summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorS�bastien Determe <sebastien.determe@intl.att.com>2021-04-21 15:38:21 +0000
committerGerrit Code Review <gerrit@onap.org>2021-04-21 15:38:21 +0000
commit5db8d1bd2ffd4e3c3a3d9b19dc3cb3f6e1b2ff41 (patch)
tree3fd5f4c3fffaa3ded608450a79066f6920141de1
parent88626ebe53d6b7ebef10180cede9910149abbc68 (diff)
parente2e71040679fc6f305f9cdbe0d9d38c701934dcd (diff)
Merge "Fix Sonar Crypto issues"
-rw-r--r--README.md10
-rw-r--r--pom.xml12
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/Application.java2
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java27
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java54
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java168
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java8
-rw-r--r--src/main/java/org/onap/policy/clamp/util/PassDecoder.java10
-rw-r--r--src/main/resources/clds/key.properties1
-rw-r--r--src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java7
-rw-r--r--src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java12
-rw-r--r--src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java99
-rw-r--r--src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java23
-rw-r--r--src/test/resources/application.properties2
-rw-r--r--src/test/resources/clds/sdc-controller-config-TLS.json4
-rw-r--r--src/test/resources/clds/sdc-controllers-config.json47
-rw-r--r--src/test/resources/robotframework/robotframework-test.properties2
17 files changed, 105 insertions, 383 deletions
diff --git a/README.md b/README.md
index ba194ec33..583f4cc6f 100644
--- a/README.md
+++ b/README.md
@@ -67,7 +67,7 @@ This file is a JSON that must be specified to Spring config, here is an example:
"consumerId": "consumerId1",
"environmentName": "AUTO",
"sdcAddress": "localhost:8443",
- "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"pollingInterval":30,
"pollingTimeout":30,
"activateServerTLSAuth":"false",
@@ -81,7 +81,7 @@ This file is a JSON that must be specified to Spring config, here is an example:
"consumerId": "consumerId1",
"environmentName": "AUTO",
"sdcAddress": "localhost:8443",
- "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"pollingInterval":30,
"pollingTimeout":30,
"activateServerTLSAuth":"false",
@@ -101,7 +101,7 @@ If the sdcAddress is not specified or not available (connection failure) the mes
A [docker-compose example file](extra/docker/clamp/docker-compose.yml) can be found under the [extra/docker/clamp/ folder](extra/docker/).
-Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a prepopullated database and a clamp instance available on [https://localhost:3000](https://localhost:3000).
+Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a pre-populated database, and a clamp instance available on [https://localhost:3000](https://localhost:3000).
### Logs
@@ -146,9 +146,9 @@ resource clds/aaf/org.onap.clamp.p12.
cadi_latitude[0.000]=10.0
cadi_longitude[0.000]=10.0
- Certs should created, you can get them in /var/lib/docker/volumes/clamp_config/_data/local
- If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re used) : docker volume rm clamp_config
+ If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re-used) : docker volume rm clamp_config
- wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar
-- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi digest changeit testos.key
+- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi <digest|undigest> changeit testos.key
- you can also use the agent.sh script to decrypt the passwords, by running the showpass commands (see wiki below)
- Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key'
- Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem'
diff --git a/pom.xml b/pom.xml
index d7a624164..36661b86c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -514,18 +514,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-api-mockito2</artifactId>
- <version>2.0.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4</artifactId>
- <version>2.0.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java-core</artifactId>
<version>3.2.7</version>
diff --git a/src/main/java/org/onap/policy/clamp/clds/Application.java b/src/main/java/org/onap/policy/clamp/clds/Application.java
index a242086da..ba300ac09 100644
--- a/src/main/java/org/onap/policy/clamp/clds/Application.java
+++ b/src/main/java/org/onap/policy/clamp/clds/Application.java
@@ -96,7 +96,7 @@ public class Application extends SpringBootServletInitializer {
private String keyStoreType;
- @Value("${clamp.config.keyFile:#{null}}")
+ @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}")
private String keyFile;
@Autowired
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java
index 4748edf6d..d0b116f71 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Modifications Copyright (c) 2019 Samsung
@@ -20,13 +20,14 @@
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.policy.clamp.clds.config.sdc;
import com.google.gson.JsonObject;
import java.io.IOException;
+import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
@@ -49,10 +50,14 @@ public class SdcControllersConfiguration {
private static final String CONTROLLER_SUBTREE_KEY = "sdc-connections";
@Autowired
protected ApplicationContext appContext;
+
+ @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}")
+ private String keyFile;
+
/**
* The file name that will be loaded by Spring.
