diff options
| author |   sebdet <sebastien.determe@intl.att.com> | 2021-04-19 14:46:45 +0200 |
|---|---|---|
| committer | sebdet <sebastien.determe@intl.att.com> | 2021-04-21 14:15:34 +0200 |
| commit | e2e71040679fc6f305f9cdbe0d9d38c701934dcd (patch) | |
| tree | 7fc42e7eacb4850fba627771dcc47066655abf8a | |
| parent | 4b6371f7ed8e35fd157ea640d05b5898989f32ca (diff) | |
Fix Sonar Crypto issues
Fix this problem by removing the CryptoUtils that could be replaced by AAF cadi call (this was already in place in the code). The OOM sdc controller password will have to be modified as well.
Issue-ID: POLICY-3201
Issue-ID: POLICY-3200
Change-Id: I6dfd9abb691afb3548d4e68c8759351ad02a30da
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
17 files changed, 105 insertions, 383 deletions
@@ -67,7 +67,7 @@ This file is a JSON that must be specified to Spring config, here is an example: "consumerId": "consumerId1", "environmentName": "AUTO", "sdcAddress": "localhost:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "pollingInterval":30, "pollingTimeout":30, "activateServerTLSAuth":"false", @@ -81,7 +81,7 @@ This file is a JSON that must be specified to Spring config, here is an example: "consumerId": "consumerId1", "environmentName": "AUTO", "sdcAddress": "localhost:8443", - "password": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "pollingInterval":30, "pollingTimeout":30, "activateServerTLSAuth":"false", @@ -101,7 +101,7 @@ If the sdcAddress is not specified or not available (connection failure) the mes A [docker-compose example file](extra/docker/clamp/docker-compose.yml) can be found under the [extra/docker/clamp/ folder](extra/docker/). -Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a prepopullated database and a clamp instance available on [https://localhost:3000](https://localhost:3000). +Once the image has been built and is available locally, you can use the `docker-compose up` command to deploy a pre-populated database, and a clamp instance available on [https://localhost:3000](https://localhost:3000). ### Logs @@ -146,9 +146,9 @@ resource clds/aaf/org.onap.clamp.p12. cadi_latitude[0.000]=10.0 cadi_longitude[0.000]=10.0 - Certs should created, you can get them in /var/lib/docker/volumes/clamp_config/_data/local - If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re used) : docker volume rm clamp_config + If you want to recreate the certs, you have to delete the docker volume (otherwise it will be re-used) : docker volume rm clamp_config - wget https://nexus.onap.org/content/repositories/releases/org/onap/aaf/authz/aaf-cadi-aaf/2.1.13/aaf-cadi-aaf-2.1.13-full.jar -- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi digest changeit testos.key +- to encrypt or decrypt the store passwords: java -jar aaf-cadi-aaf-2.1.13-full.jar cadi <digest|undigest> changeit testos.key - you can also use the agent.sh script to decrypt the passwords, by running the showpass commands (see wiki below) - Extract private key from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -nocerts -nodes > clamp.key' - Extract public certificate from P12: 'openssl pkcs12 -in org.onap.clamp.p12 -clcerts -nokeys > clamp.pem' @@ -514,18 +514,6 @@ <scope>test</scope> </dependency> <dependency> - <groupId>org.powermock</groupId> - <artifactId>powermock-api-mockito2</artifactId> - <version>2.0.4</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.powermock</groupId> - <artifactId>powermock-module-junit4</artifactId> - <version>2.0.4</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>com.github.docker-java</groupId> <artifactId>docker-java-core</artifactId> <version>3.2.7</version> diff --git a/src/main/java/org/onap/policy/clamp/clds/Application.java b/src/main/java/org/onap/policy/clamp/clds/Application.java index a242086da..ba300ac09 100644 --- a/src/main/java/org/onap/policy/clamp/clds/Application.java +++ b/src/main/java/org/onap/policy/clamp/clds/Application.java @@ -96,7 +96,7 @@ public class Application extends SpringBootServletInitializer { private String keyStoreType; - @Value("${clamp.config.keyFile:#{null}}") + @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}") private String keyFile; @Autowired diff --git a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java index 4748edf6d..d0b116f71 100644 --- a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java +++ b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights + * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Modifications Copyright (c) 2019 Samsung @@ -20,13 +20,14 