Remove test usage of the AAF certificate

Fix the broken build by removing the need of the useless certificate, a new one is now generate during the build for the tests.

Issue-ID: POLICY-3036
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I11c2ff5aac8a99c7a2b7e676d6c11bbc861a1de4
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
(cherry picked from commit d2178bc9f7d6c06f60a3a8afecd83e428d84cd78)

8 files changed, 88 insertions, 91 deletions

diff --git a/README.md b/README.md
index 031c0e8ef..ba194ec33 100644
--- a/README.md
+++ b/README.md
@@ -114,7 +114,12 @@ With the default log settings, all logs will be generated into console and into
 
 You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
 
-## Clamp AAF - Renew Certificates
+## Clamp AAF - Renew Certificates 
+This is not required anymore as in OOM the certificate are generated automatically.
+A certificate is automatically generated during the "build" and it overwrites the p12 located in the 
+resource clds/aaf/org.onap.clamp.p12. 
+
+
 - Connect to windriver with openvpn
 - create a folder aaf-renewal and go to it
 - create a file aaf.props with that content (or run the agent.sh script below, it will prompt you for values at first run)
diff --git a/pom.xml b/pom.xml
index 6125e686d..92caece96 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1266,6 +1266,46 @@
                     </arguments>
                 </configuration>
             </plugin>
+            <!-- Plugin to generate a X509 Certificate for https tests  -->
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>keytool-maven-plugin</artifactId>
+                <version>1.5</version>
+                <executions>
+                    <execution>
+                        <id>add-certificate-for-dev</id>
+                        <configuration>
+                            <keystore>${project.build.directory}/classes/clds/aaf/org.onap.clamp.p12</keystore>
+                            <storepass>China in the Spring</storepass>
+                            <alias>clamptest</alias>
+                            <storetype>PKCS12</storetype>
+                            <keyalg>RSA</keyalg>
+                            <dname>cn=CN, ou=OU, o=O, c=C</dname>
+                            <validity>365</validity>
+                        </configuration>
+                        <goals>
+                            <goal>generateKeyPair</goal>
+                        </goals>
+                        <phase>generate-resources</phase>
+                    </execution>
+                    <execution>
+                        <id>add-certificate-for-test</id>
+                        <configuration>
+                            <keystore>${project.build.directory}/test-classes/clds/aaf/org.onap.clamp.p12</keystore>
+                            <storepass>China in the Spring</storepass>
+                            <alias>clamptest</alias>
+                            <storetype>PKCS12</storetype>
+                            <keyalg>RSA</keyalg>
+                            <dname>cn=CN, ou=OU, o=O, c=C</dname>
+                            <validity>365</validity>
+                        </configuration>
+                        <goals>
+                            <goal>generateKeyPair</goal>
+                        </goals>
+                        <phase>generate-test-resources</phase>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 </project>
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
index 329cb4bed..a72cffd09 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP CLAMP
  * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -74,6 +74,7 @@ public class SslConfig {
                         password.toCharArray());
                 return truststore;
             }
+
         });
     }
 
@@ -83,9 +84,13 @@ public class SslConfig {
         return (tomcat) -> tomcat.setSsl(new Ssl() {
             @Override
             public String getKeyPassword() {
-                String password = PassDecoder.decode(env.getProperty("server.ssl.key-password"),
+                return PassDecoder.decode(env.getProperty("server.ssl.key-password"),
                         env.getProperty("clamp.config.keyFile"));
-                return password;
+            }
+
+            @Override
+            public String getKeyAlias() {
+                return env.getProperty("server.ssl.key-alias");
             }
         });
     }
diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties
index 6b28cf7ef..ba838adb8 100644
--- a/src/main/resources/application-noaaf.properties
+++ b/src/main/resources/application-noaaf.properties
@@ -53,7 +53,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
 
 ## Config part for Client certificates
 server.ssl.client-auth=want
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 1b5a26d0a..7d2d4ef1b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -58,7 +58,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
 