*/
- @Value("${clamp.config.files.sdcController:'classpath:/clds/sdc-controllers-config.json'}")
+ @Value("${clamp.config.files.sdcController:classpath:/clds/sdc-controllers-config.json}")
protected String sdcControllerFile;
/**
* The root of the JSON.
@@ -66,11 +71,10 @@ public class SdcControllersConfiguration {
*/
@PostConstruct
public void loadConfiguration() throws IOException {
- Resource resource = appContext.getResource(sdcControllerFile);
- // Try to load json tree
- jsonRootNode = JsonUtils.GSON.fromJson(new InputStreamReader(
- resource.getInputStream(), StandardCharsets.UTF_8),
- JsonObject.class);
+ try (InputStreamReader controllerFile = new InputStreamReader(
+ appContext.getResource(sdcControllerFile).getInputStream(), StandardCharsets.UTF_8)) {
+ jsonRootNode = JsonUtils.GSON.fromJson(controllerFile, JsonObject.class);
+ }
}
public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) {
@@ -86,8 +90,9 @@ public class SdcControllersConfiguration {
Map<String, SdcSingleControllerConfiguration> result = new HashMap<>();
if (jsonRootNode.get(CONTROLLER_SUBTREE_KEY) != null) {
jsonRootNode.get(CONTROLLER_SUBTREE_KEY).getAsJsonObject().entrySet().forEach(
- entry -> result.put(entry.getKey(),
- new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey())));
+ entry -> result.put(entry.getKey(),
+ new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey(),
+ keyFile)));
} else {
throw new SdcParametersException(
CONTROLLER_SUBTREE_KEY + " key not found in the file: " + sdcControllerFile);
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java
index 0bbbf19dc..67060d776 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -18,22 +18,17 @@
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.policy.clamp.clds.config.sdc;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
import com.google.gson.JsonObject;
-import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collections;
import java.util.List;
-import org.apache.commons.codec.DecoderException;
import org.onap.policy.clamp.clds.exception.sdc.controller.SdcParametersException;
-import org.onap.policy.clamp.clds.util.CryptoUtils;
+import org.onap.policy.clamp.util.PassDecoder;
import org.onap.sdc.api.consumer.IConfiguration;
/**
@@ -41,8 +36,8 @@ import org.onap.sdc.api.consumer.IConfiguration;
*/
public class SdcSingleControllerConfiguration implements IConfiguration {
- private static final EELFLogger logger = EELFManager.getInstance()
- .getLogger(SdcSingleControllerConfiguration.class);
+ private final String keyFile;
+
/**
* The sdc Controller name corresponding.
*/
@@ -78,23 +73,20 @@ public class SdcSingleControllerConfiguration implements IConfiguration {
public static final String OTHER = "OTHER";
public static final String TOSCA_CSAR = "TOSCA_CSAR";
public static final String VF_MODULES_METADATA = "VF_MODULES_METADATA";
- private static final String[] SUPPORTED_ARTIFACT_TYPES = {
- TOSCA_CSAR, VF_MODULES_METADATA
- };
- public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = Collections
- .unmodifiableList(Arrays.asList(SUPPORTED_ARTIFACT_TYPES));
+ private static final String[] SUPPORTED_ARTIFACT_TYPES = {TOSCA_CSAR, VF_MODULES_METADATA};
+ public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = List.of(SUPPORTED_ARTIFACT_TYPES);
/**
* This constructor builds a SdcSingleControllerConfiguration from the
* corresponding json.
