aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorefiacor <fiachra.corcoran@est.tech>2023-05-08 18:17:03 +0100
committerefiacor <fiachra.corcoran@est.tech>2023-06-13 18:56:19 +0100
commitac4baf28eab0a4412810f02237b981933c985e95 (patch)
treec9fc3c3a6c35e5481b261ff2acc912bdf708fa12
parent289c0ceb2b3b0565ae19014a4cfa06a1bf10ccc3 (diff)
[SDC-DISTRO-CLIENT] SSL config updates
Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: Iacaf5072241e56bf72db13acef0f533814ae8989 Issue-ID: SDC-4476
-rw-r--r--sdc-distribution-ci/etc/sdc-user-keystore.jksbin0 -> 2894 bytes
-rw-r--r--sdc-distribution-ci/etc/sdc-user-truststore.jksbin0 -> 1702 bytes
-rw-r--r--sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java18
-rw-r--r--sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java1
-rw-r--r--sdc-distribution-client/etc/README.txt16
-rw-r--r--sdc-distribution-client/etc/sdc-client.jksbin1177 -> 0 bytes
-rw-r--r--sdc-distribution-client/etc/sdcclientstore.jksbin907 -> 0 bytes
-rw-r--r--sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java130
-rw-r--r--sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java13
-rw-r--r--sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java3
-rw-r--r--sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java17
-rw-r--r--sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java12
-rw-r--r--sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java6
-rw-r--r--sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java5
-rw-r--r--sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java6
-rw-r--r--sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java2
-rw-r--r--sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java18
-rw-r--r--sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jksbin0 -> 2894 bytes
-rw-r--r--sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jksbin0 -> 1702 bytes
-rw-r--r--sdc-distribution-client/src/test/resources/sdc-user-keystore.jksbin0 -> 2894 bytes
-rw-r--r--sdc-distribution-client/src/test/resources/sdc-user-truststore.jksbin0 -> 1702 bytes
21 files changed, 83 insertions, 164 deletions
diff --git a/sdc-distribution-ci/etc/sdc-user-keystore.jks b/sdc-distribution-ci/etc/sdc-user-keystore.jks
new file mode 100644
index 0000000..7c3c72a
--- /dev/null
+++ b/sdc-distribution-ci/etc/sdc-user-keystore.jks
Binary files differ
diff --git a/sdc-distribution-ci/etc/sdc-user-truststore.jks b/sdc-distribution-ci/etc/sdc-user-truststore.jks
new file mode 100644
index 0000000..d1fb017
--- /dev/null
+++ b/sdc-distribution-ci/etc/sdc-user-truststore.jks
Binary files differ
diff --git a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java
index f229216..fc818fd 100644
--- a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java
+++ b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java
@@ -34,8 +34,14 @@ public class DistributionClientConfig implements IConfiguration {
public static final int DEFAULT_POLLING_INTERVAL = 20;
public static final int DEFAULT_POLLING_TIMEOUT = 20;
public static final String DEFAULT_USER = "dcae";
- public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-client.jks";
- public static final String DEFAULT_KEY_STORE_PASSWORD = "Aa123456";
+ private String keyStorePath;
+ private String keyStorePassword;
+ public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-user-keystore.jks";
+ public static final String DEFAULT_KEY_STORE_PASSWORD = "zreRDCnNLsZ7";
+ public static final String DEFAULT_TRUST_STORE_PATH = "etc/sdc-user-truststore.jks";
+ public static final String DEFAULT_TRUST_STORE_PASSWORD = "changeit";
+ public String trustStorePath;
+ public String trustStorePassword;
public static final boolean DEFAULT_ACTIVATE_SERVER_TLS_AUTH = false;
public static final boolean DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES = true;
public static final boolean DEFAULT_USE_HTTPS_WITH_SDC = false;
@@ -48,10 +54,6 @@ public class DistributionClientConfig implements IConfiguration {
private String consumerGroup;
private String environmentName;
private String comsumerID;
- private String keyStorePath;
- private String keyStorePassword;
- private final String trustStorePath;
- private final String trustStorePassword;
private boolean activateServerTLSAuth;
private boolean isFilterInEmptyResources;