 # The key file used to decode the key store and trust store password
 # If not defined, the key store and trust store password will not be decrypted
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12
deleted file mode 100644
index 268aa1a3c..000000000
--- a/src/main/resources/clds/aaf/org.onap.clamp.p12
+++ /dev/null
diff --git a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
index 9dd2130c6..1a4a2ec5f 100644
--- a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
+++ b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * ONAP CLAMP
  * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,17 +26,19 @@ package org.onap.policy.clamp.clds.it;
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.io.File;
-import java.io.IOException;
-import java.net.HttpURLConnection;
 import java.nio.charset.Charset;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 import org.apache.commons.io.FileUtils;
-import org.junit.BeforeClass;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Value;
@@ -44,7 +46,7 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.TestPropertySource;
 import org.springframework.test.context.junit4.SpringRunner;
@@ -64,53 +66,13 @@ public class HttpsItCase {
     @Value("${server.http-to-https-redirection.port}")
     private String httpPort;
 
-    /**
-     * Setup the variable before tests execution.
-     */
-    @BeforeClass
-    public static void setUp() {
-        try {
-            // setup ssl context to ignore certificate errors
-            SSLContext ctx = SSLContext.getInstance("TLS");
-            X509TrustManager tm = new X509TrustManager() {
-
-                @Override
-                public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
-                        throws java.security.cert.CertificateException {
-                }
-
-                @Override
-                public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
-                        throws java.security.cert.CertificateException {
-                }
-
-                @Override
-                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                    return null;
-                }
-            };
-            ctx.init(null, new TrustManager[] { tm }, null);
-            SSLContext.setDefault(ctx);
-        } catch (Exception ex) {
-            ex.printStackTrace();
-        }
-    }
-
     @Test
     public void testDesignerIndex() throws Exception {
-        RestTemplate template = new RestTemplate();
-        final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
-            @Override
-            public boolean verify(final String hostname, final SSLSession session) {
-                return true;
-            }
-        });
-        template.setRequestFactory(factory);
-        ResponseEntity<String> entity = template.getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
-                String.class);
+        ResponseEntity<String> entity =
+                new RestTemplate().getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
+                        String.class);
         assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
-        ResponseEntity<String> httpsEntity = template
+        ResponseEntity<String> httpsEntity = getRestTemplate()
                 .getForEntity("https://localhost:" + this.httpsPort + "/swagger.html", String.class);
         assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
         assertThat(httpsEntity.getBody()).contains("Clamp Rest API");
@@ -118,16 +80,7 @@ public class HttpsItCase {
 
     @Test
     public void testSwaggerJson() throws Exception {
-        RestTemplate template = new RestTemplate();
-        final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
-            @Override
-            public boolean verify(final String hostname, final SSLSession session) {
-                return true;
-            }
-        });
-        template.setRequestFactory(factory);
-        ResponseEntity<String> httpsEntity = template
+        ResponseEntity<String> httpsEntity = getRestTemplate()
                 .getForEntity("https://localhost:" + this.httpsPort + "/restservices/clds/api-doc", String.class);
         assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
         assertThat(httpsEntity.getBody()).contains("swagger");
@@ -135,25 +88,19 @@ public class HttpsItCase {
                 Charset.defaultCharset());
     }
 
-    /**
-     * Http Request Factory for ignoring SSL hostname errors. Not for production
-     * use!
-     */
-    class MySimpleClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
-
-        private final HostnameVerifier verifier;
-
-        public MySimpleClientHttpRequestFactory(final HostnameVerifier verifier) {
-            this.verifier = verifier;
-        }
-
-        @Override
-        protected void prepareConnection(final HttpURLConnection connection, final String httpMethod)
-                throws IOException {
-            if (connection instanceof HttpsURLConnection) {
-                ((HttpsURLConnection) connection).setHostnameVerifier(this.verifier);
-            }
-            super.prepareConnection(connection, httpMethod);
-        }
+    private RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
+        SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
+                .loadTrustMaterial(null, new TrustStrategy() {
+                    @Override
+                    public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+                        return true;
+                    }
+                }).build();
+        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
+        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
+        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+        requestFactory.setHttpClient(httpClient);
+        RestTemplate restTemplate = new RestTemplate(requestFactory);
+        return restTemplate;
     }
 }
diff --git a/src/test/resources/https/https-test.properties b/src/test/resources/https/https-test.properties
index 86e444efe..aeae64036 100644
--- a/src/test/resources/https/https-test.properties
+++ b/src/test/resources/https/https-test.properties
@@ -31,7 +31,7 @@ server.ssl.key-store=classpath:clds/aaf/org.onap.clamp.p12
 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
 server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
 
 # The key file used to decode the key store and trust store password
 # If not defined, the key store and trust store password will not be decrypted