Adjust PNF simulator to read passwords to stores from files

Issue-ID: INT-1746 Signed-off-by: Adam Wudzinski <adam.wudzinski@nokia.com> Change-Id: Ib8a59500c15759bb09bb8b19e4757f1c48625af5
author: Adam Wudzinski <adam.wudzinski@nokia.com> 2020-10-19 13:45:05 +0200
committer: Adam Wudzinski <adam.wudzinski@nokia.com> 2020-10-22 15:55:06 +0200
commit: d5f1ad72efceda8e10311b9a778aa048ed6909a2 (patch)
tree: 4f03a0b66a1b17a18ff0a293771086bb341ab072 /pnfsimulator/src
parent: 384b7b14722c5a2e351d61b3779869d680cebf8f (diff)
14 files changed, 236 insertions, 35 deletions
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java
new file mode 100644
index 0000000..72af9e5
--- /dev/null
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java
@@ -0,0 +1,53 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.pnfsimulator.simulator.client.utils.ssl;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import javax.net.ssl.SSLContext;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+class CertAuthSslContextFactory {
+
+    private final CertificateReader certificateReader;
+
+    CertAuthSslContextFactory(CertificateReader certificateReader) {
+        this.certificateReader = certificateReader;
+    }
+
+    SSLContext createSslContext(SslAuthenticationHelper sslAuthenticationHelper)
+        throws GeneralSecurityException, IOException {
+        final String keystorePasswordPath = sslAuthenticationHelper.getClientCertificatePasswordPath();
+
+        final KeyStore keystore = certificateReader.read(sslAuthenticationHelper.getClientCertificatePath(),
+            keystorePasswordPath, "PKCS12");
+        final KeyStore truststore = certificateReader.read(sslAuthenticationHelper.getTrustStorePath(),
+            sslAuthenticationHelper.getTrustStorePasswordPath(), "JKS");
+
+        return SSLContexts.custom()
+            .loadKeyMaterial(keystore, certificateReader.readPassword(keystorePasswordPath))
+            .loadTrustMaterial(truststore, new TrustSelfSignedStrategy())
+            .build();
+    }
+
+}
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java
index e0b8cc2..a42114b 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java
@@ -23,16 +23,24 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 
 class CertificateReader {
 
-    KeyStore read(String certificate, String password, String type) throws GeneralSecurityException, IOException {
-        try (InputStream keyStoreStream = new FileInputStream(certificate)) {
+    KeyStore read(String certificatePath, String passwordPath, String type) throws GeneralSecurityException, IOException {
+        try (InputStream keyStoreStream = new FileInputStream(certificatePath)) {
             KeyStore keyStore = KeyStore.getInstance(type);
-            keyStore.load(keyStoreStream, PasswordConverter.convert(password));
+            keyStore.load(keyStoreStream, readPassword(passwordPath));
             return keyStore;
         }
     }
+
+    char[] readPassword(String passwordPath) throws IOException {
+        final String password = Files.readString(Path.of(passwordPath));
+        return PasswordConverter.convert(password);
+    }
+
 }
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java
index 521b584..dffd635 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java
@@ -20,10 +20,9 @@
 
 package org.onap.pnfsimulator.simulator.client.utils.ssl;
 
-import org.apache.http.client.HttpClient;
-
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import org.apache.http.client.HttpClient;
 
 public class HttpClientFactoryFacade {
 
@@ -31,7 +30,8 @@ public class HttpClientFactoryFacade {
     }
 
     private static final CertificateReader CERTIFICATE_READER = new CertificateReader();
-    private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERTIFICATE_READER);
+    private static final CertAuthSslContextFactory CERT_AUTH_SSL_CONTEXT_FACTORY = new CertAuthSslContextFactory(CERTIFICATE_READER);
+    private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERT_AUTH_SSL_CONTEXT_FACTORY);
     private static final HttpClientFactory HTTP_CLIENT_FACTORY = new HttpClientFactory(SSL_CONTEXT_FACTORY);
 
     public static HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException {
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java
index c4839fb..b8dfe6f 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java
@@ -19,32 +19,26 @@
  */
 package org.onap.pnfsimulator.simulator.client.utils.ssl;
 
-import org.apache.http.conn.ssl.TrustAllStrategy;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.conn.ssl.TrustStrategy;
-import org.apache.http.ssl.SSLContextBuilder;
-import org.apache.http.ssl.SSLContexts;
-
-import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyManagementException;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.ssl.SSLContextBuilder;
 
 class SSLContextFactory {
     private static final TrustStrategy TRUST_STRATEGY_ALWAYS = new TrustAllStrategy();
 
-    private final CertificateReader certificateReader;
+    private final CertAuthSslContextFactory certAuthSslContextFactory;
 
