diff options
| author |   S�bastien Determe <sebastien.determe@intl.att.com> | 2021-04-21 15:38:21 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2021-04-21 15:38:21 +0000 |
| commit | 5db8d1bd2ffd4e3c3a3d9b19dc3cb3f6e1b2ff41 (patch) | |
| tree | 3fd5f4c3fffaa3ded608450a79066f6920141de1 /src | |
| parent | 88626ebe53d6b7ebef10180cede9910149abbc68 (diff) | |
| parent | e2e71040679fc6f305f9cdbe0d9d38c701934dcd (diff) | |
Merge "Fix Sonar Crypto issues"
Diffstat (limited to 'src')
15 files changed, 100 insertions, 366 deletions
diff --git a/src/main/java/org/onap/policy/clamp/clds/Application.java b/src/main/java/org/onap/policy/clamp/clds/Application.java index a242086da..ba300ac09 100644 --- a/src/main/java/org/onap/policy/clamp/clds/Application.java +++ b/src/main/java/org/onap/policy/clamp/clds/Application.java @@ -96,7 +96,7 @@ public class Application extends SpringBootServletInitializer { private String keyStoreType; - @Value("${clamp.config.keyFile:#{null}}") + @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}") private String keyFile; @Autowired diff --git a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java index 4748edf6d..d0b116f71 100644 --- a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java +++ b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcControllersConfiguration.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights + * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Modifications Copyright (c) 2019 Samsung @@ -20,13 +20,14 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.clds.config.sdc; import com.google.gson.JsonObject; import java.io.IOException; +import java.io.InputStream; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.util.HashMap; @@ -49,10 +50,14 @@ public class SdcControllersConfiguration { private static final String CONTROLLER_SUBTREE_KEY = "sdc-connections"; @Autowired protected ApplicationContext appContext; + + @Value("${clamp.config.keyFile:classpath:/clds/aaf/org.onap.clamp.keyfile}") + private String keyFile; + /** * The file name that will be loaded by Spring. */ - @Value("${clamp.config.files.sdcController:'classpath:/clds/sdc-controllers-config.json'}") + @Value("${clamp.config.files.sdcController:classpath:/clds/sdc-controllers-config.json}") protected String sdcControllerFile; /** * The root of the JSON. @@ -66,11 +71,10 @@ public class SdcControllersConfiguration { */ @PostConstruct public void loadConfiguration() throws IOException { - Resource resource = appContext.getResource(sdcControllerFile); - // Try to load json tree - jsonRootNode = JsonUtils.GSON.fromJson(new InputStreamReader( - resource.getInputStream(), StandardCharsets.UTF_8), - JsonObject.class); + try (InputStreamReader controllerFile = new InputStreamReader( + appContext.getResource(sdcControllerFile).getInputStream(), StandardCharsets.UTF_8)) { + jsonRootNode = JsonUtils.GSON.fromJson(controllerFile, JsonObject.class); + } } public SdcSingleControllerConfiguration getSdcSingleControllerConfiguration(String controllerName) { @@ -86,8 +90,9 @@ public class SdcControllersConfiguration { Map<String, SdcSingleControllerConfiguration> result = new HashMap<>(); if (jsonRootNode.get(CONTROLLER_SUBTREE_KEY) != null) { jsonRootNode.get(CONTROLLER_SUBTREE_KEY).getAsJsonObject().entrySet().forEach( - entry -> result.put(entry.getKey(), - new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey()))); + entry -> result.put(entry.getKey(), + new SdcSingleControllerConfiguration(entry.getValue().getAsJsonObject(), entry.getKey(), + keyFile))); } else { throw new SdcParametersException( CONTROLLER_SUBTREE_KEY + " key not found in the file: " + sdcControllerFile); diff --git a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java index 0bbbf19dc..67060d776 100644 --- a/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java +++ b/src/main/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfiguration.