From d5f1ad72efceda8e10311b9a778aa048ed6909a2 Mon Sep 17 00:00:00 2001 From: Adam Wudzinski Date: Mon, 19 Oct 2020 13:45:05 +0200 Subject: Adjust PNF simulator to read passwords to stores from files Issue-ID: INT-1746 Signed-off-by: Adam Wudzinski Change-Id: Ib8a59500c15759bb09bb8b19e4757f1c48625af5 --- pnfsimulator/Dockerfile | 4 +- pnfsimulator/README.md | 10 +- .../utils/ssl/CertAuthSslContextFactory.java | 53 ++++++++ .../client/utils/ssl/CertificateReader.java | 14 +- .../client/utils/ssl/HttpClientFactoryFacade.java | 6 +- .../client/utils/ssl/SSLContextFactory.java | 22 ++-- .../client/utils/ssl/SslAuthenticationHelper.java | 8 +- .../src/main/resources/application.properties | 8 +- .../utils/ssl/CertAuthSslContextFactoryTest.java | 141 +++++++++++++++++++++ .../client/utils/ssl/SSLContextFactoryTest.java | 15 ++- .../src/test/resources/certificates/client.p12 | Bin 0 -> 2685 bytes .../src/test/resources/certificates/client.pass | 1 + .../resources/certificates/client_invalid.pass | 1 + .../src/test/resources/certificates/truststore | Bin 0 -> 1455 bytes .../test/resources/certificates/truststore.pass | 1 + .../resources/certificates/truststore_invalid.pass | 1 + pnfsimulator/src/test/resources/client.p12 | Bin 2685 -> 0 bytes pnfsimulator/src/test/resources/trustStore | Bin 1455 -> 0 bytes pnfsimulator/store/p12.pass | 1 + pnfsimulator/store/truststore.pass | 1 + .../certman/docker-compose.yml | 2 - .../pnfsimulator-secured/certservice/Makefile | 4 +- .../certservice/docker-compose-pnfsim.yml | 8 +- .../client-configuration-for-pnfsim.env | 2 +- 24 files changed, 252 insertions(+), 51 deletions(-) create mode 100644 pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java create mode 100644 pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java create mode 100644 pnfsimulator/src/test/resources/certificates/client.p12 create mode 100644 pnfsimulator/src/test/resources/certificates/client.pass create mode 100644 pnfsimulator/src/test/resources/certificates/client_invalid.pass create mode 100644 pnfsimulator/src/test/resources/certificates/truststore create mode 100644 pnfsimulator/src/test/resources/certificates/truststore.pass create mode 100644 pnfsimulator/src/test/resources/certificates/truststore_invalid.pass delete mode 100644 pnfsimulator/src/test/resources/client.p12 delete mode 100644 pnfsimulator/src/test/resources/trustStore create mode 100644 pnfsimulator/store/p12.pass create mode 100644 pnfsimulator/store/truststore.pass diff --git a/pnfsimulator/Dockerfile b/pnfsimulator/Dockerfile index b029ce9..e53824e 100644 --- a/pnfsimulator/Dockerfile +++ b/pnfsimulator/Dockerfile @@ -13,7 +13,5 @@ CMD apk add ca-certificates RUN python -m pip install -r /opt/db/config/requirements.txt ADD certificates /usr/local/share/ca-certificates/ RUN update-ca-certificates -CMD if [ -f /app/store/p12.pass ]; then export CLIENT_CERT_PASS=$(cat /app/store/p12.pass); fi \ - && if [ -f /app/store/trust.pass ]; then export TRUST_CERT_PASS=$(cat /app/store/trust.pass); fi \ - && python /opt/db/config/mongo_db_schema_creation.py \ +CMD python /opt/db/config/mongo_db_schema_creation.py \ && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main \ diff --git a/pnfsimulator/README.md b/pnfsimulator/README.md index 81e59fc..9f7e996 100644 --- a/pnfsimulator/README.md +++ b/pnfsimulator/README.md @@ -418,8 +418,8 @@ For this purpose: 3. Edit /app/application.properties file as follow: - ssl.clientCertificateEnabled=true (to disable/enable client authentication) - ssl.strictHostnameVerification=true (to disable/enable hostname verification) -- ssl.clientCertificateDir=/app/store/client.p12 (to replace keystore file) -- ssl.clientCertificatePassword=collector (to replace password for keystore) -- ssl.trustStoreDir=/app/store/trustStore (to replace truststore file) -- ssl.trustStorePassword=collector (to replace password