-    SSLContextFactory(CertificateReader certificateReader) {
-        this.certificateReader = certificateReader;
+    SSLContextFactory(CertAuthSslContextFactory certAuthSslContextFactory) {
+        this.certAuthSslContextFactory = certAuthSslContextFactory;
     }
     SSLContext create(SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException {
-        return SSLContexts.custom()
-                .loadKeyMaterial(certificateReader.read(sslAuthenticationHelper.getClientCertificateDir(), sslAuthenticationHelper.getClientCertificatePassword(), "PKCS12"), PasswordConverter.convert(sslAuthenticationHelper.getClientCertificatePassword()))
-                .loadTrustMaterial(certificateReader.read(sslAuthenticationHelper.getTrustStoreDir(), sslAuthenticationHelper.getTrustStorePassword(), "JKS"), new TrustSelfSignedStrategy())
-                .build();
+        return certAuthSslContextFactory.createSslContext(sslAuthenticationHelper);
     }
 
     SSLContext createTrustAlways() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java
index b785be6..271ad93 100644
--- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java
+++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java
@@ -38,8 +38,8 @@ public class SslAuthenticationHelper implements Serializable {
 
     private boolean clientCertificateEnabled;
     private boolean strictHostnameVerification;
-    private String clientCertificateDir;
-    private String clientCertificatePassword;
-    private String trustStoreDir;
-    private String trustStorePassword;
+    private String clientCertificatePath;
+    private String clientCertificatePasswordPath;
+    private String trustStorePath;
+    private String trustStorePasswordPath;
 }
diff --git a/pnfsimulator/src/main/resources/application.properties b/pnfsimulator/src/main/resources/application.properties
index 39334d1..c566ce3 100644
--- a/pnfsimulator/src/main/resources/application.properties
+++ b/pnfsimulator/src/main/resources/application.properties
@@ -12,7 +12,7 @@ management.endpoints.web.exposure.include=refresh,health
 
 ssl.clientCertificateEnabled=true
 ssl.strictHostnameVerification=${STRICT_HOSTNAME_VERIFICATION:false}
-ssl.clientCertificateDir=/app/store/cert.p12
-ssl.clientCertificatePassword=${CLIENT_CERT_PASS:collector}
-ssl.trustStoreDir=/app/store/trust.jks
-ssl.trustStorePassword=${TRUST_CERT_PASS:collector}
+ssl.clientCertificatePath=/app/store/cert.p12
+ssl.clientCertificatePasswordPath=/app/store/p12.pass
+ssl.trustStorePath=/app/store/trust.jks
+ssl.trustStorePasswordPath=/app/store/trust.pass
+\ No newline at end of file
diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java
new file mode 100644
index 0000000..c64ddd7
--- /dev/null
+++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java
@@ -0,0 +1,141 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PNF-REGISTRATION-HANDLER
+ * ================================================================================
+ * Copyright (C) 2020 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.pnfsimulator.simulator.client.utils.ssl;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.nio.file.NoSuchFileException;
+import java.security.GeneralSecurityException;
+import javax.net.ssl.SSLContext;
+import org.hamcrest.CoreMatchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+public class CertAuthSslContextFactoryTest {
+
+    private static final String CERTIFICATES_DIRECTORY = "src/test/resources/certificates/";
+
+    private static final String KEYSTORE_FILENAME = "client.p12";
+    private static final String VALID_KEYSTORE_PASSWORD_FILENAME = "client.pass";
+    private static final String INVALID_KEYSTORE_PASSWORD_FILENAME = "client_invalid.pass";
+
+    private static final String TRUSTSTORE_FILENAME = "truststore";
+    private static final String VALID_TRUSTSTORE_PASSWORD_FILENAME = "truststore.pass";
+    private static final String INVALID_TRUSTSTORE_PASSWORD_FILENAME = "truststore_invalid.pass";
+
+    private static final String NON_EXISTING_PASSWORD_FILENAME = "non_existing.pass";
+    private static final String PASSWORD_INCORRECT = "password was incorrect";
+
+    private CertAuthSslContextFactory certAuthSslContextFactory;
+
+    @Before
+    public void setup() {
+        this.certAuthSslContextFactory = new CertAuthSslContextFactory(new CertificateReader());
+    }
+
+    @Test
+    public void shouldCreateSslContextSuccessfully_whenValidPasswordsUsed()
+        throws GeneralSecurityException, IOException {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            VALID_KEYSTORE_PASSWORD_FILENAME, VALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When
+        final SSLContext sslContext = certAuthSslContextFactory.createSslContext(sslAuthenticationHelper);
+
+        // Then
+        assertNotNull(sslContext);
+    }
+
+    @Test
+    public void shouldThrowIOException_whenInvalidKeystorePasswordUsed() {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            INVALID_KEYSTORE_PASSWORD_FILENAME, VALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When
+        final IOException exception = assertThrows(IOException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+
+        // Then
+        assertThat(exception.getMessage(), CoreMatchers.containsString(PASSWORD_INCORRECT));
+    }
+
+    @Test
+    public void shouldThrowIOException_whenInvalidTruststorePasswordUsed() {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            VALID_KEYSTORE_PASSWORD_FILENAME, INVALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When
+        final IOException exception = assertThrows(IOException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+
+        // Then
+        assertThat(exception.getMessage(), CoreMatchers.containsString(PASSWORD_INCORRECT));
+    }
+
+    @Test
+    public void shouldThrowNoSuchFileException_whenInvalidKeystoreFilePath() {
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            NON_EXISTING_PASSWORD_FILENAME, INVALID_TRUSTSTORE_PASSWORD_FILENAME);
+
+        // When, Then
+        assertThrows(NoSuchFileException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+    }
+
+    @Test
+    public void shouldThrowNoSuchFileException_whenInvalidTruststoreFilePath() {
+        // Given
+        final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles(
+            VALID_KEYSTORE_PASSWORD_FILENAME, NON_EXISTING_PASSWORD_FILENAME);
+
+        // When, Then
+        assertThrows(NoSuchFileException.class,
+            () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper));
+    }
+
+    private SslAuthenticationHelper mockSslAuthenticationHelperWithFiles(String keystorePasswordFilename,
+        String truststorePasswordFilename) {
+        final SslAuthenticationHelper sslAuthenticationHelper = Mockito.mock(SslAuthenticationHelper.class);
+
+        when(sslAuthenticationHelper.getClientCertificatePath())
+            .thenReturn(getPath(KEYSTORE_FILENAME));
+        when(sslAuthenticationHelper.getClientCertificatePasswordPath())
+            .thenReturn(getPath(keystorePasswordFilename));
+        when(sslAuthenticationHelper.getTrustStorePath())
+            .thenReturn(getPath(TRUSTSTORE_FILENAME));
+        when(sslAuthenticationHelper.getTrustStorePasswordPath())
+            .thenReturn(getPath(truststorePasswordFilename));
+
+        return sslAuthenticationHelper;
+    }
+
+    private String getPath(String fileName) {
+        return CERTIFICATES_DIRECTORY + fileName;
+    }
+}
+\ No newline at end of file
diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java
index 8e82706..85e40e5 100644
--- a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java
+++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java
@@ -20,26 +20,27 @@
 