private boolean useHttpsWithSDC;
@@ -77,8 +79,8 @@ public class DistributionClientConfig implements IConfiguration {
this.user = DEFAULT_USER;
this.keyStorePath = DEFAULT_KEY_STORE_PATH;
this.keyStorePassword = DEFAULT_KEY_STORE_PASSWORD;
- this.trustStorePath = DEFAULT_KEY_STORE_PATH;
- this.trustStorePassword = DEFAULT_KEY_STORE_PASSWORD;
+ this.trustStorePath = DEFAULT_TRUST_STORE_PATH;
+ this.trustStorePassword = DEFAULT_TRUST_STORE_PASSWORD;
this.activateServerTLSAuth = DEFAULT_ACTIVATE_SERVER_TLS_AUTH;
this.isFilterInEmptyResources = DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES;
this.useHttpsWithSDC = DEFAULT_USE_HTTPS_WITH_SDC;
diff --git a/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java b/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java
index e2eabc1..8de8949 100644
--- a/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java
+++ b/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java
@@ -33,6 +33,7 @@ public class CustomKafkaContainer extends FixedHostPortGenericContainer<CustomKa
this.externalZookeeperConnect = null;
this.withExposedPorts(9093);
this.withEnv("KAFKA_LISTENERS", "PLAINTEXT://0.0.0.0:9093,BROKER://0.0.0.0:9092");
+ this.withEnv("KAFKA_ADVERTISED_LISTENERS", "SSL");
this.withEnv("KAFKA_LISTENER_SECURITY_PROTOCOL_MAP", "BROKER:PLAINTEXT,PLAINTEXT:PLAINTEXT");
this.withEnv("KAFKA_INTER_BROKER_LISTENER_NAME", "BROKER");
this.withEnv("KAFKA_BROKER_ID", "1");
diff --git a/sdc-distribution-client/etc/README.txt b/sdc-distribution-client/etc/README.txt
deleted file mode 100644
index bbbbd07..0000000
--- a/sdc-distribution-client/etc/README.txt
+++ /dev/null
@@ -1,16 +0,0 @@
-keytool -genkeypair -keystore catalogbe.jks -alias catalogbe -keypass Aa123456 -storepass Aa123456 -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=Catalog BE, OU=Development, O=AT&T, L=TLV, C=IL"
-
-
-3650 – 10 years validity
-Eyal Sofer – creator
-Development – Organization unit
-AT&T – Organization
-TLV- City
-IL – Country code
-
-
-catalogbe.jks – name of keystore
-Aa123456 - password
-
-#In order to generate the password OBF:..., run the following command:
-java -cp ../jetty-distribution-9.2.7.v20150116/lib/jetty-http-9.2.7.v20150116.jar:../jetty-distribution-9.2.7.v20150116/lib/jetty-util-9.2.7.v20150116.jar org.eclipse.jetty.util.security.Password Aa123456 \ No newline at end of file
diff --git a/sdc-distribution-client/etc/sdc-client.jks b/sdc-distribution-client/etc/sdc-client.jks
deleted file mode 100644
index eb0a0d3..0000000
--- a/sdc-distribution-client/etc/sdc-client.jks
+++ /dev/null
Binary files differ
diff --git a/sdc-distribution-client/etc/sdcclientstore.jks b/sdc-distribution-client/etc/sdcclientstore.jks
deleted file mode 100644
index 5dc006d..0000000
--- a/sdc-distribution-client/etc/sdcclientstore.jks
+++ /dev/null
Binary files differ
diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java
index 94e20fb..ee75102 100644
--- a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java
+++ b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java
@@ -22,6 +22,7 @@ package org.onap.sdc.http;
import java.io.FileInputStream;
import java.io.IOException;
+import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -29,6 +30,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -39,10 +41,12 @@ import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
import org.onap.sdc.api.consumer.IConfiguration;
import org.onap.sdc.utils.Pair;
@@ -71,9 +75,7 @@ public class HttpClientFactory {
}
private Pair<String, CloseableHttpClient> createHttpsClient(IConfiguration configuration) {
- return new Pair<>(HTTPS,
- initSSL(configuration.getUser(), configuration.getPassword(), configuration.getKeyStorePath(),
- configuration.getKeyStorePassword(), configuration.activateServerTLSAuth()));
+ return new Pair<>(HTTPS, initSSLMtls(configuration));
}
private Pair<String, CloseableHttpClient> createHttpClient(IConfiguration configuration) {
@@ -84,123 +86,37 @@ public class HttpClientFactory {
.setProxy(getHttpProxyHost()).build());
}
- private CloseableHttpClient initSSL(String username, String password, String keyStorePath, String keyStorePass,
- boolean isSupportSSLVerification) {
+ private CloseableHttpClient initSSLMtls(IConfiguration configuration) {
