diff options
author | efiacor <fiachra.corcoran@est.tech> | 2023-05-08 18:17:03 +0100 |
---|---|---|
committer | efiacor <fiachra.corcoran@est.tech> | 2023-06-13 18:56:19 +0100 |
commit | ac4baf28eab0a4412810f02237b981933c985e95 (patch) | |
tree | c9fc3c3a6c35e5481b261ff2acc912bdf708fa12 | |
parent | 289c0ceb2b3b0565ae19014a4cfa06a1bf10ccc3 (diff) |
[SDC-DISTRO-CLIENT] SSL config updates
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: Iacaf5072241e56bf72db13acef0f533814ae8989
Issue-ID: SDC-4476
21 files changed, 83 insertions, 164 deletions
diff --git a/sdc-distribution-ci/etc/sdc-user-keystore.jks b/sdc-distribution-ci/etc/sdc-user-keystore.jks Binary files differnew file mode 100644 index 0000000..7c3c72a --- /dev/null +++ b/sdc-distribution-ci/etc/sdc-user-keystore.jks diff --git a/sdc-distribution-ci/etc/sdc-user-truststore.jks b/sdc-distribution-ci/etc/sdc-user-truststore.jks Binary files differnew file mode 100644 index 0000000..d1fb017 --- /dev/null +++ b/sdc-distribution-ci/etc/sdc-user-truststore.jks diff --git a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java index f229216..fc818fd 100644 --- a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java +++ b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java @@ -34,8 +34,14 @@ public class DistributionClientConfig implements IConfiguration { public static final int DEFAULT_POLLING_INTERVAL = 20; public static final int DEFAULT_POLLING_TIMEOUT = 20; public static final String DEFAULT_USER = "dcae"; - public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-client.jks"; - public static final String DEFAULT_KEY_STORE_PASSWORD = "Aa123456"; + private String keyStorePath; + private String keyStorePassword; + public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-user-keystore.jks"; + public static final String DEFAULT_KEY_STORE_PASSWORD = "zreRDCnNLsZ7"; + public static final String DEFAULT_TRUST_STORE_PATH = "etc/sdc-user-truststore.jks"; + public static final String DEFAULT_TRUST_STORE_PASSWORD = "changeit"; + public String trustStorePath; + public String trustStorePassword; public static final boolean DEFAULT_ACTIVATE_SERVER_TLS_AUTH = false; public static final boolean DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES = true; public static final boolean DEFAULT_USE_HTTPS_WITH_SDC = false; @@ -48,10 +54,6 @@ public class DistributionClientConfig implements IConfiguration { private String consumerGroup; private String environmentName; private String comsumerID; - private String keyStorePath; - private String keyStorePassword; - private final String trustStorePath; - private final String trustStorePassword; private boolean activateServerTLSAuth; private boolean isFilterInEmptyResources; private boolean useHttpsWithSDC; @@ -77,8 +79,8 @@ public class DistributionClientConfig implements IConfiguration { this.user = DEFAULT_USER; this.keyStorePath = DEFAULT_KEY_STORE_PATH; this.keyStorePassword = DEFAULT_KEY_STORE_PASSWORD; - this.trustStorePath = DEFAULT_KEY_STORE_PATH; - this.trustStorePassword = DEFAULT_KEY_STORE_PASSWORD; + this.trustStorePath = DEFAULT_TRUST_STORE_PATH; + this.trustStorePassword = DEFAULT_TRUST_STORE_PASSWORD; this.activateServerTLSAuth = DEFAULT_ACTIVATE_SERVER_TLS_AUTH; this.isFilterInEmptyResources = DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES; this.useHttpsWithSDC = DEFAULT_USE_HTTPS_WITH_SDC; diff --git a/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java b/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java index e2eabc1..8de8949 100644 --- a/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java +++ b/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java @@ -33,6 +33,7 @@ public class CustomKafkaContainer extends FixedHostPortGenericContainer<CustomKa this.externalZookeeperConnect = null; this.withExposedPorts(9093); this.withEnv("KAFKA_LISTENERS", "PLAINTEXT://0.0.0.0:9093,BROKER://0.0.0.0:9092"); + this.withEnv("KAFKA_ADVERTISED_LISTENERS", "SSL"); this.withEnv("KAFKA_LISTENER_SECURITY_PROTOCOL_MAP", "BROKER:PLAINTEXT,PLAINTEXT:PLAINTEXT"); this.withEnv("KAFKA_INTER_BROKER_LISTENER_NAME", "BROKER"); this.withEnv("KAFKA_BROKER_ID", "1"); diff --git a/sdc-distribution-client/etc/README.txt b/sdc-distribution-client/etc/README.txt deleted file mode 100644 index bbbbd07..0000000 --- a/sdc-distribution-client/etc/README.txt +++ /dev/null @@ -1,16 +0,0 @@ -keytool -genkeypair -keystore catalogbe.jks -alias catalogbe -keypass Aa123456 -storepass Aa123456 -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=Catalog BE, OU=Development, O=AT&T, L=TLV, C=IL" - - -3650 – 10 years validity -Eyal Sofer – creator -Development – Organization unit -AT&T – Organization -TLV- City -IL – Country code - - -catalogbe.jks – name of keystore -Aa123456 - password - -#In order to generate the password OBF:..., run the following command: -java -cp ../jetty-distribution-9.2.7.v20150116/lib/jetty-http-9.2.7.v20150116.jar:../jetty-distribution-9.2.7.v20150116/lib/jetty-util-9.2.7.v20150116.jar org.eclipse.jetty.util.security.Password Aa123456