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights + * Copyright (C) 2018, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,22 +18,17 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.clds.config.sdc; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; import com.google.gson.JsonObject; -import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; -import org.apache.commons.codec.DecoderException; import org.onap.policy.clamp.clds.exception.sdc.controller.SdcParametersException; -import org.onap.policy.clamp.clds.util.CryptoUtils; +import org.onap.policy.clamp.util.PassDecoder; import org.onap.sdc.api.consumer.IConfiguration; /** @@ -41,8 +36,8 @@ import org.onap.sdc.api.consumer.IConfiguration; */ public class SdcSingleControllerConfiguration implements IConfiguration { - private static final EELFLogger logger = EELFManager.getInstance() - .getLogger(SdcSingleControllerConfiguration.class); + private final String keyFile; + /** * The sdc Controller name corresponding. */ @@ -78,23 +73,20 @@ public class SdcSingleControllerConfiguration implements IConfiguration { public static final String OTHER = "OTHER"; public static final String TOSCA_CSAR = "TOSCA_CSAR"; public static final String VF_MODULES_METADATA = "VF_MODULES_METADATA"; - private static final String[] SUPPORTED_ARTIFACT_TYPES = { - TOSCA_CSAR, VF_MODULES_METADATA - }; - public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = Collections - .unmodifiableList(Arrays.asList(SUPPORTED_ARTIFACT_TYPES)); + private static final String[] SUPPORTED_ARTIFACT_TYPES = {TOSCA_CSAR, VF_MODULES_METADATA}; + public static final List<String> SUPPORTED_ARTIFACT_TYPES_LIST = List.of(SUPPORTED_ARTIFACT_TYPES); /** * This constructor builds a SdcSingleControllerConfiguration from the * corresponding json. - * - * @param jsonNode - * The JSON node - * @param controllerName - * The controller name that must appear in the JSON + * + * @param jsonNode The JSON node + * @param controllerName The controller name that must appear in the JSON + * @param keyFileLocation The location of the file to decode the password using CADI */ - public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName) { + public SdcSingleControllerConfiguration(JsonObject jsonNode, String controllerName, String keyFileLocation) { jsonRootNode = jsonNode; + keyFile = keyFileLocation; setSdcControllerName(controllerName); testAllRequiredParameters(); } @@ -130,10 +122,10 @@ public class SdcSingleControllerConfiguration implements IConfiguration { } } - private String getEncryptedStringConfig(String key) throws GeneralSecurityException, DecoderException { + private String getEncryptedStringConfig(String key) { if (jsonRootNode != null && jsonRootNode.get(key) != null) { return jsonRootNode.get(key).getAsString().isEmpty() ? null - : CryptoUtils.decrypt(jsonRootNode.get(key).getAsString()); + : PassDecoder.decode(jsonRootNode.get(key).getAsString(), keyFile); } return null; } @@ -164,12 +156,7 @@ public class SdcSingleControllerConfiguration implements IConfiguration { @Override public String getPassword() { - try { - return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME); - } catch (GeneralSecurityException | DecoderException e) { - logger.error("Unable to decrypt the SDC password", e); - return null; - } + return getEncryptedStringConfig(SDC_KEY_ATTRIBUTE_NAME); } @Override @@ -211,12 +198,7 @@ public class SdcSingleControllerConfiguration implements IConfiguration { @Override public String getKeyStorePassword() { - try { - return getEncryptedStringConfig(KEY_STORE_KEY); - } catch (GeneralSecurityException | DecoderException e) { - logger.error("Unable to decrypt the SDC password", e); - return null; - } + return getEncryptedStringConfig(KEY_STORE_KEY); } @Override diff --git a/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java deleted file mode 100644 index 01dd48763..000000000 --- a/src/main/java/org/onap/policy/clamp/clds/util/CryptoUtils.java +++ /dev/null @@ -1,168 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.policy.clamp.clds.util; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import com.google.common.base.Charsets; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.security.GeneralSecurityException; -import java.security.SecureRandom; -import java.util.Properties; -import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; -import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.ArrayUtils; - -/** - * CryptoUtils for encrypting/decrypting string based on a Key defined in - * application.properties (Spring