- try {
+ try (FileInputStream kis = new FileInputStream(configuration.getKeyStorePath());
+ FileInputStream tis = new FileInputStream(configuration.getTrustStorePath())) {
- // SSLContextBuilder is not thread safe
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope("localhost", AUTHORIZATION_SCOPE_PORT),
- new UsernamePasswordCredentials(username, password));
- SSLContext sslContext;
- sslContext = SSLContext.getInstance(TLS);
- TrustManagerFactory tmf = createTrustManagerFactory();
- TrustManager[] tms = tmf.getTrustManagers();
- if (isSupportSSLVerification) {
-
- if (keyStorePath != null && !keyStorePath.isEmpty()) {
- // Using null here initialises the TMF with the default
- // trust store.
-
- // Get hold of the default trust manager
- X509TrustManager defaultTm = null;
- for (TrustManager tm : tmf.getTrustManagers()) {
- if (tm instanceof X509TrustManager) {
- defaultTm = (X509TrustManager) tm;
- break;
- }
- }
-
- // Do the same with your trust store this time
- // Adapt how you load the keystore to your needs
- KeyStore trustStore = loadKeyStore(keyStorePath, keyStorePass);
-
- tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(trustStore);
-
- // Get hold of the default trust manager
- X509TrustManager myTm = null;
- for (TrustManager tm : tmf.getTrustManagers()) {
- if (tm instanceof X509TrustManager) {
- myTm = (X509TrustManager) tm;
- break;
- }
- }
-
- // Wrap it in your own class.
- final X509TrustManager finalDefaultTm = defaultTm;
- final X509TrustManager finalMyTm = myTm;
- X509TrustManager customTm = new X509TrustManager() {
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- // If you're planning to use client-cert auth,
- // merge results from "defaultTm" and "myTm".
- return finalDefaultTm.getAcceptedIssuers();
- }
-
- @Override
- public void checkServerTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- try {
- finalMyTm.checkServerTrusted(chain, authType);
- } catch (CertificateException e) {
- // This will throw another CertificateException
- // if this fails too.
- finalDefaultTm.checkServerTrusted(chain, authType);
- }
- }
-
- @Override
- public void checkClientTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- // If you're planning to use client-cert auth,
- // do the same as checking the server.
- finalDefaultTm.checkClientTrusted(chain, authType);
- }
- };
-
- tms = new TrustManager[] { customTm };
-
- }
-
- sslContext.init(null, tms, null);
- SSLContext.setDefault(sslContext);
-
- } else {
-
- SSLContextBuilder builder = new SSLContextBuilder();
-
- builder.loadTrustMaterial(null, (chain, authType) -> true);
-
- sslContext = builder.build();
- }
+ new UsernamePasswordCredentials(configuration.getUser(), configuration.getPassword()));
+
+ final KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(kis, configuration.getKeyStorePassword().toCharArray());
+ final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(ks, configuration.getKeyStorePassword().toCharArray());
+
+ final KeyStore ts = KeyStore.getInstance("JKS");
+ ts.load(tis, configuration.getTrustStorePassword().toCharArray());
+ final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ trustManagerFactory.init(ts);
+ final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ts, new TrustSelfSignedStrategy()).loadKeyMaterial(ks, configuration.getKeyStorePassword().toCharArray()).build();
HostnameVerifier hostnameVerifier = (hostname, session) -> hostname.equalsIgnoreCase(session.getPeerHost());
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { TLS }, null,
- hostnameVerifier);
+ hostnameVerifier);
+
return HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).setProxy(getHttpsProxyHost())
- .setSSLSocketFactory(sslsf).build();
+ .setSSLSocketFactory(sslsf).build();
} catch (Exception e) {
throw new HttpSdcClientException("Failed to create https client", e);
}
}
- private TrustManagerFactory createTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(DEFAULT_INIT_KEY_STORE_VALUE);
- return tmf;
- }
-
- private KeyStore loadKeyStore(String keyStorePath, String keyStorePass)
- throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
- KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- try (FileInputStream keyStoreData = new FileInputStream(keyStorePath)) {