- *
- * @param jsonNode
- * The JSON node
- * @param controllerName
- * The controller name that must appear in the JSON
+ *
+ * @param jsonNode The JSON node
+ * @param controllerName The controller name that must appear in the JSON
+ * @param keyFileLocation The location of the file to decode the password using CADI
*/
- public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName) {
+ public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName, String keyFileLocation) {
jsonRootNode = jsonNode;
+ keyFile = keyFileLocation;
setSdcControllerName(controllerName);
testAllRequiredParameters();
}
@@ -130,10 +122,10 @@ public class SdcSingleControllerConfiguration implements IConfiguration {
}
}
- private String getEncryptedStringConfig(String key) throws GeneralSecurityException, DecoderException {
+ private String getEncryptedStringConfig(String key) {
if (jsonRootNode != null && jsonRootNode.get(key) != null) {
return jsonRootNode.get(key).getAsString().isEmpty() ? null
- : CryptoUtils.decrypt(jsonRootNode.get(key).getAsString());
+ : PassDecoder.decode(jsonRootNode.get(key).getAsString(), keyFile);
}
return null;
}
@@ -164,12 +156,7 @@ public class SdcSingleControllerConfiguration implements IConfiguration {
@Override
public String getPassword() {
- try {
- return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME);
- } catch (GeneralSecurityException | DecoderException e) {
- logger.error("Unable to decrypt the SDC password", e);
- return null;
- }
+ return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME);
}
@Override
@@ -211,12 +198,7 @@ public class SdcSingleControllerConfiguration implements IConfiguration {
@Override
public String getKeyStorePassword() {
- try {
- return getEncryptedStringConfig(KEY_STORE_KEY);
- } catch (GeneralSecurityException | DecoderException e) {
- logger.error("Unable to decrypt the SDC password", e);
- return null;
- }
+ return getEncryptedStringConfig(KEY_STORE_KEY);
}
@Override
diff --git a/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java
deleted file mode 100644
index 01dd48763..000000000
--- a/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.policy.clamp.clds.util;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import com.google.common.base.Charsets;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
-import java.util.Properties;
-import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang3.ArrayUtils;
-
-/**
- * CryptoUtils for encrypting/decrypting string based on a Key defined in
- * application.properties (Spring config file).
- */
-public final class CryptoUtils {
-
- /**
- * Used to log CryptoUtils class.
- */
- private static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class);
- // Openssl commands:
- // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key>
- // -iv <16 Bytes iv (HEX), be careful it's 32 Hex Chars> | xxd -u -g100
- // Final result is to put in properties file is: IV + Outcome of openssl
- // command
- // ************************************************************
- // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d
- // -K
- // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String, be
- // careful it's 32 Hex Chars>
- /**
- * Definition of encryption algorithm.
- */
- private static final String ALGORITHM = "AES";
-
- /**
- * AES Encryption Key environment variable for external configuration.
- */
- private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY";
-
- /**
- * Detailed definition of encryption algorithm.
- */
- private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
- private static final int IV_BLOCK_SIZE_IN_BITS = 128;
- /**
- * An Initial Vector of 16 Bytes, so 32 Hexadecimal Chars.
- */
- private static final int IV_BLOCK_SIZE_IN_BYTES = IV_BLOCK_SIZE_IN_BITS / 8;
- /**
- * Key to read in the key.properties file.
- */
- private static final String KEY_PARAM = "org.onap.policy.clamp.encryption.aes.key";
- private static final String PROPERTIES_FILE_NAME = "clds/key.properties";
- /**
- * The SecretKeySpec created from the Base 64 String key.
- */
- private static final SecretKeySpec SECRET_KEY_SPEC = readSecretKeySpec(PROPERTIES_FILE_NAME);
-
- /**
- * Private constructor to avoid creating instances of util class.
- */
- private CryptoUtils() {
- }
-
- /**
- * Encrypt a value based on the Clamp Encryption Key.
- *
- * @param value The value to encrypt
- * @return The encrypted string
- * @throws GeneralSecurityException In case of issue with the encryption
- * @throws UnsupportedEncodingException In case of issue with the charset
- * conversion
- */
- public static String encrypt(String value) throws GeneralSecurityException {
- Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
- byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
- SecureRandom.getInstance("SHA1PRNG").nextBytes(iv);
- IvParameterSpec ivspec = new IvParameterSpec(iv);
- cipher.init(Cipher.ENCRYPT_MODE, SECRET_KEY_SPEC, ivspec);
- return Hex.encodeHexString(ArrayUtils.addAll(iv, cipher.doFinal(value.getBytes(Charsets.UTF_8))));
- }
-
- /**
- * Decrypt a value based on the Clamp Encryption Key.