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.clds.config.sdc; import com.google.gson.JsonObject; import java.io.IOException; +import java.io.InputStream; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.util.HashMap; @@ -49,10 +50,14 @@ public class SdcControllersConfiguration { private static final String CONTROLLER_SUBTREE_KEY = "sdc-connections"; @Autowired protected ApplicationContext appContext; + + @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}") + private String keyFile; + /** * The file name that will be loaded by Spring. */ - @Value("${clamp.config.files.sdcController:'classpath:/clds/sdc-controllers-config.json'}") + @Value("${clamp.config.files.sdcController:classpath:/clds/sdc-controllers-config.json}") protected String sdcControllerFile; /** * The root of the JSON. @@ -66,11 +71,10 @@ public class SdcControllersConfiguration { */ @PostConstruct public void loadConfiguration() throws IOException { - Resource resource = appContext.getResource(sdcControllerFile); - // Try to load json tree - jsonRootNode = JsonUtils.GSON.fromJson(new InputStreamReader( - resource.getInputStream(), StandardCharsets.UTF_8), - JsonObject.class); + try (InputStreamReader controllerFile = new InputStreamReader( + appContext.getResource(sdcControllerFile).getInputStream(), StandardCharsets.UTF_8)) { + jsonRootNode = JsonUtils.GSON.fromJson(controllerFile, JsonObject.class); + } } public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) { @@ -86,8 +90,9 @@ public class SdcControllersConfiguration { Map<String, SdcSingleControllerConfiguration> result = new HashMap<>(); if (jsonRootNode.get(CONTROLLER_SUBTREE_KEY) != null) { jsonRootNode.get(CONTROLLER_SUBTREE_KEY).getAsJsonObject().entrySet().forEach( - entry -> result.put(entry.getKey(), - new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey()))); + entry -> result.put(entry.getKey(), + new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey(), + keyFile))); } else { throw new SdcParametersException( CONTROLLER_SUBTREE_KEY + " key not found in the file: " + sdcControllerFile); diff --git a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java index 0bbbf19dc..67060d776 100644 --- a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java +++ b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights + * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,22 +18,17 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.clds.config.sdc; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; import com.google.gson.JsonObject; -import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; -import org.apache.commons.codec.DecoderException; import org.onap.policy.clamp.clds.exception.sdc.controller.SdcParametersException; -import org.onap.policy.clamp.clds.util.CryptoUtils; +import org.onap.policy.clamp.util.PassDecoder; import org.onap.sdc.api.consumer.IConfiguration; /** @@ -41,8 +36,8 @@ import org.onap.sdc.api.consumer.IConfiguration; */ public class SdcSingleControllerConfiguration implements IConfiguration { - private static final EELFLogger logger = EELFManager.getInstance() - .getLogger(SdcSingleControllerConfiguration.class); + private final String keyFile; + /** * The sdc Controller name corresponding. */ @@ -78,23 +73,20 @@ public class SdcSingleControllerConfiguration implements IConfiguration { public static final String OTHER = "OTHER"; public static final String TOSCA_CSAR = "TOSCA_CSAR"; public static final String VF_MODULES_METADATA = "VF_MODULES_METADATA"; - private static final String[] SUPPORTED_ARTIFACT_TYPES = { - TOSCA_CSAR, VF_MODULES_METADATA - }; - public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = Collections - .unmodifiableList(Arrays.asList(SUPPORTED_ARTIFACT_TYPES)); + private static final String[] SUPPORTED_ARTIFACT_TYPES = {TOSCA_CSAR, VF_MODULES_METADATA}; + public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = List.of(SUPPORTED_ARTIFACT_TYPES); /** * This constructor builds a SdcSingleControllerConfiguration from the * corresponding json. - * - * @param jsonNode - * The JSON node - * @param controllerName - * The controller name that must appear in the JSON + * + * @param jsonNode The JSON node + * @param controllerName The controller name that must appear in the JSON + * @param keyFileLocation The location of the file to decode the password using CADI */ - public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName) { + public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName, String keyFileLocation) { jsonRootNode = jsonNode; + keyFile = keyFileLocation; setSdcControllerName(controllerName); testAllRequiredParameters(); } @@ -130,10 +122,10 @@ public class SdcSingleControllerConfiguration implements IConfiguration { } } - private String getEncryptedStringConfig(String key) throws GeneralSecurityException, DecoderException { + private String getEncryptedStringConfig(String key) { if (jsonRootNode != null && jsonRootNode.get(key) != null) { return jsonRootNode.get(key).getAsString().isEmpty() ? null - : CryptoUtils.decrypt(jsonRootNode.get(key).getAsString()); + : PassDecoder.decode(jsonRootNode.get(key).getAsString(), keyFile); } return null; } @@ -164,12 +156,7 @@ public class SdcSingleControllerConfiguration implements IConfiguration { @Override public String getPassword() { - try { - return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME); - } catch (GeneralSecurityException | DecoderException e) { - logger.error("Unable to decrypt the SDC password", e); - return null; - } + return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME); } @Override @@ -211,12 +198,7 @@ public class SdcSingleControllerConfiguration implements IConfiguration { @Override public String getKeyStorePassword() { - try { - return getEncryptedStringConfig(KEY_STORE_KEY); - } catch (GeneralSecurityException | DecoderException e) { - logger.error("Unable to decrypt the SDC password", e); - return null; - } + return getEncryptedStringConfig(KEY_STORE_KEY); } @Override diff --git a/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java deleted file mode 100644 index 01dd48763..000000000 --- a/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java +++ /dev/null @@ -1,168 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.policy.clamp.clds.util; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import com.google.common.base.Charsets; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.security.GeneralSecurityException; -import java.security.SecureRandom; -import java.util.Properties; -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; -import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.ArrayUtils; - -/** - * CryptoUtils for encrypting/decrypting string based on a Key defined in - * application.properties (Spring config file). - */ -public final class CryptoUtils { - - /** - * Used to log CryptoUtils class. - */ - private static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class); - // Openssl commands: - // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key> - // -iv <16 Bytes iv (HEX), be careful it's 32 Hex Chars> | xxd -u -g100 - // Final result is to put in properties file is: IV + Outcome of openssl - // command - // ************************************************************ - // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d - // -K - // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String, be - // careful it's 32 Hex Chars> - /** - * Definition of encryption algorithm. - */ - private static final String ALGORITHM = "AES"; - - /** - * AES Encryption Key environment variable for external configuration. - */ - private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY"; - - /** - * Detailed definition of encryption algorithm. - */ - private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING"; - private static final int IV_BLOCK_SIZE_IN_BITS = 128; - /** - * An Initial Vector of 16 Bytes, so 32 Hexadecimal Chars. - */ - private static final int IV_BLOCK_SIZE_IN_BYTES = IV_BLOCK_SIZE_IN_BITS / 8; - /** - * Key to read in the key.properties file. - */ - private static final String KEY_PARAM = "org.onap.policy.clamp.encryption.aes.key"; - private static final String PROPERTIES_FILE_NAME = "clds/key.properties"; - /** - * The SecretKeySpec created from the Base 64 String key. - */ - private static final SecretKeySpec SECRET_KEY_SPEC = readSecretKeySpec(PROPERTIES_FILE_NAME); - - /** - * Private constructor to avoid creating instances of util class. - */ - private CryptoUtils() { - } - - /** - * Encrypt a value based on the Clamp Encryption Key. - * - * @param value The value to encrypt - * @return The encrypted string - * @throws GeneralSecurityException In case of issue with the encryption - * @throws UnsupportedEncodingException In case of issue with the charset - * conversion - */ - public static String encrypt(String value) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE"); - byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES]; - SecureRandom.getInstance("SHA1PRNG").nextBytes(iv); - IvParameterSpec ivspec = new IvParameterSpec(iv); - cipher.init(Cipher.ENCRYPT_MODE, SECRET_KEY_SPEC, ivspec); - return