- trustStore.load(keyStoreData, keyStorePass.toCharArray());
- }
- return trustStore;
- }
-
private HttpHost getHttpProxyHost() {
HttpHost proxyHost = null;
if (configuration.isUseSystemProxy() && System.getProperty("http.proxyHost") != null
diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java
index add4185..8841856 100644
--- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java
+++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java
@@ -21,15 +21,14 @@
package org.onap.sdc.impl;
import java.util.List;
-
import org.onap.sdc.api.consumer.IConfiguration;
public class Configuration implements IConfiguration {
- private List<String> msgBusAddressList;
+ private String msgBusAddressList;
private final String kafkaSecurityProtocolConfig;
private final String kafkaSaslMechanism;
- private final String kafkaSaslJaasConfig;
+ private String kafkaSaslJaasConfig = null;
private final int kafkaConsumerMaxPollInterval;
private final int kafkaConsumerSessionTimeout;
private String sdcStatusTopicName;
@@ -60,7 +59,9 @@ public class Configuration implements IConfiguration {
public Configuration(IConfiguration other) {
this.kafkaSecurityProtocolConfig = other.getKafkaSecurityProtocolConfig();
this.kafkaSaslMechanism = other.getKafkaSaslMechanism();
- this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig();
+ if (!"SSL".equals(this.kafkaSecurityProtocolConfig)) {
+ this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig();
+ }
this.comsumerID = other.getConsumerID();
this.consumerGroup = other.getConsumerGroup();
this.pollingInterval = other.getPollingInterval();
@@ -233,11 +234,11 @@ public class Configuration implements IConfiguration {
this.sdcNotificationTopicName = sdcNotificationTopicName;
}
- public List<String> getMsgBusAddress() {
+ public String getMsgBusAddress() {
return msgBusAddressList;
}
- public void setMsgBusAddress(List<String> newMsgBusAddress) {
+ public void setMsgBusAddress(String newMsgBusAddress) {
msgBusAddressList = newMsgBusAddress;
}
diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java
index a34ba1e..0c05b58 100644
--- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java
+++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java
@@ -30,6 +30,7 @@ import fj.data.Either;
import java.lang.reflect.Type;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
@@ -324,7 +325,7 @@ public class DistributionClientImpl implements IDistributionClient {
errorWrapper.setInnerElement(kafkaData.right().value());
} else {
KafkaDataResponse kafkaDataResponse = kafkaData.left().value();
- configuration.setMsgBusAddress(Collections.singletonList(kafkaDataResponse.getKafkaBootStrapServer()));
+ configuration.setMsgBusAddress(kafkaDataResponse.getKafkaBootStrapServer());
configuration.setNotificationTopicName(kafkaDataResponse.getDistrNotificationTopicName());
configuration.setStatusTopicName(kafkaDataResponse.getDistrStatusTopicName());
log.debug("MessageBus cluster info retrieved successfully {}", kafkaData.left().value());
diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java
index 477e677..b285bfe 100644
--- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java
+++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java
@@ -19,18 +19,22 @@
*/
package org.onap.sdc.utils.kafka;
+import java.util.Properties;
+import java.util.UUID;
+import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.clients.consumer.ConsumerConfig;
import org.apache.kafka.clients.producer.ProducerConfig;
-import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.SslConfigs;
import org.onap.sdc.impl.Configuration;
-import java.util.Properties;
-import java.util.UUID;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class KafkaCommonConfig {
+ private static final Logger log = LoggerFactory.getLogger(KafkaCommonConfig.class);
+
private final Configuration configuration;
- public KafkaCommonConfig(Configuration configuration){
+ public KafkaCommonConfig(Configuration configuration) {
this.configuration = configuration;
}
@@ -47,7 +51,6 @@ public class KafkaCommonConfig {
props.put(ConsumerConfig.ALLOW_AUTO_CREATE_TOPICS_CONFIG, false);
props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "latest");
-
return props;
}
