aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.md7
-rw-r--r--pom.xml40
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java11
-rw-r--r--src/main/resources/application-noaaf.properties2
-rw-r--r--src/main/resources/application.properties2
-rw-r--r--src/main/resources/clds/aaf/org.onap.clamp.p12bin4155 -> 0 bytes
-rw-r--r--src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java115
-rw-r--r--src/test/resources/https/https-test.properties2
8 files changed, 88 insertions, 91 deletions
diff --git a/README.md b/README.md
index 031c0e8ef..ba194ec33 100644
--- a/README.md
+++ b/README.md
@@ -114,7 +114,12 @@ With the default log settings, all logs will be generated into console and into
You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
-## Clamp AAF - Renew Certificates
+## Clamp AAF - Renew Certificates
+This is not required anymore as in OOM the certificate are generated automatically.
+A certificate is automatically generated during the "build" and it overwrites the p12 located in the
+resource clds/aaf/org.onap.clamp.p12.
+
+
- Connect to windriver with openvpn
- create a folder aaf-renewal and go to it
- create a file aaf.props with that content (or run the agent.sh script below, it will prompt you for values at first run)
diff --git a/pom.xml b/pom.xml
index 6125e686d..92caece96 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1266,6 +1266,46 @@
</arguments>
</configuration>
</plugin>
+ <!-- Plugin to generate a X509 Certificate for https tests -->
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>keytool-maven-plugin</artifactId>
+ <version>1.5</version>
+ <executions>
+ <execution>
+ <id>add-certificate-for-dev</id>
+ <configuration>
+ <keystore>${project.build.directory}/classes/clds/aaf/org.onap.clamp.p12</keystore>
+ <storepass>China in the Spring</storepass>
+ <alias>clamptest</alias>
+ <storetype>PKCS12</storetype>
+ <keyalg>RSA</keyalg>
+ <dname>cn=CN, ou=OU, o=O, c=C</dname>
+ <validity>365</validity>
+ </configuration>
+ <goals>
+ <goal>generateKeyPair</goal>
+ </goals>
+ <phase>generate-resources</phase>
+ </execution>
+ <execution>
+ <id>add-certificate-for-test</id>
+ <configuration>
+ <keystore>${project.build.directory}/test-classes/clds/aaf/org.onap.clamp.p12</keystore>
+ <storepass>China in the Spring</storepass>
+ <alias>clamptest</alias>
+ <storetype>PKCS12</storetype>
+ <keyalg>RSA</keyalg>
+ <dname>cn=CN, ou=OU, o=O, c=C</dname>
+ <validity>365</validity>
+ </configuration>
+ <goals>
+ <goal>generateKeyPair</goal>
+ </goals>
+ <phase>generate-test-resources</phase>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
index 329cb4bed..a72cffd09 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP CLAMP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -74,6 +74,7 @@ public class SslConfig {
password.toCharArray());
return truststore;
}
+
});
}
@@ -83,9 +84,13 @@ public class SslConfig {
return (tomcat) -> tomcat.setSsl(new Ssl() {
@Override
public String getKeyPassword() {
- String password = PassDecoder.decode(env.getProperty("server.ssl.key-password"),
+ return PassDecoder.decode(env.getProperty("server.ssl.key-password"),
env.getProperty("clamp.config.keyFile"));
- return password;
+ }
+
+ @Override
+ public String getKeyAlias() {
+ return env.getProperty("server.ssl.key-alias");
}
});
}
diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties
index 6b28cf7ef..ba838adb8 100644
--- a/src/main/resources/application-noaaf.properties
+++ b/src/main/resources/application-noaaf.properties
@@ -53,7 +53,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
## Config part for Client certificates
server.ssl.client-auth=want
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 1b5a26d0a..7d2d4ef1b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -58,7 +58,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
# The key file used to decode the key store and trust store password
# If not defined, the key store and trust store password will not be decrypted
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12
deleted file mode 100644
index 268aa1a3c..000000000
--- a/src/main/resources/clds/aaf/org.onap.clamp.p12
+++ /dev/null
Binary files differ
diff --git a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
index 9dd2130c6..1a4a2ec5f 100644
--- a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
+++ b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP CLAMP
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,17 +26,19 @@ package org.onap.policy.clamp.clds.it;
import static org.assertj.core.api.Assertions.assertThat;
import java.io.File;
-import java.io.IOException;
-import java.net.HttpURLConnection;
import java.nio.charset.Charset;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.FileUtils;
-import org.junit.BeforeClass;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Value;
@@ -44,7 +46,7 @@ import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
@@ -64,53 +66,13 @@ public class HttpsItCase {
@Value("${server.http-to-https-redirection.port}")
private String httpPort;
- /**
- * Setup the variable before tests execution.