Hex.encodeHexString(ArrayUtils.addAll(iv, cipher.doFinal(value.getBytes(Charsets.UTF_8)))); - } - - /** - * Decrypt a value based on the Clamp Encryption Key. - * - * @param message The encrypted string that must be decrypted using the Clamp - * Encryption Key - * @return The String decrypted - * @throws GeneralSecurityException In case of issue with the encryption - * @throws DecoderException In case of issue to decode the HexString - */ - public static String decrypt(String message) throws GeneralSecurityException, DecoderException { - byte[] encryptedMessage = Hex.decodeHex(message.toCharArray()); - Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE"); - IvParameterSpec ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, IV_BLOCK_SIZE_IN_BYTES)); - byte[] realData = ArrayUtils.subarray(encryptedMessage, IV_BLOCK_SIZE_IN_BYTES, encryptedMessage.length); - cipher.init(Cipher.DECRYPT_MODE, SECRET_KEY_SPEC, ivspec); - byte[] decrypted = cipher.doFinal(realData); - return new String(decrypted); - } - - /** - * Method used to generate the SecretKeySpec from a Base64 String. - * - * @param keyString The key as a string in Base 64 - * @return The SecretKeySpec created - * @throws DecoderException In case of issues with the decoding of Base64 - */ - private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException { - byte[] key = Hex.decodeHex(keyString.toCharArray()); - return new SecretKeySpec(key, ALGORITHM); - } - - /** - * Reads SecretKeySpec from file specified by propertiesFileName. - * - * @param propertiesFileName File name with properties - * @return SecretKeySpec secret key spec read from propertiesFileName - */ - private static SecretKeySpec readSecretKeySpec(String propertiesFileName) { - Properties props = new Properties(); - try { - // Workaround fix to make encryption key configurable - // System environment variable takes precedence for over clds/key.properties - String encryptionKey = System.getenv(AES_ENCRYPTION_KEY); - if (encryptionKey != null && encryptionKey.trim().length() > 0) { - return getSecretKeySpec(encryptionKey); - } else { - props.load(ResourceFileUtils.getResourceAsStream(propertiesFileName)); - return getSecretKeySpec(props.getProperty(KEY_PARAM)); - } - } catch (IOException | DecoderException e) { - logger.error("Exception occurred during the key reading", e); - return null; - } - } -} diff --git a/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java b/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java index cd4700277..d6184c656 100644 --- a/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java +++ b/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,8 +56,8 @@ public final class ResourceFileUtils { * @return The file as inputStream */ public static InputStream getResourceAsStream(String fileName) { - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream( - fileName.startsWith(CLASSPATH_PREFIX) ? fileName.replaceFirst(CLASSPATH_PREFIX, "") : fileName); + InputStream is = Thread.currentThread().getContextClassLoader() + .getResourceAsStream(fileName.replaceFirst("^" + CLASSPATH_PREFIX, "")); if (is == null) { throw new IllegalArgumentException("Unable to find resource: " + fileName); } diff --git a/src/main/java/org/onap/policy/clamp/util/PassDecoder.java b/src/main/java/org/onap/policy/clamp/util/PassDecoder.java index f4b8ed4dc..b8e90e3d0 100644 --- a/src/main/java/org/onap/policy/clamp/util/PassDecoder.java +++ b/src/main/java/org/onap/policy/clamp/util/PassDecoder.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,6 +32,10 @@ import org.onap.policy.clamp.clds.util.ResourceFileUtils; * PassDecoder for decrypting the truststore and keystore password. */ public class PassDecoder { + + private PassDecoder() { + } + /** * Used to log PassDecoder class. */ @@ -41,7 +45,7 @@ public class PassDecoder { * Decode the password. * * @param encryptedPass The encrypted password - * @param keyFileName The key file name in String + * @param keyFileName The key file name in String */ public static String decode(String encryptedPass, String keyFileName) { if (null == keyFileName) { diff --git a/src/main/resources/clds/key.properties b/src/main/resources/clds/key.properties deleted file mode 100644 index dda2b87d0..000000000 --- a/src/main/resources/clds/key.properties +++ /dev/null @@ -1 +0,0 @@ -org.onap.policy.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