- *
- * @param message The encrypted string that must be decrypted using the Clamp
- * Encryption Key
- * @return The String decrypted
- * @throws GeneralSecurityException In case of issue with the encryption
- * @throws DecoderException In case of issue to decode the HexString
- */
- public static String decrypt(String message) throws GeneralSecurityException, DecoderException {
- byte[] encryptedMessage = Hex.decodeHex(message.toCharArray());
- Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
- IvParameterSpec ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, IV_BLOCK_SIZE_IN_BYTES));
- byte[] realData = ArrayUtils.subarray(encryptedMessage, IV_BLOCK_SIZE_IN_BYTES, encryptedMessage.length);
- cipher.init(Cipher.DECRYPT_MODE, SECRET_KEY_SPEC, ivspec);
- byte[] decrypted = cipher.doFinal(realData);
- return new String(decrypted);
- }
-
- /**
- * Method used to generate the SecretKeySpec from a Base64 String.
- *
- * @param keyString The key as a string in Base 64
- * @return The SecretKeySpec created
- * @throws DecoderException In case of issues with the decoding of Base64
- */
- private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException {
- byte[] key = Hex.decodeHex(keyString.toCharArray());
- return new SecretKeySpec(key, ALGORITHM);
- }
-
- /**
- * Reads SecretKeySpec from file specified by propertiesFileName.
- *
- * @param propertiesFileName File name with properties
- * @return SecretKeySpec secret key spec read from propertiesFileName
- */
- private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
- Properties props = new Properties();
- try {
- // Workaround fix to make encryption key configurable
- // System environment variable takes precedence for over clds/key.properties
- String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
- if (encryptionKey != null && encryptionKey.trim().length() > 0) {
- return getSecretKeySpec(encryptionKey);
- } else {
- props.load(ResourceFileUtils.getResourceAsStream(propertiesFileName));
- return getSecretKeySpec(props.getProperty(KEY_PARAM));
- }
- } catch (IOException | DecoderException e) {
- logger.error("Exception occurred during the key reading", e);
- return null;
- }
- }
-}
diff --git a/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java b/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java
index cd4700277..d6184c656 100644
--- a/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java
+++ b/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -56,8 +56,8 @@ public final class ResourceFileUtils {
* @return The file as inputStream
*/
public static InputStream getResourceAsStream(String fileName) {
- InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(
- fileName.startsWith(CLASSPATH_PREFIX) ? fileName.replaceFirst(CLASSPATH_PREFIX, "") : fileName);
+ InputStream is = Thread.currentThread().getContextClassLoader()
+ .getResourceAsStream(fileName.replaceFirst("^" + CLASSPATH_PREFIX, ""));
if (is == null) {
throw new IllegalArgumentException("Unable to find resource: " + fileName);
}
diff --git a/src/main/java/org/onap/policy/clamp/util/PassDecoder.java b/src/main/java/org/onap/policy/clamp/util/PassDecoder.java
index f4b8ed4dc..b8e90e3d0 100644
--- a/src/main/java/org/onap/policy/clamp/util/PassDecoder.java
+++ b/src/main/java/org/onap/policy/clamp/util/PassDecoder.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -32,6 +32,10 @@ import org.onap.policy.clamp.clds.util.ResourceFileUtils;
* PassDecoder for decrypting the truststore and keystore password.
*/
public class PassDecoder {
+
+ private PassDecoder() {
+ }
+
/**
* Used to log PassDecoder class.
*/
@@ -41,7 +45,7 @@ public class PassDecoder {
* Decode the password.