 package org.onap.pnfsimulator.simulator.client.utils.ssl;
 
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
 class SSLContextFactoryTest {
     private CertificateReader certificateReaderMock;
+    private CertAuthSslContextFactory certAuthSslContextFactory;
     private SSLContextFactory sslContextFactory;
 
     @BeforeEach
     void setup() {
         certificateReaderMock = mock(CertificateReader.class);
-        sslContextFactory = new SSLContextFactory(certificateReaderMock);
+        certAuthSslContextFactory = new CertAuthSslContextFactory(certificateReaderMock);
+        sslContextFactory = new SSLContextFactory(certAuthSslContextFactory);
     }
 
     @Test
diff --git a/pnfsimulator/src/test/resources/client.p12 b/pnfsimulator/src/test/resources/certificates/client.p12
index 0bbec38..0bbec38 100644
--- a/pnfsimulator/src/test/resources/client.p12
+++ b/pnfsimulator/src/test/resources/certificates/client.p12
diff --git a/pnfsimulator/src/test/resources/certificates/client.pass b/pnfsimulator/src/test/resources/certificates/client.pass
new file mode 100644
index 0000000..25acfbf
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/client.pass
@@ -0,0 +1 @@
+collector
+\ No newline at end of file
diff --git a/pnfsimulator/src/test/resources/certificates/client_invalid.pass b/pnfsimulator/src/test/resources/certificates/client_invalid.pass
new file mode 100644
index 0000000..0b54957
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/client_invalid.pass
@@ -0,0 +1 @@
+invalidpassword
+\ No newline at end of file
diff --git a/pnfsimulator/src/test/resources/trustStore b/pnfsimulator/src/test/resources/certificates/truststore
index e90b710..e90b710 100644
--- a/pnfsimulator/src/test/resources/trustStore
+++ b/pnfsimulator/src/test/resources/certificates/truststore
diff --git a/pnfsimulator/src/test/resources/certificates/truststore.pass b/pnfsimulator/src/test/resources/certificates/truststore.pass
new file mode 100644
index 0000000..25acfbf
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/truststore.pass
@@ -0,0 +1 @@
+collector
+\ No newline at end of file
diff --git a/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass b/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass
new file mode 100644
index 0000000..0b54957
--- /dev/null
+++ b/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass
@@ -0,0 +1 @@
+invalidpassword
+\ No newline at end of file
author	Adam Wudzinski <adam.wudzinski@nokia.com>	2020-10-19 13:45:05 +0200
committer	Adam Wudzinski <adam.wudzinski@nokia.com>	2020-10-22 15:55:06 +0200
commit	d5f1ad72efceda8e10311b9a778aa048ed6909a2 (patch)
tree	4f03a0b66a1b17a18ff0a293771086bb341ab072 /pnfsimulator/src
parent	384b7b14722c5a2e351d61b3779869d680cebf8f (diff)