\ No newline at end of file diff --git a/sdc-distribution-client/etc/sdc-client.jks b/sdc-distribution-client/etc/sdc-client.jks Binary files differdeleted file mode 100644 index eb0a0d3..0000000 --- a/sdc-distribution-client/etc/sdc-client.jks +++ /dev/null diff --git a/sdc-distribution-client/etc/sdcclientstore.jks b/sdc-distribution-client/etc/sdcclientstore.jks Binary files differdeleted file mode 100644 index 5dc006d..0000000 --- a/sdc-distribution-client/etc/sdcclientstore.jks +++ /dev/null diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java index 94e20fb..ee75102 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java @@ -22,6 +22,7 @@ package org.onap.sdc.http; import java.io.FileInputStream; import java.io.IOException; +import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -29,6 +30,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -39,10 +41,12 @@ import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; import org.onap.sdc.api.consumer.IConfiguration; import org.onap.sdc.utils.Pair; @@ -71,9 +75,7 @@ public class HttpClientFactory { } private Pair<String, CloseableHttpClient> createHttpsClient(IConfiguration configuration) { - return new Pair<>(HTTPS, - initSSL(configuration.getUser(), configuration.getPassword(), configuration.getKeyStorePath(), - configuration.getKeyStorePassword(), configuration.activateServerTLSAuth())); + return new Pair<>(HTTPS, initSSLMtls(configuration)); } private Pair<String, CloseableHttpClient> createHttpClient(IConfiguration configuration) { @@ -84,123 +86,37 @@ public class HttpClientFactory { .setProxy(getHttpProxyHost()).build()); } - private CloseableHttpClient initSSL(String username, String password, String keyStorePath, String keyStorePass, - boolean isSupportSSLVerification) { + private CloseableHttpClient initSSLMtls(IConfiguration configuration) { - try { + try (FileInputStream kis = new FileInputStream(configuration.getKeyStorePath()); + FileInputStream tis = new FileInputStream(configuration.getTrustStorePath())) { - // SSLContextBuilder is not thread safe CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(new AuthScope("localhost", AUTHORIZATION_SCOPE_PORT), - new UsernamePasswordCredentials(username, password)); - SSLContext sslContext; - sslContext = SSLContext.getInstance(TLS); - TrustManagerFactory tmf = createTrustManagerFactory(); - TrustManager[] tms = tmf.getTrustManagers(); - if (isSupportSSLVerification) { - - if (keyStorePath != null && !keyStorePath.isEmpty()) { - // Using null here initialises the TMF with the default - // trust store. - - // Get hold of the default trust manager - X509TrustManager defaultTm = null; - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - defaultTm = (X509TrustManager) tm; - break; - } - } - - // Do the same with your trust store this time - // Adapt how you load the keystore to your needs - KeyStore trustStore = loadKeyStore(keyStorePath, keyStorePass); - - tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(trustStore); - - // Get hold of the default trust manager - X509TrustManager myTm = null; - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - myTm = (X509TrustManager) tm; - break; - } - } - - // Wrap it in your own class. - final X509TrustManager finalDefaultTm = defaultTm; - final X509TrustManager finalMyTm = myTm; - X509TrustManager customTm = new X509TrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - // If you're planning to use client-cert auth, - // merge results from "defaultTm" and "myTm". - return finalDefaultTm.getAcceptedIssuers(); - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - try { - finalMyTm.checkServerTrusted(chain, authType); - } catch (CertificateException e) { - // This will throw another CertificateException - // if this fails too. - finalDefaultTm.checkServerTrusted(chain, authType); - } - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - // If you're planning to use client-cert auth, - // do the same as checking the server. - finalDefaultTm.checkClientTrusted(chain, authType); - } - }; - - tms = new TrustManager[] { customTm }; - - } - - sslContext.init(null, tms, null); - SSLContext.setDefault(sslContext); - - } else { - - SSLContextBuilder builder = new SSLContextBuilder(); - - builder.loadTrustMaterial(null, (chain, authType) -> true); - - sslContext = builder.build(); - } + new UsernamePasswordCredentials(configuration.getUser(), configuration.getPassword())); + + final KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(kis, configuration.getKeyStorePassword().toCharArray()); + final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(ks, configuration.getKeyStorePassword().toCharArray()); + + final KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(tis, configuration.getTrustStorePassword().toCharArray()); + final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(ts); + final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ts, new TrustSelfSignedStrategy()).loadKeyMaterial(ks, configuration.getKeyStorePassword().toCharArray()).build(); HostnameVerifier hostnameVerifier = (hostname, session) -> hostname.equalsIgnoreCase(session.getPeerHost()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { TLS }, null, - hostnameVerifier); + hostnameVerifier); + return HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).setProxy(getHttpsProxyHost()) - .setSSLSocketFactory(sslsf).build(); + .setSSLSocketFactory(sslsf).build(); } catch (Exception e) { throw new HttpSdcClientException("Failed