\ No newline at end of file diff --git a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java index 89178b778..7390b65ba 100644 --- a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java +++ b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -57,7 +57,8 @@ public class SdcSingleControllerConfigurationTest { StandardCharsets.UTF_8); JsonObject jsonNode = JsonUtils.GSON.fromJson(streamReader, JsonObject.class); - return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName); + return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName, + "classpath:clds/aaf/org.onap.clamp.keyfile"); } @Test diff --git a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java index 516fc7a09..70aeccf59 100644 --- a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java +++ b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -56,7 +56,7 @@ public class SdcControllersConfigurationItCase { @Test public void testGetAllDefinedControllers() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config.json"); + loadFile("classpath:clds/sdc-controllers-config.json"); Map<String, SdcSingleControllerConfiguration> mapResult = sdcControllersConfiguration .getAllDefinedControllers(); assertTrue(mapResult.size() == 2); @@ -66,7 +66,7 @@ public class SdcControllersConfigurationItCase { @Test public void testGetSdcSingleControllerConfiguration() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config.json"); + loadFile("classpath:clds/sdc-controllers-config.json"); assertEquals("sdc-controller1", sdcControllersConfiguration .getSdcSingleControllerConfiguration("sdc-controller1").getSdcControllerName()); assertEquals("sdc-controller2", sdcControllersConfiguration @@ -75,13 +75,13 @@ public class SdcControllersConfigurationItCase { @Test(expected = JsonSyntaxException.class) public void testBadJsonLoading() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config-bad.json"); + loadFile("classpath:clds/sdc-controllers-config-bad.json"); fail("Should have raised an exception"); } @Test(expected = SdcParametersException.class) public void testMissingParamInJsonLoading() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config-missing-param.json"); + loadFile("classpath:clds/sdc-controllers-config-missing-param.json"); sdcControllersConfiguration.getAllDefinedControllers(); fail("Should have raised an exception"); } diff --git a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java deleted file mode 100644 index 6239fef80..000000000 --- a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.policy.clamp.clds.util; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertNotNull; -import static org.mockito.ArgumentMatchers.eq; - -import java.security.InvalidKeyException; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.ArrayUtils; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PowerMockIgnore; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -@RunWith(PowerMockRunner.class) -@PowerMockIgnore({ "javax.crypto.*", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*" }) -public class CryptoUtilsTest { - - private final String data = "This is a test string"; - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryption() throws Exception { - String encodedString = CryptoUtils.encrypt(data); - assertNotNull(encodedString); - assertEquals(data, CryptoUtils.decrypt(encodedString)); - } - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptedStringIsDifferent() throws Exception { - String encodedString1 = CryptoUtils.encrypt(data); - String encodedString2 = CryptoUtils.encrypt(data); - byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray()); - byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray()); - assertNotNull(encryptedMessage1); - assertNotNull(encryptedMessage2); - assertNotEquals(encryptedMessage1, encryptedMessage2); - byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length); - byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length); - assertNotEquals(subData1, subData2); - } - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptionBaseOnRandomKey() throws Exception { - SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); - final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded())); - setAesEncryptionKeyEnv(encryptionKey); - - String encodedString = CryptoUtils.encrypt(data); - String decodedString = CryptoUtils.decrypt(encodedString); - assertEquals(data, decodedString); - } - - @Test(expected = InvalidKeyException.class) - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptionBadKey() throws Exception { - final String badEncryptionKey = "93210sd"; - setAesEncryptionKeyEnv(badEncryptionKey); - - CryptoUtils.encrypt(data); - } - - private static void setAesEncryptionKeyEnv(String