config file). - */ -public final class CryptoUtils { - - /** - * Used to log CryptoUtils class. - */ - private static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class); - // Openssl commands: - // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key> - // -iv <16 Bytes iv (HEX), be careful it's 32 Hex Chars> | xxd -u -g100 - // Final result is to put in properties file is: IV + Outcome of openssl - // command - // ************************************************************ - // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d - // -K - // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String, be - // careful it's 32 Hex Chars> - /** - * Definition of encryption algorithm. - */ - private static final String ALGORITHM = "AES"; - - /** - * AES Encryption Key environment variable for external configuration. - */ - private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY"; - - /** - * Detailed definition of encryption algorithm. - */ - private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING"; - private static final int IV_BLOCK_SIZE_IN_BITS = 128; - /** - * An Initial Vector of 16 Bytes, so 32 Hexadecimal Chars. - */ - private static final int IV_BLOCK_SIZE_IN_BYTES = IV_BLOCK_SIZE_IN_BITS / 8; - /** - * Key to read in the key.properties file. - */ - private static final String KEY_PARAM = "org.onap.policy.clamp.encryption.aes.key"; - private static final String PROPERTIES_FILE_NAME = "clds/key.properties"; - /** - * The SecretKeySpec created from the Base 64 String key. - */ - private static final SecretKeySpec SECRET_KEY_SPEC = readSecretKeySpec(PROPERTIES_FILE_NAME); - - /** - * Private constructor to avoid creating instances of util class. - */ - private CryptoUtils() { - } - - /** - * Encrypt a value based on the Clamp Encryption Key. - * - * @param value The value to encrypt - * @return The encrypted string - * @throws GeneralSecurityException In case of issue with the encryption - * @throws UnsupportedEncodingException In case of issue with the charset - * conversion - */ - public static String encrypt(String value) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE"); - byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES]; - SecureRandom.getInstance("SHA1PRNG").nextBytes(iv); - IvParameterSpec ivspec = new IvParameterSpec(iv); - cipher.init(Cipher.ENCRYPT_MODE, SECRET_KEY_SPEC, ivspec); - return Hex.encodeHexString(ArrayUtils.addAll(iv, cipher.doFinal(value.getBytes(Charsets.UTF_8)))); - } - - /** - * Decrypt a value based on the Clamp Encryption Key. - * - * @param message The encrypted string that must be decrypted using the Clamp - * Encryption Key - * @return The String decrypted - * @throws GeneralSecurityException In case of issue with the encryption - * @throws DecoderException In case of issue to decode the HexString - */ - public static String decrypt(String message) throws GeneralSecurityException, DecoderException { - byte[] encryptedMessage = Hex.decodeHex(message.toCharArray()); - Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE"); - IvParameterSpec ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, IV_BLOCK_SIZE_IN_BYTES)); - byte[] realData = ArrayUtils.subarray(encryptedMessage, IV_BLOCK_SIZE_IN_BYTES, encryptedMessage.length); - cipher.init(Cipher.DECRYPT_MODE, SECRET_KEY_SPEC, ivspec); - byte[] decrypted = cipher.doFinal(realData); - return new String(decrypted); - } - - /** - * Method used to generate the SecretKeySpec from a Base64 String. - * - * @param keyString The key as a string in Base 64 - * @return The SecretKeySpec created - * @throws DecoderException In case of issues with the decoding of Base64 - */ - private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException { - byte[] key = Hex.decodeHex(keyString.toCharArray()); - return new SecretKeySpec(key, ALGORITHM); - } - - /** - * Reads SecretKeySpec from file specified by propertiesFileName. - * - * @param propertiesFileName File name with properties - * @return SecretKeySpec secret key spec read from propertiesFileName - */ - private static SecretKeySpec readSecretKeySpec(String propertiesFileName) { - Properties props = new Properties(); - try { - // Workaround fix to make encryption key configurable - // System environment