for truststore) -4. Refresh configuration by sending simple POST request to correct actuator endpoint at: ```curl http://localhost:5000/refresh -H 'Content-type: application/json' -X POST --data '{}'``` +- ssl.clientCertificatePath=/app/store/client.p12 (to replace with keystore file) +- ssl.clientCertificatePasswordPath=/app/store/keystore.pass (to replace with keystore password file) +- ssl.trustStorePath=/app/store/trustStore (to replace with truststore file) +- ssl.trustStorePasswordPath=/app/store/truststore.pass (to replace with truststore password file) +4. Refresh configuration by sending simple POST request to correct actuator endpoint at: ```curl http://localhost:5001/refresh -H 'Content-type: application/json' -X POST --data '{}'``` diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java new file mode 100644 index 0000000..72af9e5 --- /dev/null +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactory.java @@ -0,0 +1,53 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; +import org.apache.http.ssl.SSLContexts; + +class CertAuthSslContextFactory { + + private final CertificateReader certificateReader; + + CertAuthSslContextFactory(CertificateReader certificateReader) { + this.certificateReader = certificateReader; + } + + SSLContext createSslContext(SslAuthenticationHelper sslAuthenticationHelper) + throws GeneralSecurityException, IOException { + final String keystorePasswordPath = sslAuthenticationHelper.getClientCertificatePasswordPath(); + + final KeyStore keystore = certificateReader.read(sslAuthenticationHelper.getClientCertificatePath(), + keystorePasswordPath, "PKCS12"); + final KeyStore truststore = certificateReader.read(sslAuthenticationHelper.getTrustStorePath(), + sslAuthenticationHelper.getTrustStorePasswordPath(), "JKS"); + + return SSLContexts.custom() + .loadKeyMaterial(keystore, certificateReader.readPassword(keystorePasswordPath)) + .loadTrustMaterial(truststore, new TrustSelfSignedStrategy()) + .build(); + } + +} diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java index e0b8cc2..a42114b 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertificateReader.java @@ -23,16 +23,24 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; import java.security.GeneralSecurityException; import java.security.KeyStore; class CertificateReader { - KeyStore read(String certificate, String password, String type) throws GeneralSecurityException, IOException { - try (InputStream keyStoreStream = new FileInputStream(certificate)) { + KeyStore read(String certificatePath, String passwordPath, String type) throws GeneralSecurityException, IOException { + try (InputStream keyStoreStream = new FileInputStream(certificatePath)) { KeyStore keyStore = KeyStore.getInstance(type); - keyStore.load(keyStoreStream, PasswordConverter.convert(password)); + keyStore.load(keyStoreStream, readPassword(passwordPath)); return keyStore; } } + + char[] readPassword(String passwordPath) throws IOException { + final String password = Files.readString(Path.of(passwordPath)); + return PasswordConverter.convert(password); + } + } diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java index 521b584..dffd635 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/HttpClientFactoryFacade.java @@ -20,10 +20,9 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.apache.http.client.HttpClient; - import java.io.IOException; import java.security.GeneralSecurityException; +import org.apache.http.client.HttpClient; public class HttpClientFactoryFacade { @@ -31,7 +30,8 @@ public class HttpClientFactoryFacade { } private static final CertificateReader CERTIFICATE_READER = new CertificateReader(); - private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERTIFICATE_READER); + private static final CertAuthSslContextFactory CERT_AUTH_SSL_CONTEXT_FACTORY = new CertAuthSslContextFactory(CERTIFICATE_READER); + private