diff options
author | sebdet <sebastien.determe@intl.att.com> | 2021-02-08 14:36:11 +0100 |
---|---|---|
committer | S�bastien Determe <sebastien.determe@intl.att.com> | 2021-02-08 14:16:45 +0000 |
commit | d2178bc9f7d6c06f60a3a8afecd83e428d84cd78 (patch) | |
tree | c919ea6a0b3d974347e67cd5ef9ebc76b5568fc8 /src | |
parent | 76a0b386bcf5f30533c85f6d26c559bea19ce0fb (diff) |
Remove test usage of the AAF certificate
Fix the broken build by removing the need of the useless certificate, a new one is now generate during the build for the tests.
Issue-ID: POLICY-3036
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Change-Id: I11c2ff5aac8a99c7a2b7e676d6c11bbc861a1de4
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java | 11 | ||||
-rw-r--r-- | src/main/resources/application-noaaf.properties | 2 | ||||
-rw-r--r-- | src/main/resources/application.properties | 2 | ||||
-rw-r--r-- | src/main/resources/clds/aaf/org.onap.clamp.p12 | bin | 4155 -> 0 bytes | |||
-rw-r--r-- | src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java | 115 | ||||
-rw-r--r-- | src/test/resources/https/https-test.properties | 2 |
6 files changed, 42 insertions, 90 deletions
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java index 329cb4bed..a72cffd09 100644 --- a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java +++ b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP CLAMP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights + * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -74,6 +74,7 @@ public class SslConfig { password.toCharArray()); return truststore; } + }); } @@ -83,9 +84,13 @@ public class SslConfig { return (tomcat) -> tomcat.setSsl(new Ssl() { @Override public String getKeyPassword() { - String password = PassDecoder.decode(env.getProperty("server.ssl.key-password"), + return PassDecoder.decode(env.getProperty("server.ssl.key-password"), env.getProperty("clamp.config.keyFile")); - return password; + } + + @Override + public String getKeyAlias() { + return env.getProperty("server.ssl.key-alias"); } }); } diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties index 6b28cf7ef..ba838adb8 100644 --- a/src/main/resources/application-noaaf.properties +++ b/src/main/resources/application-noaaf.properties @@ -53,7 +53,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-store-type=PKCS12 -server.ssl.key-alias=clamp@clamp.onap.org +server.ssl.key-alias=clamptest ## Config part for Client certificates server.ssl.client-auth=want diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 1b5a26d0a..7d2d4ef1b 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -58,7 +58,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-store-type=PKCS12 -server.ssl.key-alias=clamp@clamp.onap.org +server.ssl.key-alias=clamptest # The key file used to decode the key store and trust store password # If not defined, the key store and trust store password will not be decrypted diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 Binary files differdeleted file mode 100644 index 268aa1a3c..000000000 --- a/src/main/resources/clds/aaf/org.onap.clamp.p12 +++ /dev/null diff --git a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java index 9dd2130c6..1a4a2ec5f 100644 --- a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java +++ b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP CLAMP * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights * reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -26,17 +26,19 @@ package org.onap.policy.clamp.clds.it; import static org.assertj.core.api.Assertions.assertThat; import java.io.File; -import java.io.IOException; -import java.net.HttpURLConnection; import java.nio.charset.Charset; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; import org.apache.commons.io.FileUtils; -import org.junit.BeforeClass; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustStrategy; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Value; @@ -44,7 +46,7 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.http.client.SimpleClientHttpRequestFactory; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; @@ -64,53 +66,13 @@ public class HttpsItCase { @Value("${server.http-to-https-redirection.port}") private String httpPort; - /** - * Setup the variable before tests execution. - */ - @BeforeClass - public static void setUp() { - try { - // setup ssl context to ignore certificate errors - SSLContext ctx = SSLContext.getInstance("TLS"); - X509TrustManager tm = new X509TrustManager() { - - @Override - public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) - throws java.security.cert.CertificateException { - } - - @Override - public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) - throws java.security.cert.CertificateException { - } - - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - }; - ctx.init(null, new TrustManager[] { tm }, null); - SSLContext.setDefault(ctx); - } catch (Exception ex) { - ex.printStackTrace(); - } - } - @Test public void testDesignerIndex() throws Exception { - RestTemplate template = new RestTemplate(); - final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() { - - @Override - public boolean verify(final String hostname, final SSLSession session) { - return true; - } - }); - template.setRequestFactory(factory); - ResponseEntity<String> entity = template.getForEntity("http://localhost:" + this.httpPort + "/swagger.html", - String.class); + ResponseEntity<String> entity = + new RestTemplate().getForEntity("http://localhost:" + this.httpPort + "/swagger.html", + String.class); assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND); - ResponseEntity<String> httpsEntity = template + ResponseEntity<String> httpsEntity = getRestTemplate() .getForEntity("https://localhost:" + this.httpsPort + "/swagger.html", String.class); assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK); assertThat(httpsEntity.getBody()).contains("Clamp Rest API"); @@ -118,16 +80,7 @@ public class HttpsItCase { @Test public void testSwaggerJson() throws Exception { - RestTemplate template = new RestTemplate(); - final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() { - - @Override - public boolean verify(final String hostname, final SSLSession session) { - return true; - } - }); - template.setRequestFactory(factory); - ResponseEntity<String> httpsEntity = template + ResponseEntity<String> httpsEntity = getRestTemplate() .getForEntity("https://localhost:" + this.httpsPort + "/restservices/clds/api-doc", String.class); assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK); assertThat(httpsEntity.getBody()).contains("swagger"); @@ -135,25 +88,19 @@ public class HttpsItCase { Charset.defaultCharset()); } - /** - * Http Request Factory for ignoring SSL hostname errors. Not for production - * use! - */ - class MySimpleClientHttpRequestFactory extends SimpleClientHttpRequestFactory { - - private final HostnameVerifier verifier; - - public MySimpleClientHttpRequestFactory(final HostnameVerifier verifier) { - this.verifier = verifier; - } - - @Override - protected void prepareConnection(final HttpURLConnection connection, final String httpMethod) - throws IOException { - if (connection instanceof HttpsURLConnection) { - ((HttpsURLConnection) connection).setHostnameVerifier(this.verifier); - } - super.prepareConnection(connection, httpMethod); - } + private RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException { + SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom() + .loadTrustMaterial(null, new TrustStrategy() { + @Override + public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { + return true; + } + }).build(); + SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()); + CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build(); + HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); + requestFactory.setHttpClient(httpClient); + RestTemplate restTemplate = new RestTemplate(requestFactory); + return restTemplate; } } diff --git a/src/test/resources/https/https-test.properties b/src/test/resources/https/https-test.properties index 86e444efe..aeae64036 100644 --- a/src/test/resources/https/https-test.properties +++ b/src/test/resources/https/https-test.properties @@ -31,7 +31,7 @@ server.ssl.key-store=classpath:clds/aaf/org.onap.clamp.p12 server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc server.ssl.key-store-type=PKCS12 -server.ssl.key-alias=clamp@clamp.onap.org +server.ssl.key-alias=clamptest # The key file used to decode the key store and trust store password # If not defined, the key store and trust store password will not be decrypted |