variable takes precedence for over clds/key.properties - String encryptionKey = System.getenv(AES_ENCRYPTION_KEY); - if (encryptionKey != null && encryptionKey.trim().length() > 0) { - return getSecretKeySpec(encryptionKey); - } else { - props.load(ResourceFileUtils.getResourceAsStream(propertiesFileName)); - return getSecretKeySpec(props.getProperty(KEY_PARAM)); - } - } catch (IOException | DecoderException e) { - logger.error("Exception occurred during the key reading", e); - return null; - } - } -} diff --git a/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java b/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java index cd4700277..d6184c656 100644 --- a/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java +++ b/src/main/java/org/onap/policy/clamp/clds/util/ResourceFileUtils.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,8 +56,8 @@ public final class ResourceFileUtils { * @return The file as inputStream */ public static InputStream getResourceAsStream(String fileName) { - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream( - fileName.startsWith(CLASSPATH_PREFIX) ? fileName.replaceFirst(CLASSPATH_PREFIX, "") : fileName); + InputStream is = Thread.currentThread().getContextClassLoader() + .getResourceAsStream(fileName.replaceFirst("^" + CLASSPATH_PREFIX, "")); if (is == null) { throw new IllegalArgumentException("Unable to find resource: " + fileName); } diff --git a/src/main/java/org/onap/policy/clamp/util/PassDecoder.java b/src/main/java/org/onap/policy/clamp/util/PassDecoder.java index f4b8ed4dc..b8e90e3d0 100644 --- a/src/main/java/org/onap/policy/clamp/util/PassDecoder.java +++ b/src/main/java/org/onap/policy/clamp/util/PassDecoder.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -32,6 +32,10 @@ import org.onap.policy.clamp.clds.util.ResourceFileUtils; * PassDecoder for decrypting the truststore and keystore password. */ public class PassDecoder { + + private PassDecoder() { + } + /** * Used to log PassDecoder class. */ @@ -41,7 +45,7 @@ public class PassDecoder { * Decode the password. * * @param encryptedPass The encrypted password - * @param keyFileName The key file name in String + * @param keyFileName The key file name in String */ public static String decode(String encryptedPass, String keyFileName) { if (null == keyFileName) { diff --git a/src/main/resources/clds/key.properties b/src/main/resources/clds/key.properties deleted file mode 100644 index dda2b87d0..000000000 --- a/src/main/resources/clds/key.properties +++ /dev/null @@ -1 +0,0 @@ -org.onap.policy.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
\ No newline at end of file diff --git a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java index 89178b778..7390b65ba 100644 --- a/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java +++ b/src/test/java/org/onap/policy/clamp/clds/config/sdc/SdcSingleControllerConfigurationTest.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -57,7 +57,8 @@ public class SdcSingleControllerConfigurationTest { StandardCharsets.UTF_8); JsonObject jsonNode = JsonUtils.GSON.fromJson(streamReader, JsonObject.class); - return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName); + return new SdcSingleControllerConfiguration(jsonNode, sdcControllerName, + "classpath:clds/aaf/org.onap.clamp.keyfile"); } @Test diff --git a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java index 516fc7a09..70aeccf59 100644 --- a/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java +++ b/src/test/java/org/onap/policy/clamp/clds/it/config/SdcControllersConfigurationItCase.java @@ -1,8 +1,8 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -56,7 +56,7 @@ public class SdcControllersConfigurationItCase { @Test public void testGetAllDefinedControllers() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config.json"); + loadFile("classpath:clds/sdc-controllers-config.json"); Map<String, SdcSingleControllerConfiguration> mapResult = sdcControllersConfiguration .getAllDefinedControllers(); assertTrue(mapResult.size() == 2); @@ -66,7 +66,7 @@ public class SdcControllersConfigurationItCase { @Test public void testGetSdcSingleControllerConfiguration() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config.json"); + loadFile("classpath:clds/sdc-controllers-config.json"); assertEquals("sdc-controller1", sdcControllersConfiguration .getSdcSingleControllerConfiguration("sdc-controller1").getSdcControllerName()); assertEquals("sdc-controller2", sdcControllersConfiguration @@ -75,13 +75,13 @@ public class SdcControllersConfigurationItCase { @Test(expected = JsonSyntaxException.class) public void testBadJsonLoading() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config-bad.json"); + loadFile("classpath:clds/sdc-controllers-config-bad.json"); fail("Should have raised an exception"); } @Test(expected = SdcParametersException.class) public void testMissingParamInJsonLoading() throws IOException { - loadFile("classpath:/clds/sdc-controllers-config-missing-param.json"); + loadFile("classpath:clds/sdc-controllers-config-missing-param.json"); sdcControllersConfiguration.getAllDefinedControllers(); fail("Should have raised an exception"); } diff --git a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java b/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java deleted file mode 100644 index 6239fef80..000000000 --- a/src/test/java/org/onap/policy/clamp/clds/util/CryptoUtilsTest.java +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.policy.clamp.clds.util; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assert.assertNotNull; -import static org.mockito.ArgumentMatchers.eq; - -import java.security.InvalidKeyException; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.ArrayUtils; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.powermock.api.mockito.PowerMockito; -import org.powermock.core.classloader.annotations.PowerMockIgnore; -import org.powermock.core.classloader.annotations.PrepareForTest; -import org.powermock.modules.junit4.PowerMockRunner; - -@RunWith(PowerMockRunner.class) -@PowerMockIgnore({ "javax.crypto.*", "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*" }) -public class CryptoUtilsTest { - - private final String data = "This is a test string"; - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryption() throws Exception { - String encodedString = CryptoUtils.encrypt(data); - assertNotNull(encodedString); - assertEquals(data, CryptoUtils.decrypt(encodedString)); - } - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptedStringIsDifferent() throws Exception { - String encodedString1 = CryptoUtils.encrypt(data); - String encodedString2 = CryptoUtils.encrypt(data); - byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray()); - byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray()); - assertNotNull(encryptedMessage1); - assertNotNull(encryptedMessage2); - assertNotEquals(encryptedMessage1, encryptedMessage2); - byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length); - byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length); - assertNotEquals(subData1, subData2); - } - - @Test - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptionBaseOnRandomKey() throws Exception { - SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey(); - final String encryptionKey = String.valueOf(Hex.encodeHex(secretKey.getEncoded())); - setAesEncryptionKeyEnv(encryptionKey); - - String encodedString = CryptoUtils.encrypt(data); - String decodedString = CryptoUtils.decrypt(encodedString); - assertEquals(data, decodedString); - } - - @Test(expected = InvalidKeyException.class) - @PrepareForTest({ CryptoUtils.class }) - public final void testEncryptionBadKey() throws Exception { - final String badEncryptionKey = "93210sd"; - setAesEncryptionKeyEnv(badEncryptionKey); - - CryptoUtils.encrypt(data); - } - - private static void setAesEncryptionKeyEnv(String value) { - PowerMockito.mockStatic(System.class); - PowerMockito.when(System.getenv(eq("AES_ENCRYPTION_KEY"))).thenReturn(value); - } -} diff --git a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java index 83e894130..7fd0cb91d 100644 --- a/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java +++ b/src/test/java/org/onap/policy/clamp/util/PassDecoderTest.java @@ -1,24 +1,24 @@ /*- * ============LICENSE_START======================================================= - * ONAP CLAMP + * ONAP POLICY-CLAMP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.policy.clamp.util; @@ -48,5 +48,8 @@ public class PassDecoderTest { public final void testDecryption() throws Exception { String decodedPass = PassDecoder.decode(encrypted, "classpath:clds/aaf/org.onap.clamp.keyfile"); assertEquals(decodedPass, "China in the Spring"); + assertEquals("Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U", PassDecoder + .decode("enc:JPV4p067JlSXt2Fet9bfuI8JpkS4ZGYVcgypcPs98gXjgjCjTze_d3JxqmlKaaakdiOjIcEC_MJh6-5pJTLgdc", + "classpath:clds/aaf/org.onap.clamp.keyfile")); } } diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index d67fe74a3..bc513e9e4 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -31,6 +31,8 @@ server.port=${clamp.it.tests.http} #server.ssl.key-store-password=pass #server.ssl.key-password=pass +clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile + ### In order to be user friendly when HTTPS is enabled, ### you can add another HTTP port that will be automatically redirected to HTTPS ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) diff --git a/src/test/resources/clds/sdc-controller-config-TLS.json b/src/test/resources/clds/sdc-controller-config-TLS.json index 99366b765..4d5f02945 100644 --- a/src/test/resources/clds/sdc-controller-config-TLS.json +++ b/src/test/resources/clds/sdc-controller-config-TLS.json @@ -4,11 +4,11 @@ "consumerId": "consumerId", "environmentName": "environmentName", "sdcAddress": "hostname:8080", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "pollingInterval":10, "pollingTimeout":30, "activateServerTLSAuth": true, - "keyStorePassword":"bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", + "keyStorePassword":"QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", "keyStorePath": "/test", "messageBusAddresses":["localhost"] } diff --git a/src/test/resources/clds/sdc-controllers-config.json b/src/test/resources/clds/sdc-controllers-config.json index ce56fef27..75e5be1b9 100644 --- a/src/test/resources/clds/sdc-controllers-config.json +++ b/src/test/resources/clds/sdc-controllers-config.json @@ -1,27 +1,30 @@ { - "sdc-connections":{ - "sdc-controller1":{ - "user": "User1", - "consumerGroup": "consumerGroup1", - "consumerId": "consumerId1", - "environmentName": "environmentName1", - "sdcAddress": "localhost:${docker.http-cache.port.host}", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", - "pollingInterval":10, - "pollingTimeout":30, - "messageBusAddresses":["localhost"] + "sdc-connections": { + "sdc-controller1": { + "user": "User1", + "consumerGroup": "consumerGroup1", + "consumerId": "consumerId1", + "environmentName": "environmentName1", + "sdcAddress": "localhost:${docker.http-cache.port.host}", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", + "pollingInterval": 10, + "pollingTimeout": 30, + "messageBusAddresses": [ + "localhost" + ] }, - "sdc-controller2":{ - "user": "User2", - "consumerGroup": "consumerGroup2", - "consumerId": "consumerId2", - "environmentName": "environmentName2", - "sdcAddress": "localhost:${docker.http-cache.port.host}", - "password": "bb3871669d893c7fb8aaacda31b77b4f537E67A081C2726889548ED7BC4C2DE6", - "pollingInterval":10, - "pollingTimeout":30, - "messageBusAddresses":["localhost"] - + "sdc-controller2": { + "user": "User2", + "consumerGroup": "consumerGroup2", + "consumerId": "consumerId2", + "environmentName": "environmentName2", + "sdcAddress": "localhost:${docker.http-cache.port.host}", + "password": "QpF2TcrdRSFADqDxH1HwDYdYUIbMxOj-TrGd6Vqvwzd", + "pollingInterval": 10, + "pollingTimeout": 30, + "messageBusAddresses": [ + "localhost" + ] } } } diff --git a/src/test/resources/robotframework/robotframework-test.properties b/src/test/resources/robotframework/robotframework-test.properties index a12f052ad..fed074198 100644 --- a/src/test/resources/robotframework/robotframework-test.properties +++ b/src/test/resources/robotframework/robotframework-test.properties @@ -31,6 +31,8 @@ server.port=${clamp.it.tests.robotframework.http} #server.ssl.key-store-password=pass #server.ssl.key-password=pass +clamp.config.keyFile=classpath:clds/aaf/org.onap.clamp.keyfile + ### In order to be user friendly when HTTPS is enabled, ### you can add another HTTP port that will be automatically redirected to HTTPS ### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) |