value) { - PowerMockito.mockStatic(System.class); - PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value); - } -} diff --git a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java index 83e894130..7fd0cb91d 100644 --- a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java +++ b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java @@ -1,24 +1,24 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.util; @@ -48,5 +48,8 @@ public class PassDecoderTest { public final void testDecryption() throws Exception { String decodedPass = PassDecoder.decode(encrypted, "classpath:clds/aaf/org.onap.clamp.keyfile"); assertEquals(decodedPass, "China in the Spring"); + assertEquals("Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", PassDecoder + .decode("enc:JPV4p067JlSXt2Fet9bfuI8JpkS4ZGYVcgypcPs98gXjgjCjTze_d3JxqmlKaaakdiOjIcEC_MJh6-5pJTLgdc", + "classpath:clds/aaf/org.onap.clamp.keyfile")); } } diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index d67fe74a3..bc513e9e4 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -31,6 +31,8 @@ server.port=${clamp.it.tests.http} #server.ssl.key-store-password=pass #server.ssl.key-password=pass +clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile + ### In order to be user friendly when HTTPS is enabled, ### you can add another HTTP port that will be automatically redirected to HTTPS ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) diff --git a/src/test/resources/clds/sdc-controller-config-TLS.json b/src/test/resources/clds/sdc-controller-config-TLS.json index 99366b765..4d5f02945 100644 --- a/src/test/resources/clds/sdc-controller-config-TLS.json +++ b/src/test/resources/clds/sdc-controller-config-TLS.json @@ -4,11 +4,11 @@ "consumerId": "consumerId", "environmentName": "environmentName", "sdcAddress": "hostname:8080", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "pollingInterval":10, "pollingTimeout":30, "activateServerTLSAuth": true, - "keyStorePassword":"bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", + "keyStorePassword":"QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "keyStorePath": "/test", "messageBusAddresses":["localhost"] } diff --git a/src/test/resources/clds/sdc-controllers-config.json b/src/test/resources/clds/sdc-controllers-config.json index ce56fef27..75e5be1b9 100644 --- a/src/test/resources/clds/sdc-controllers-config.json +++ b/src/test/resources/clds/sdc-controllers-config.json @@ -1,27 +1,30 @@ { - "sdc-connections":{ - "sdc-controller1":{ - "user": "User1", - "consumerGroup": "consumerGroup1", - "consumerId": "consumerId1", - "environmentName": "environmentName1", - "sdcAddress": "localhost:${docker.http-cache.port.host}", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", - "pollingInterval":10, - "pollingTimeout":30, - "messageBusAddresses":["localhost"] + "sdc-connections": { + "sdc-controller1": { + "user": "User1", + "consumerGroup": "consumerGroup1", + "consumerId": "consumerId1", + "environmentName": "environmentName1", + "sdcAddress": "localhost:${docker.http-cache.port.host}", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", + "pollingInterval": 10, + "pollingTimeout": 30, + "messageBusAddresses": [ + "localhost" + ] }, - "sdc-controller2":{ - "user": "User2", - "consumerGroup": "consumerGroup2", - "consumerId": "consumerId2", - "environmentName": "environmentName2", - "sdcAddress": "localhost:${docker.http-cache.port.host}", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", - "pollingInterval":10, - "pollingTimeout":30, - "messageBusAddresses":["localhost"] - + "sdc-controller2": { + "user": "User2", + "consumerGroup": "consumerGroup2", + "consumerId": "consumerId2", + "environmentName": "environmentName2", + "sdcAddress": "localhost:${docker.http-cache.port.host}", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", + "pollingInterval": 10, + "pollingTimeout": 30, + "messageBusAddresses": [ + "localhost" + ] } } } diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties index a12f052ad..fed074198 100644 --- a/src/test/resources/robotframework/robotframework-test.properties +++ b/src/test/resources/robotframework/robotframework-test.properties @@ -31,6 +31,8 @@ server.port=${clamp.it.tests.robotframework.http} #server.ssl.key-store-password=pass #server.ssl.key-password=pass +clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile + ### In order to be user friendly when HTTPS is enabled, ### you can add another HTTP port that will be automatically redirected to HTTPS ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) |