*
* @param encryptedPass The encrypted password
- * @param keyFileName The key file name in String
+ * @param keyFileName The key file name in String
*/
public static String decode(String encryptedPass, String keyFileName) {
if (null == keyFileName) {
diff --git a/src/main/resources/clds/key.properties b/src/main/resources/clds/key.properties
deleted file mode 100644
index dda2b87d0..000000000
--- a/src/main/resources/clds/key.properties
+++ /dev/null
@@ -1 +0,0 @@
-org.onap.policy.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f \ No newline at end of file
diff --git a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java
index 89178b778..7390b65ba 100644
--- a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java
+++ b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -57,7 +57,8 @@ public class SdcSingleControllerConfigurationTest {
StandardCharsets.UTF_8);
JsonObject jsonNode = JsonUtils.GSON.fromJson(streamReader, JsonObject.class);
- return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName);
+ return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName,
+ "classpath:clds/aaf/org.onap.clamp.keyfile");
}
@Test
diff --git a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java
index 516fc7a09..70aeccf59 100644
--- a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java
+++ b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java
@@ -1,8 +1,8 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -56,7 +56,7 @@ public class SdcControllersConfigurationItCase {
@Test
public void testGetAllDefinedControllers() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config.json");
+ loadFile("classpath:clds/sdc-controllers-config.json");
Map<String, SdcSingleControllerConfiguration> mapResult = sdcControllersConfiguration
.getAllDefinedControllers();
assertTrue(mapResult.size() == 2);
@@ -66,7 +66,7 @@ public class SdcControllersConfigurationItCase {
@Test
public void testGetSdcSingleControllerConfiguration() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config.json");
+ loadFile("classpath:clds/sdc-controllers-config.json");
assertEquals("sdc-controller1", sdcControllersConfiguration
.getSdcSingleControllerConfiguration("sdc-controller1").getSdcControllerName());
assertEquals("sdc-controller2", sdcControllersConfiguration
@@ -75,13 +75,13 @@ public class SdcControllersConfigurationItCase {
@Test(expected = JsonSyntaxException.class)
public void testBadJsonLoading() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config-bad.json");
+ loadFile("classpath:clds/sdc-controllers-config-bad.json");
fail("Should have raised an exception");
}
@Test(expected = SdcParametersException.class)
public void testMissingParamInJsonLoading() throws IOException {
- loadFile("classpath:/clds/sdc-controllers-config-missing-param.json");
+ loadFile("classpath:clds/sdc-controllers-config-missing-param.json");
sdcControllersConfiguration.getAllDefinedControllers();
fail("Should have raised an exception");
}
diff --git a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java
deleted file mode 100644
index 6239fef80..000000000
--- a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Modifications Copyright (c) 2019 Samsung
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.policy.clamp.clds.util;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.mockito.ArgumentMatchers.eq;
-
-import java.security.InvalidKeyException;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang3.ArrayUtils;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.powermock.api.mockito.PowerMockito;
-import org.powermock.core.classloader.annotations.PowerMockIgnore;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-
-@RunWith(PowerMockRunner.class)
-@PowerMockIgnore({ "javax.crypto.*", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*" })
-public class CryptoUtilsTest {
-
- private final String data = "This is a test string";
-
- @Test
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryption() throws Exception {
- String encodedString = CryptoUtils.encrypt(data);
- assertNotNull(encodedString);
- assertEquals(data, CryptoUtils.decrypt(encodedString));
- }
-
- @Test
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryptedStringIsDifferent() throws Exception {
- String encodedString1 = CryptoUtils.encrypt(data);
- String encodedString2 = CryptoUtils.encrypt(data);
- byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray());
- byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray());
- assertNotNull(encryptedMessage1);
- assertNotNull(encryptedMessage2);
- assertNotEquals(encryptedMessage1, encryptedMessage2);
- byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length);
- byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length);
- assertNotEquals(subData1, subData2);
- }
-
- @Test
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryptionBaseOnRandomKey() throws Exception {
- SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
- final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded()));
- setAesEncryptionKeyEnv(encryptionKey);
-
- String encodedString = CryptoUtils.encrypt(data);
- String decodedString = CryptoUtils.decrypt(encodedString);