@@ -70,10 +73,10 @@ public class KafkaCommonConfig {
props.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, configuration.getTrustStorePassword());
props.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, configuration.getTrustStorePath());
props.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, configuration.getKeyStorePassword());
+ props.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "");
props.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, configuration.getKeyStorePath());
props.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, configuration.getKeyStorePassword());
- }
- else{
+ } else {
props.put(SaslConfigs.SASL_JAAS_CONFIG, configuration.getKafkaSaslJaasConfig());
props.put(SaslConfigs.SASL_MECHANISM, configuration.getKafkaSaslMechanism());
}
diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java
index b151b23..e0b51eb 100644
--- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java
+++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java
@@ -20,18 +20,12 @@
package org.onap.sdc.utils.kafka;
-import java.util.List;
import java.util.Properties;
-import java.util.UUID;
import java.util.concurrent.Future;
-import org.apache.kafka.clients.CommonClientConfigs;
import org.apache.kafka.clients.producer.KafkaProducer;
-import org.apache.kafka.clients.producer.ProducerConfig;
import org.apache.kafka.clients.producer.ProducerRecord;
import org.apache.kafka.clients.producer.RecordMetadata;
import org.apache.kafka.common.KafkaException;
-import org.apache.kafka.common.config.SaslConfigs;
-import org.apache.kafka.common.config.SslConfigs;
import org.onap.sdc.impl.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -43,7 +37,7 @@ public class SdcKafkaProducer {
private static final Logger log = LoggerFactory.getLogger(SdcKafkaProducer.class);
final KafkaProducer<String, String> producer;
- private final List<String> msgBusAddresses;
+ private final String msgBusAddresses;
private final String topicName;
/**
@@ -89,9 +83,9 @@ public class SdcKafkaProducer {
}
/**
- * @return The list kafka endpoints
+ * @return The list of kafka endpoints
*/
- public List<String> getMsgBusAddresses() {
+ public String getMsgBusAddresses() {
return msgBusAddresses;
}
diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java
index 2292fc4..3ee2d02 100644
--- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java
+++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java
@@ -41,8 +41,10 @@ class HttpClientFactoryTest {
TestConfiguration config = spy(new TestConfiguration());
HttpClientFactory httpClientFactory = new HttpClientFactory(config);
when(config.activateServerTLSAuth()).thenReturn(true);
- when(config.getKeyStorePath()).thenReturn("src/test/resources/sdc-client.jks");
- when(config.getKeyStorePassword()).thenReturn("Aa123456");
+ when(config.getKeyStorePath()).thenReturn("src/test/resources/sdc-user-keystore.jks");
+ when(config.getKeyStorePassword()).thenReturn("zreRDCnNLsZ7");
+ when(config.getTrustStorePath()).thenReturn("src/test/resources/sdc-user-truststore.jks");
+ when(config.getTrustStorePassword()).thenReturn("changeit");
Pair<String, CloseableHttpClient> client = httpClientFactory.createInstance();
SSLConnectionSocketFactory sslsf = spy(SSLConnectionSocketFactory.getSocketFactory());
CredentialsProvider credsProvider = new BasicCredentialsProvider();
diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java
index e449c4c..b2c1128 100644
--- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java
+++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java
@@ -87,7 +87,10 @@ public class SdcConnectorClientTest {
when(conf.getUser()).thenReturn("user");
when(conf.getPassword()).thenReturn("password");
when(conf.isUseHttpsWithSDC()).thenReturn(true);
-
+ when(conf.getKeyStorePath()).thenReturn("src/test/resources/sdc-user-keystore.jks");
+ when(conf.getKeyStorePassword()).thenReturn("zreRDCnNLsZ7");
+ when(conf.getTrustStorePath()).thenReturn("src/test/resources/sdc-user-truststore.jks");
+ when(conf.getTrustStorePassword()).thenReturn("changeit");
when(conf.activateServerTLSAuth()).thenReturn(false);
final HttpSdcClient httpClient = new HttpSdcClient(conf);
SdcConnectorClient client = new SdcConnectorClient(conf, httpClient);
diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java
index 36730b5..a60a785 100644
--- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java
+++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java
@@ -35,8 +35,7 @@ public class KafkaCommonConfigTest {
@Test
public void testConsumerPropertiesNoSSL(){
- List<String> msgBusAddress = new ArrayList<>();
- msgBusAddress.add("address1");
+ String msgBusAddress = "address1";
testConfigNoSSL.setMsgBusAddress(msgBusAddress);
KafkaCommonConfig kafkaCommonConfig = new KafkaCommonConfig(testConfigNoSSL);
Properties consumerProperties = kafkaCommonConfig.getConsumerProperties();
@@ -45,8 +44,7 @@ public class KafkaCommonConfigTest {
@Test
public void testProducerPropertiesWithSSL(){
- List<String> msgBusAddress = new ArrayList<>();
- msgBusAddress.add("address1");
+ String msgBusAddress = "address1";
testConfigWithSSL.setMsgBusAddress(msgBusAddress);
KafkaCommonConfig kafkaCommonConfig = new KafkaCommonConfig(testConfigWithSSL);
Properties consumerProperties = kafkaCommonConfig.getProducerProperties();
diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java
index c0c60a8..a4d348c 100644
--- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java
+++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java
@@ -57,7 +57,7 @@ class SdcKafkaTest {
startKafkaService();
KafkaTestUtils utils = new KafkaTestUtils(kafkaTestCluster);
utils.createTopic(topicName, 1, (short) 1);
- configuration.setMsgBusAddress(Collections.singletonList(kafkaTestCluster.getKafkaConnectString()));
+ configuration.setMsgBusAddress(kafkaTestCluster.getKafkaConnectString());
}
@AfterAll
diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java
index a132cd0..b75d231 100644
--- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java
+++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java
@@ -42,6 +42,8 @@ public class TestConfiguration implements IConfiguration {
private final int kafkaConsumerSessionTimeout;
private String keyStorePath;
private String keyStorePassword;
+ private String trustStorePath;
+ private String trustStorePassword;
private boolean activateServerTLSAuth;
private boolean isFilterInEmptyResources;
private boolean useHttpsWithSDC;
@@ -66,8 +68,10 @@ public class TestConfiguration implements IConfiguration {
this.relevantArtifactTypes = new ArrayList<>();
this.relevantArtifactTypes.add(ArtifactTypeEnum.HEAT.name());
this.user = "mso-user";
- this.keyStorePath = "etc/sdc-client.jks";
- this.keyStorePassword = "Aa123456";
+ this.keyStorePath = "src/test/resources/etc/sdc-user-keystore.jks";
+ this.keyStorePassword = "zreRDCnNLsZ7";
+ this.trustStorePath = "src/test/resources/etc/sdc-user-truststore.jks";
+ this.trustStorePassword = "changeit";
this.activateServerTLSAuth = true;
this.isFilterInEmptyResources = false;
this.useHttpsWithSDC = true;
@@ -155,6 +159,16 @@ public class TestConfiguration implements IConfiguration {
return keyStorePassword;
}
+ @Override
+ public String getTrustStorePath() {
+ return trustStorePath;
+ }
+
+ @Override
+ public String getTrustStorePassword() {
+ return trustStorePassword;
+ }
+
public String getConsumerID() {
return consumerID;
}
diff --git a/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks b/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks
new file mode 100644
index 0000000..7c3c72a
--- /dev/null
+++ b/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks
Binary files differ
diff --git a/sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks b/sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks
new file mode 100644
index 0000000..d1fb017
--- /dev/null
+++ b/sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks
Binary files differ
diff --git a/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks b/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks
new file mode 100644
index 0000000..7c3c72a
--- /dev/null
+++ b/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks
Binary files differ
diff --git a/sdc-distribution-client/src/test/resources/sdc-user-truststore.jks b/sdc-distribution-client/src/test/resources/sdc-user-truststore.jks
new file mode 100644
index 0000000..d1fb017
--- /dev/null
+++ b/sdc-distribution-client/src/test/resources/sdc-user-truststore.jks
Binary files differ