aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java11
-rw-r--r--src/main/resources/application-noaaf.properties2
-rw-r--r--src/main/resources/application.properties2
-rw-r--r--src/main/resources/clds/aaf/org.onap.clamp.p12bin4155 -> 0 bytes
-rw-r--r--src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java115
-rw-r--r--src/test/resources/https/https-test.properties2
6 files changed, 42 insertions, 90 deletions
diff --git a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
index 329cb4bed..a72cffd09 100644
--- a/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
+++ b/src/main/java/org/onap/policy/clamp/clds/config/SslConfig.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP CLAMP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights
+ * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -74,6 +74,7 @@ public class SslConfig {
password.toCharArray());
return truststore;
}
+
});
}
@@ -83,9 +84,13 @@ public class SslConfig {
return (tomcat) -> tomcat.setSsl(new Ssl() {
@Override
public String getKeyPassword() {
- String password = PassDecoder.decode(env.getProperty("server.ssl.key-password"),
+ return PassDecoder.decode(env.getProperty("server.ssl.key-password"),
env.getProperty("clamp.config.keyFile"));
- return password;
+ }
+
+ @Override
+ public String getKeyAlias() {
+ return env.getProperty("server.ssl.key-alias");
}
});
}
diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties
index 6b28cf7ef..ba838adb8 100644
--- a/src/main/resources/application-noaaf.properties
+++ b/src/main/resources/application-noaaf.properties
@@ -53,7 +53,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
## Config part for Client certificates
server.ssl.client-auth=want
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 1b5a26d0a..7d2d4ef1b 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -58,7 +58,7 @@ server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
# The key file used to decode the key store and trust store password
# If not defined, the key store and trust store password will not be decrypted
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12
deleted file mode 100644
index 268aa1a3c..000000000
--- a/src/main/resources/clds/aaf/org.onap.clamp.p12
+++ /dev/null
Binary files differ
diff --git a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
index 9dd2130c6..1a4a2ec5f 100644
--- a/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
+++ b/src/test/java/org/onap/policy/clamp/clds/it/HttpsItCase.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP CLAMP
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * Copyright (C) 2017-2018, 2021 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -26,17 +26,19 @@ package org.onap.policy.clamp.clds.it;
import static org.assertj.core.api.Assertions.assertThat;
import java.io.File;
-import java.io.IOException;
-import java.net.HttpURLConnection;
import java.nio.charset.Charset;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.FileUtils;
-import org.junit.BeforeClass;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Value;
@@ -44,7 +46,7 @@ import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
@@ -64,53 +66,13 @@ public class HttpsItCase {
@Value("${server.http-to-https-redirection.port}")
private String httpPort;
- /**
- * Setup the variable before tests execution.
- */
- @BeforeClass
- public static void setUp() {
- try {
- // setup ssl context to ignore certificate errors
- SSLContext ctx = SSLContext.getInstance("TLS");
- X509TrustManager tm = new X509TrustManager() {
-
- @Override
- public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- }
-
- @Override
- public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- }
-
- @Override
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- };
- ctx.init(null, new TrustManager[] { tm }, null);
- SSLContext.setDefault(ctx);
- } catch (Exception ex) {
- ex.printStackTrace();
- }
- }
-
@Test
public void testDesignerIndex() throws Exception {
- RestTemplate template = new RestTemplate();
- final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
- @Override
- public boolean verify(final String hostname, final SSLSession session) {
- return true;
- }
- });
- template.setRequestFactory(factory);
- ResponseEntity<String> entity = template.getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
- String.class);
+ ResponseEntity<String> entity =
+ new RestTemplate().getForEntity("http://localhost:" + this.httpPort + "/swagger.html",
+ String.class);
assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
- ResponseEntity<String> httpsEntity = template
+ ResponseEntity<String> httpsEntity = getRestTemplate()
.getForEntity("https://localhost:" + this.httpsPort + "/swagger.html", String.class);
assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(httpsEntity.getBody()).contains("Clamp Rest API");
@@ -118,16 +80,7 @@ public class HttpsItCase {
@Test
public void testSwaggerJson() throws Exception {
- RestTemplate template = new RestTemplate();
- final MySimpleClientHttpRequestFactory factory = new MySimpleClientHttpRequestFactory(new HostnameVerifier() {
-
- @Override
- public boolean verify(final String hostname, final SSLSession session) {
- return true;
- }
- });
- template.setRequestFactory(factory);
- ResponseEntity<String> httpsEntity = template
+ ResponseEntity<String> httpsEntity = getRestTemplate()
.getForEntity("https://localhost:" + this.httpsPort + "/restservices/clds/api-doc", String.class);
assertThat(httpsEntity.getStatusCode()).isEqualTo(HttpStatus.OK);
assertThat(httpsEntity.getBody()).contains("swagger");
@@ -135,25 +88,19 @@ public class HttpsItCase {
Charset.defaultCharset());
}
- /**
- * Http Request Factory for ignoring SSL hostname errors. Not for production
- * use!
- */
- class MySimpleClientHttpRequestFactory extends SimpleClientHttpRequestFactory {
-
- private final HostnameVerifier verifier;
-
- public MySimpleClientHttpRequestFactory(final HostnameVerifier verifier) {
- this.verifier = verifier;
- }
-
- @Override
- protected void prepareConnection(final HttpURLConnection connection, final String httpMethod)
- throws IOException {
- if (connection instanceof HttpsURLConnection) {
- ((HttpsURLConnection) connection).setHostnameVerifier(this.verifier);
- }
- super.prepareConnection(connection, httpMethod);
- }
+ private RestTemplate getRestTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
+ SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
+ .loadTrustMaterial(null, new TrustStrategy() {
+ @Override
+ public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+ return true;
+ }
+ }).build();
+ SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
+ CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
+ HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+ requestFactory.setHttpClient(httpClient);
+ RestTemplate restTemplate = new RestTemplate(requestFactory);
+ return restTemplate;
}
}
diff --git a/src/test/resources/https/https-test.properties b/src/test/resources/https/https-test.properties
index 86e444efe..aeae64036 100644
--- a/src/test/resources/https/https-test.properties
+++ b/src/test/resources/https/https-test.properties
@@ -31,7 +31,7 @@ server.ssl.key-store=classpath:clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-password=enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
server.ssl.key-store-type=PKCS12
-server.ssl.key-alias=clamp@clamp.onap.org
+server.ssl.key-alias=clamptest
# The key file used to decode the key store and trust store password
# If not defined, the key store and trust store password will not be decrypted