static final SSLContextFactory SSL_CONTEXT_FACTORY = new SSLContextFactory(CERT_AUTH_SSL_CONTEXT_FACTORY); private static final HttpClientFactory HTTP_CLIENT_FACTORY = new HttpClientFactory(SSL_CONTEXT_FACTORY); public static HttpClient create(String url, SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException { diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java index c4839fb..b8dfe6f 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactory.java @@ -19,32 +19,26 @@ */ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.apache.http.conn.ssl.TrustAllStrategy; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.conn.ssl.TrustStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; - -import javax.net.ssl.SSLContext; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.TrustAllStrategy; +import org.apache.http.conn.ssl.TrustStrategy; +import org.apache.http.ssl.SSLContextBuilder; class SSLContextFactory { private static final TrustStrategy TRUST_STRATEGY_ALWAYS = new TrustAllStrategy(); - private final CertificateReader certificateReader; + private final CertAuthSslContextFactory certAuthSslContextFactory; - SSLContextFactory(CertificateReader certificateReader) { - this.certificateReader = certificateReader; + SSLContextFactory(CertAuthSslContextFactory certAuthSslContextFactory) { + this.certAuthSslContextFactory = certAuthSslContextFactory; } SSLContext create(SslAuthenticationHelper sslAuthenticationHelper) throws GeneralSecurityException, IOException { - return SSLContexts.custom() - .loadKeyMaterial(certificateReader.read(sslAuthenticationHelper.getClientCertificateDir(), sslAuthenticationHelper.getClientCertificatePassword(), "PKCS12"), PasswordConverter.convert(sslAuthenticationHelper.getClientCertificatePassword())) - .loadTrustMaterial(certificateReader.read(sslAuthenticationHelper.getTrustStoreDir(), sslAuthenticationHelper.getTrustStorePassword(), "JKS"), new TrustSelfSignedStrategy()) - .build(); + return certAuthSslContextFactory.createSslContext(sslAuthenticationHelper); } SSLContext createTrustAlways() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException { diff --git a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java index b785be6..271ad93 100644 --- a/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java +++ b/pnfsimulator/src/main/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SslAuthenticationHelper.java @@ -38,8 +38,8 @@ public class SslAuthenticationHelper implements Serializable { private boolean clientCertificateEnabled; private boolean strictHostnameVerification; - private String clientCertificateDir; - private String clientCertificatePassword; - private String trustStoreDir; - private String trustStorePassword; + private String clientCertificatePath; + private String clientCertificatePasswordPath; + private String trustStorePath; + private String trustStorePasswordPath; } diff --git a/pnfsimulator/src/main/resources/application.properties b/pnfsimulator/src/main/resources/application.properties index 39334d1..c566ce3 100644 --- a/pnfsimulator/src/main/resources/application.properties +++ b/pnfsimulator/src/main/resources/application.properties @@ -12,7 +12,7 @@ management.endpoints.web.exposure.include=refresh,health ssl.clientCertificateEnabled=true ssl.strictHostnameVerification=${STRICT_HOSTNAME_VERIFICATION:false} -ssl.clientCertificateDir=/app/store/cert.p12 -ssl.clientCertificatePassword=${CLIENT_CERT_PASS:collector} -ssl.trustStoreDir=/app/store/trust.jks -ssl.trustStorePassword=${TRUST_CERT_PASS:collector} +ssl.clientCertificatePath=/app/store/cert.p12 +ssl.clientCertificatePasswordPath=/app/store/p12.pass +ssl.trustStorePath=/app/store/trust.jks +ssl.trustStorePasswordPath=/app/store/trust.pass \ No newline at end of file diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java new file mode 100644 index 0000000..c64ddd7 --- /dev/null +++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/CertAuthSslContextFactoryTest.java @@ -0,0 +1,141 @@ +/* + * ============LICENSE_START======================================================= + * PNF-REGISTRATION-HANDLER + * ================================================================================ + * Copyright (C) 2020 Nokia. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.pnfsimulator.simulator.client.utils.ssl; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThat; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.Mockito.when; + +import java.io.IOException; +import java.nio.file.NoSuchFileException; +import java.security.GeneralSecurityException; +import javax.net.ssl.SSLContext; +import org.hamcrest.CoreMatchers; +import org.junit.Before; +import org.junit.Test; +import org.mockito.Mockito; + +public class CertAuthSslContextFactoryTest { + + private static final String CERTIFICATES_DIRECTORY = "src/test/resources/certificates/"; + + private static final String KEYSTORE_FILENAME = "client.p12"; + private static final String VALID_KEYSTORE_PASSWORD_FILENAME = "client.pass"; + private static final String INVALID_KEYSTORE_PASSWORD_FILENAME = "client_invalid.pass"; + + private static final String TRUSTSTORE_FILENAME = "truststore"; + private static final String VALID_TRUSTSTORE_PASSWORD_FILENAME = "truststore.pass"; + private static final String INVALID_TRUSTSTORE_PASSWORD_FILENAME = "truststore_invalid.pass"; + + private static final String NON_EXISTING_PASSWORD_FILENAME = "non_existing.pass"; + private static final String PASSWORD_INCORRECT = "password was incorrect"; + + private CertAuthSslContextFactory certAuthSslContextFactory; + + @Before + public void setup() { + this.certAuthSslContextFactory = new CertAuthSslContextFactory(new CertificateReader()); + } + + @Test + public void shouldCreateSslContextSuccessfully_whenValidPasswordsUsed() + throws GeneralSecurityException, IOException { + // Given + final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles( + VALID_KEYSTORE_PASSWORD_FILENAME, VALID_TRUSTSTORE_PASSWORD_FILENAME); + + // When + final SSLContext sslContext = certAuthSslContextFactory.createSslContext(sslAuthenticationHelper); + + // Then + assertNotNull(sslContext); + } + + @Test + public void shouldThrowIOException_whenInvalidKeystorePasswordUsed() { + // Given + final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles( + INVALID_KEYSTORE_PASSWORD_FILENAME, VALID_TRUSTSTORE_PASSWORD_FILENAME); + + // When + final IOException exception = assertThrows(IOException.class, + () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper)); + + // Then + assertThat(exception.getMessage(), CoreMatchers.containsString(PASSWORD_INCORRECT)); + } + + @Test + public void shouldThrowIOException_whenInvalidTruststorePasswordUsed() { + // Given + final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles( + VALID_KEYSTORE_PASSWORD_FILENAME, INVALID_TRUSTSTORE_PASSWORD_FILENAME); + + // When + final IOException exception = assertThrows(IOException.class, + () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper)); + + // Then + assertThat(exception.getMessage(), CoreMatchers.containsString(PASSWORD_INCORRECT)); + } + + @Test + public void shouldThrowNoSuchFileException_whenInvalidKeystoreFilePath() { + final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles( + NON_EXISTING_PASSWORD_FILENAME, INVALID_TRUSTSTORE_PASSWORD_FILENAME); + + // When, Then + assertThrows(NoSuchFileException.class, + () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper)); + } + + @Test + public void shouldThrowNoSuchFileException_whenInvalidTruststoreFilePath() { + // Given + final SslAuthenticationHelper sslAuthenticationHelper = mockSslAuthenticationHelperWithFiles( + VALID_KEYSTORE_PASSWORD_FILENAME, NON_EXISTING_PASSWORD_FILENAME); + + // When, Then + assertThrows(NoSuchFileException.class, + () -> certAuthSslContextFactory.createSslContext(sslAuthenticationHelper)); + } + + private SslAuthenticationHelper mockSslAuthenticationHelperWithFiles(String keystorePasswordFilename, + String truststorePasswordFilename) { + final SslAuthenticationHelper sslAuthenticationHelper = Mockito.mock(SslAuthenticationHelper.class); + + when(sslAuthenticationHelper.getClientCertificatePath()) + .thenReturn(getPath(KEYSTORE_FILENAME)); + when(sslAuthenticationHelper.getClientCertificatePasswordPath()) + .thenReturn(getPath(keystorePasswordFilename)); + when(sslAuthenticationHelper.getTrustStorePath()) + .thenReturn(getPath(TRUSTSTORE_FILENAME)); + when(sslAuthenticationHelper.getTrustStorePasswordPath()) + .thenReturn(getPath(truststorePasswordFilename)); + + return sslAuthenticationHelper; + } + + private String getPath(String fileName) { + return CERTIFICATES_DIRECTORY + fileName; + } +} \ No newline at end of file diff --git a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java index 8e82706..85e40e5 100644 --- a/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java +++ b/pnfsimulator/src/test/java/org/onap/pnfsimulator/simulator/client/utils/ssl/SSLContextFactoryTest.java @@ -20,26 +20,27 @@ package org.onap.pnfsimulator.simulator.client.utils.ssl; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.io.IOException; -import java.security.GeneralSecurityException; - import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; +import java.io.IOException; +import java.security.GeneralSecurityException; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + class SSLContextFactoryTest { private CertificateReader certificateReaderMock; + private CertAuthSslContextFactory certAuthSslContextFactory; private SSLContextFactory sslContextFactory; @BeforeEach void setup() { certificateReaderMock = mock(CertificateReader.class); - sslContextFactory = new SSLContextFactory(certificateReaderMock); + certAuthSslContextFactory = new CertAuthSslContextFactory(certificateReaderMock); + sslContextFactory = new SSLContextFactory(certAuthSslContextFactory); } @Test diff --git a/pnfsimulator/src/test/resources/certificates/client.p12 b/pnfsimulator/src/test/resources/certificates/client.p12 new file mode 100644 index 0000000..0bbec38 Binary files /dev/null and b/pnfsimulator/src/test/resources/certificates/client.p12 differ diff --git a/pnfsimulator/src/test/resources/certificates/client.pass b/pnfsimulator/src/test/resources/certificates/client.pass new file mode 100644 index 0000000..25acfbf --- /dev/null +++ b/pnfsimulator/src/test/resources/certificates/client.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/pnfsimulator/src/test/resources/certificates/client_invalid.pass b/pnfsimulator/src/test/resources/certificates/client_invalid.pass new file mode 100644 index 0000000..0b54957 --- /dev/null +++ b/pnfsimulator/src/test/resources/certificates/client_invalid.pass @@ -0,0 +1 @@ +invalidpassword \ No newline at end of file diff --git a/pnfsimulator/src/test/resources/certificates/truststore b/pnfsimulator/src/test/resources/certificates/truststore new file mode 100644 index 0000000..e90b710 Binary files /dev/null and b/pnfsimulator/src/test/resources/certificates/truststore differ diff --git a/pnfsimulator/src/test/resources/certificates/truststore.pass b/pnfsimulator/src/test/resources/certificates/truststore.pass new file mode 100644 index 0000000..25acfbf --- /dev/null +++ b/pnfsimulator/src/test/resources/certificates/truststore.