- assertEquals(data, decodedString);
- }
-
- @Test(expected = InvalidKeyException.class)
- @PrepareForTest({ CryptoUtils.class })
- public final void testEncryptionBadKey() throws Exception {
- final String badEncryptionKey = "93210sd";
- setAesEncryptionKeyEnv(badEncryptionKey);
-
- CryptoUtils.encrypt(data);
- }
-
- private static void setAesEncryptionKeyEnv(String value) {
- PowerMockito.mockStatic(System.class);
- PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value);
- }
-}
diff --git a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java
index 83e894130..7fd0cb91d 100644
--- a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java
+++ b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java
@@ -1,24 +1,24 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP CLAMP
+ * ONAP POLICY-CLAMP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+ * you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.policy.clamp.util;
@@ -48,5 +48,8 @@ public class PassDecoderTest {
public final void testDecryption() throws Exception {
String decodedPass = PassDecoder.decode(encrypted, "classpath:clds/aaf/org.onap.clamp.keyfile");
assertEquals(decodedPass, "China in the Spring");
+ assertEquals("Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", PassDecoder
+ .decode("enc:JPV4p067JlSXt2Fet9bfuI8JpkS4ZGYVcgypcPs98gXjgjCjTze_d3JxqmlKaaakdiOjIcEC_MJh6-5pJTLgdc",
+ "classpath:clds/aaf/org.onap.clamp.keyfile"));
}
}
diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties
index d67fe74a3..bc513e9e4 100644
--- a/src/test/resources/application.properties
+++ b/src/test/resources/application.properties
@@ -31,6 +31,8 @@ server.port=${clamp.it.tests.http}
#server.ssl.key-store-password=pass
#server.ssl.key-password=pass
+clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile
+
### In order to be user friendly when HTTPS is enabled,
### you can add another HTTP port that will be automatically redirected to HTTPS
### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)
diff --git a/src/test/resources/clds/sdc-controller-config-TLS.json b/src/test/resources/clds/sdc-controller-config-TLS.json
index 99366b765..4d5f02945 100644
--- a/src/test/resources/clds/sdc-controller-config-TLS.json
+++ b/src/test/resources/clds/sdc-controller-config-TLS.json
@@ -4,11 +4,11 @@
"consumerId": "consumerId",
"environmentName": "environmentName",
"sdcAddress": "hostname:8080",
- "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"pollingInterval":10,
"pollingTimeout":30,
"activateServerTLSAuth": true,
- "keyStorePassword":"bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
+ "keyStorePassword":"QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
"keyStorePath": "/test",
"messageBusAddresses":["localhost"]
}
diff --git a/src/test/resources/clds/sdc-controllers-config.json b/src/test/resources/clds/sdc-controllers-config.json
index ce56fef27..75e5be1b9 100644
--- a/src/test/resources/clds/sdc-controllers-config.json
+++ b/src/test/resources/clds/sdc-controllers-config.json
@@ -1,27 +1,30 @@
{
- "sdc-connections":{
- "sdc-controller1":{
- "user": "User1",
- "consumerGroup": "consumerGroup1",
- "consumerId": "consumerId1",
- "environmentName": "environmentName1",
- "sdcAddress": "localhost:${docker.http-cache.port.host}",
- "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
- "pollingInterval":10,
- "pollingTimeout":30,
- "messageBusAddresses":["localhost"]
+ "sdc-connections": {
+ "sdc-controller1": {
+ "user": "User1",
+ "consumerGroup": "consumerGroup1",
+ "consumerId": "consumerId1",
+ "environmentName": "environmentName1",
+ "sdcAddress": "localhost:${docker.http-cache.port.host}",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
+ "pollingInterval": 10,
+ "pollingTimeout": 30,
+ "messageBusAddresses": [
+ "localhost"
+ ]
},
- "sdc-controller2":{
- "user": "User2",
- "consumerGroup": "consumerGroup2",
- "consumerId": "consumerId2",
- "environmentName": "environmentName2",
- "sdcAddress": "localhost:${docker.http-cache.port.host}",
- "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6",
- "pollingInterval":10,
- "pollingTimeout":30,
- "messageBusAddresses":["localhost"]
-
+ "sdc-controller2": {
+ "user": "User2",
+ "consumerGroup": "consumerGroup2",
+ "consumerId": "consumerId2",
+ "environmentName": "environmentName2",
+ "sdcAddress": "localhost:${docker.http-cache.port.host}",
+ "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd",
+ "pollingInterval": 10,
+ "pollingTimeout": 30,
+ "messageBusAddresses": [
+ "localhost"
+ ]
}
}
}
diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties
index a12f052ad..fed074198 100644
--- a/src/test/resources/robotframework/robotframework-test.properties
+++ b/src/test/resources/robotframework/robotframework-test.properties
@@ -31,6 +31,8 @@ server.port=${clamp.it.tests.robotframework.http}
#server.ssl.key-store-password=pass
#server.ssl.key-password=pass
+clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile
+
### In order to be user friendly when HTTPS is enabled,
### you can add another HTTP port that will be automatically redirected to HTTPS
### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)