- */
- @BeforeClass
- public static void setUp() {
- try {
- // setup ssl context to ignore certificate errors
- SSLContext ctx = SSLContext.getInstance("TLS");
- X509TrustManager tm = new X509TrustManager() {
-
- @Override
- public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- }
-
- @Override
- public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- }
-
- @Override
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- };
- ctx.init(null, new TrustManager[] { tm }, null);
- SSLContext.setDefault(ctx);
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
-
@Test
public void testDesignerIndex() throws Exception {
- RestTemplate template = new RestTemplate();
- final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
- @Override
- public boolean verify(final String hostname, final SSLSession session) {
- return true;
- }
- });
- template.setRequestFactory(factory);
- ResponseEntity<String> entity = template.getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
- String.class);
+ ResponseEntity<String> entity =
+ new RestTemplate().getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
+ String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
- ResponseEntity<String> httpsEntity = template
+ ResponseEntity<String> httpsEntity = getRestTemplate()
.getForEntity("https://localhost:" + this.httpsPort + "/swagger.html", String.class);
assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(httpsEntity.getBody()).contains("Clamp Rest API");
@@ -118,16 +80,7 @@ public class HttpsItCase {
@Test
public void testSwaggerJson() throws Exception {
- RestTemplate template = new RestTemplate();
- final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
- @Override
- public boolean verify(final String hostname, final SSLSession session) {
- return true;
- }
- });
- template.setRequestFactory(factory);
- ResponseEntity<String> httpsEntity = template
+ ResponseEntity<String> httpsEntity = getRestTemplate()
.getForEntity("https://localhost:" + this.httpsPort + "/restservices/clds/api-doc", String.class);
assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(httpsEntity.getBody()).contains("swagger");
@@ -135,25 +88,19 @@ public class HttpsItCase {
Charset.defaultCharset());
}
- /**
- * Http Request Factory for ignoring SSL hostname errors. Not for production
- * use!
- */
- class MySimpleClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
-
- private final HostnameVerifier verifier;
-
- public MySimpleClientHttpRequestFactory(final HostnameVerifier verifier) {
- this.verifier = verifier;
- }
-
- @Override
- protected void prepareConnection(final HttpURLConnection connection, final String httpMethod)
- throws IOException {
- if (connection instanceof HttpsURLConnection) {
- ((HttpsURLConnection) connection).setHostnameVerifier(this.verifier);
- }
- super.prepareConnection(connection, httpMethod);
- }
+ private RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
+ SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
+ .loadTrustMaterial(null, new TrustStrategy() {
+ @Override
+ public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+ return true;
+ }
+ }).build();
+ SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
+ CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
+ HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+ requestFactory.setHttpClient(httpClient);
+ RestTemplate restTemplate = new RestTemplate(requestFactory);
+ return restTemplate;
}
}
diff --git a/src/test/resources/https/https-test.properties b/src/test/resources/https/https-test.properties
index 86e444efe..aeae64036 100644
--- a/src/test/resources/https/https-test.properties
+++ b/src/test/resources/https/https-test.properties
@@ -31,7 +31,7 @@ server.ssl.key-store=classpath:clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
# The key file used to decode the key store and trust store password
# If not defined, the key store and trust store password will not be decrypted