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass b/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass new file mode 100644 index 0000000..0b54957 --- /dev/null +++ b/pnfsimulator/src/test/resources/certificates/truststore_invalid.pass @@ -0,0 +1 @@ +invalidpassword \ No newline at end of file diff --git a/pnfsimulator/src/test/resources/client.p12 b/pnfsimulator/src/test/resources/client.p12 deleted file mode 100644 index 0bbec38..0000000 Binary files a/pnfsimulator/src/test/resources/client.p12 and /dev/null differ diff --git a/pnfsimulator/src/test/resources/trustStore b/pnfsimulator/src/test/resources/trustStore deleted file mode 100644 index e90b710..0000000 Binary files a/pnfsimulator/src/test/resources/trustStore and /dev/null differ diff --git a/pnfsimulator/store/p12.pass b/pnfsimulator/store/p12.pass new file mode 100644 index 0000000..25acfbf --- /dev/null +++ b/pnfsimulator/store/p12.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/pnfsimulator/store/truststore.pass b/pnfsimulator/store/truststore.pass new file mode 100644 index 0000000..25acfbf --- /dev/null +++ b/pnfsimulator/store/truststore.pass @@ -0,0 +1 @@ +collector \ No newline at end of file diff --git a/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml b/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml index 5b40a09..e233716 100644 --- a/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml +++ b/sanitycheck/pnfsimulator-secured/certman/docker-compose.yml @@ -53,8 +53,6 @@ services: - "5000:5000" command: bash -c " while [[ $$(ls -1 /app/store | wc -l) != '10' ]]; do echo 'Waiting for certs...'; sleep 3; done - && export CLIENT_CERT_PASS=$$(cat /app/store/p12.pass) - && export TRUST_CERT_PASS=$$(cat /app/store/trust.pass) && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main " volumes: diff --git a/sanitycheck/pnfsimulator-secured/certservice/Makefile b/sanitycheck/pnfsimulator-secured/certservice/Makefile index aea8477..2d3754c 100644 --- a/sanitycheck/pnfsimulator-secured/certservice/Makefile +++ b/sanitycheck/pnfsimulator-secured/certservice/Makefile @@ -44,8 +44,10 @@ clean-all: --clean-pnfsim --clean-env --clean-pnfsim: docker-compose -f docker-compose-pnfsim.yml down - rm -rf ./resources/certservice-client/client-volume-for-pnfsim/cert.p12 || true rm -rf ./resources/certservice-client/client-volume-for-pnfsim/trust.jks || true + rm -rf ./resources/certservice-client/client-volume-for-pnfsim/cert.p12 || true + rm -rf ./resources/certservice-client/client-volume-for-pnfsim/p12.pass || true + rm -rf ./resources/certservice-client/client-volume-for-pnfsim/trust.pass || true --clean-env: docker-compose -f docker-compose-ves-dmaap.yml down diff --git a/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml index f09b0a9..d5bb5e2 100644 --- a/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml +++ b/sanitycheck/pnfsimulator-secured/certservice/docker-compose-pnfsim.yml @@ -44,10 +44,10 @@ services: - public command: bash -c " while [[ $$(ls -1 /app/store | wc -l) != '4' ]]; do echo 'Waiting for certs...'; sleep 3; done - && cp /app/store/truststore.jks /app/store/trust.jks - && cp /app/store/keystore.jks /app/store/cert.p12 - && export CLIENT_CERT_PASS=$$(cat /app/store/keystore.pass) - && export TRUST_CERT_PASS=$$(cat /app/store/truststore.pass) + && cp /app/store/truststore.p12 /app/store/trust.jks + && cp /app/store/keystore.p12 /app/store/cert.p12 + && cp /app/store/keystore.pass /app/store/p12.pass + && cp /app/store/truststore.pass /app/store/trust.pass && java -Dspring.config.location=file:/app/application.properties -cp /app/libs/*:/app/pnf-simulator.jar org.onap.pnfsimulator.Main " volumes: diff --git a/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env b/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env index cda235d..c5f33b6 100644 --- a/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env +++ b/sanitycheck/pnfsimulator-secured/certservice/resources/certservice-client/client-configuration-for-pnfsim.env @@ -3,7 +3,7 @@ REQUEST_URL=https://oom-cert-service:8443/v1/certificate/ REQUEST_TIMEOUT=10000 OUTPUT_PATH=/var/certs CA_NAME=RA -OUTPUT_TYPE=JKS +OUTPUT_TYPE=P12 #Csr config envs COMMON_NAME=onap.org ORGANIZATION=Linux-Foundation -- cgit 1.2.3-korg