file mode 100644 index 0000000..f63728f --- /dev/null +++ b/src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java @@ -0,0 +1,47 @@ +/** + * Copyright (c) 2020 Orange + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.nbi.configuration; + +import org.apache.catalina.connector.Connector; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; +import org.springframework.boot.web.servlet.server.ServletWebServerFactory; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("ssl") +public class HttpAndHttpsContainer { + + @Value("${http.port}") + private int httpPort; + + @Bean + public ServletWebServerFactory servletContainer() { + TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); + tomcat.addAdditionalTomcatConnectors(createStandardConnector()); + return tomcat; + } + + private Connector createStandardConnector() { + Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); + connector.setPort(httpPort); + return connector; + } + +} diff --git a/src/main/resources/application-ssl.properties b/src/main/resources/application-ssl.properties new file mode 100644 index 0000000..994083a --- /dev/null +++ b/src/main/resources/application-ssl.properties @@ -0,0 +1,24 @@ +# +# Copyright (c) 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +http.port=8080 + +# tls/ssl +server.port=8443 +server.ssl.key-store=classpath:keystore/nbi.onap.p12 +server.ssl.key-store-type=PKCS12 +server.ssl.key-store-password=externalapi +server.ssl.key-alias=nbi.onap diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index fe0b9d1..b146afd 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -24,8 +24,8 @@ nbi.version = v4 # SERVER server.servlet.context-path = /nbi/api/${nbi.version} -server.port = 8080 server.public.ip = localhost +server.port = 8080 # LOGGING logging.level. = WARN @@ -40,8 +40,8 @@ onap.tenantId = 6e97a2bd51d74f6db5671d8dc1517d82 onap.cloudOwner = CloudOwner # NBI -nbi.url = http://localhost:${server.port}${server.servlet.context-path} -nbi.public.url = http://${server.public.ip}:${server.port}${server.servlet.context-path} +nbi.url = https://localhost:${server.port}${server.servlet.context-path} +nbi.public.url = https://${server.public.ip}:${server.port}${server.servlet.context-path} nbi.callForVNF = false # SCHEDULER @@ -109,4 +109,4 @@ spring.datasource.validationQuery = SELECT 1 spring.datasource.driver-class-name = org.mariadb.jdbc.Driver spring.jpa.show-sql = false spring.jpa.hibernate.ddl-auto = update -spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy \ No newline at end of file +spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy diff --git a/src/main/resources/keystore/nbi.onap.p12 b/src/main/resources/keystore/nbi.onap.p12 new file mode 100644 index 0000000..6083f1d Binary files /dev/null and b/src/main/resources/keystore/nbi.onap.p12 differ diff --git a/src/test/java/karate-config.js b/src/test/java/karate-config.js index 4b81173..882892e 100644 --- a/src/test/java/karate-config.js +++ b/src/test/java/karate-config.js @@ -1,6 +1,7 @@ function() { var config = { - nbiBaseUrl: 'http://localhost:8080/nbi/api/v4' + nbiBaseUrl: 'http://localhost:8080/nbi/api/v4', + targetHeader: 'http://localhost:8080/nbi/api/v4' }; karate.configure('connectTimeout', 5000); karate.configure('readTimeout', 5000); diff --git a/src/test/resources/karatetest/features/02--ServiceOrder.feature b/src/test/resources/karatetest/features/02--ServiceOrder.feature index f1ee4bc..f5985a9 100644 --- a/src/test/resources/karatetest/features/02--ServiceOrder.feature +++ b/src/test/resources/karatetest/features/02--ServiceOrder.feature @@ -376,7 +376,7 @@ Then status 204 Scenario: testCheckServiceOrderWithTargetHeader Given path 'serviceOrder' -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader And request data[0] When method post Then status 201 @@ -384,7 +384,7 @@ And match $.id contains '#notnull' And match $.state == 'acknowledged' And def serviceOrderId = $.id Given path 'serviceOrder',serviceOrderId -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader When method get Then status 200 diff --git a/src/test/resources/karatetest/features/05--ListenerResourceTestTarget.feature b/src/test/resources/karatetest/features/05--ListenerResourceTestTarget.feature index 52cc91f..6639d37 100644 --- a/src/test/resources/karatetest/features/05--ListenerResourceTestTarget.feature +++ b/src/test/resources/karatetest/features/05--ListenerResourceTestTarget.feature @@ -35,18 +35,18 @@ function(s) { Scenario: testcreateEventSubscription Given path 'hub' -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader And request data[0] When method post Then status 201 And def hubId = $.id -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader Given path 'hub',hubId When method get Then status 200 And match hubId == $.id Given path 'hub',hubId -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader When method delete Then status 204 @@ -56,14 +56,14 @@ Given path 'test/listener' When method delete Then status 204 Given path 'hub' -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader And request { callback : '#(listenerUrl)' , query : 'eventType = ServiceOrderCreationNotification' } When method post Then status 201 And def hubId = $.id Given path 'serviceOrder' And request serviceOrderData[17] -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader When method post Then status 201 And def serviceOrderId = $.id @@ -80,7 +80,7 @@ Given path 'serviceOrder',serviceOrderId When method delete Then status 204 Given path 'hub',hubId -And header Target = 'http://localhost:8080/nbi/api/v4' +And header Target = targetHeader When method delete Then status 204 Given path 'test/listener',eventId -- cgit 1.2.3-korg