to create https client", e); } } - private TrustManagerFactory createTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(DEFAULT_INIT_KEY_STORE_VALUE); - return tmf; - } - - private KeyStore loadKeyStore(String keyStorePath, String keyStorePass) - throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { - KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (FileInputStream keyStoreData = new FileInputStream(keyStorePath)) { - trustStore.load(keyStoreData, keyStorePass.toCharArray()); - } - return trustStore; - } - private HttpHost getHttpProxyHost() { HttpHost proxyHost = null; if (configuration.isUseSystemProxy() && System.getProperty("http.proxyHost") != null diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java index add4185..8841856 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java @@ -21,15 +21,14 @@ package org.onap.sdc.impl; import java.util.List; - import org.onap.sdc.api.consumer.IConfiguration; public class Configuration implements IConfiguration { - private List<String> msgBusAddressList; + private String msgBusAddressList; private final String kafkaSecurityProtocolConfig; private final String kafkaSaslMechanism; - private final String kafkaSaslJaasConfig; + private String kafkaSaslJaasConfig = null; private final int kafkaConsumerMaxPollInterval; private final int kafkaConsumerSessionTimeout; private String sdcStatusTopicName; @@ -60,7 +59,9 @@ public class Configuration implements IConfiguration { public Configuration(IConfiguration other) { this.kafkaSecurityProtocolConfig = other.getKafkaSecurityProtocolConfig(); this.kafkaSaslMechanism = other.getKafkaSaslMechanism(); - this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig(); + if (!"SSL".equals(this.kafkaSecurityProtocolConfig)) { + this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig(); + } this.comsumerID = other.getConsumerID(); this.consumerGroup = other.getConsumerGroup(); this.pollingInterval = other.getPollingInterval(); @@ -233,11 +234,11 @@ public class Configuration implements IConfiguration { this.sdcNotificationTopicName = sdcNotificationTopicName; } - public List<String> getMsgBusAddress() { + public String getMsgBusAddress() { return msgBusAddressList; } - public void setMsgBusAddress(List<String> newMsgBusAddress) { + public void setMsgBusAddress(String newMsgBusAddress) { msgBusAddressList = newMsgBusAddress; } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java index a34ba1e..0c05b58 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java @@ -30,6 +30,7 @@ import fj.data.Either; import java.lang.reflect.Type; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.UUID; @@ -324,7 +325,7 @@ public class DistributionClientImpl implements IDistributionClient { errorWrapper.setInnerElement(kafkaData.right().value()); } else { KafkaDataResponse kafkaDataResponse = kafkaData.left().value(); - configuration.setMsgBusAddress(Collections.singletonList(kafkaDataResponse.getKafkaBootStrapServer())); + configuration.setMsgBusAddress(kafkaDataResponse.getKafkaBootStrapServer()); configuration.setNotificationTopicName(kafkaDataResponse.getDistrNotificationTopicName()); configuration.setStatusTopicName(kafkaDataResponse.getDistrStatusTopicName()); log.debug("MessageBus cluster info retrieved successfully {}", kafkaData.left().value()); diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java index 477e677..b285bfe 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java @@ -19,18 +19,22 @@ */ package org.onap.sdc.utils.kafka; +import java.util.Properties; +import java.util.UUID; +import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.clients.consumer.ConsumerConfig; import org.apache.kafka.clients.producer.ProducerConfig; -import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.common.config.SaslConfigs; import org.apache.kafka.common.config.SslConfigs; import org.onap.sdc.impl.Configuration; -import java.util.Properties; -import java.util.UUID; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class KafkaCommonConfig { + private static final Logger log = LoggerFactory.getLogger(KafkaCommonConfig.class); + private final Configuration configuration; - public KafkaCommonConfig(Configuration configuration){ + public KafkaCommonConfig(Configuration configuration) { this.configuration = configuration; } @@ -47,7 +51,6 @@ public class KafkaCommonConfig { props.put(ConsumerConfig.ALLOW_AUTO_CREATE_TOPICS_CONFIG, false); props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "latest"); - return props; } @@ -70,10 +73,10 @@ public class KafkaCommonConfig { props.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, configuration.getTrustStorePassword()); props.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, configuration.getTrustStorePath()); props.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, configuration.getKeyStorePassword()); + props.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, ""); props.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, configuration.getKeyStorePath()); props.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, configuration.getKeyStorePassword()); - } - else{ + } else { props.put(SaslConfigs.SASL_JAAS_CONFIG, configuration.getKafkaSaslJaasConfig()); props.put(SaslConfigs.SASL_MECHANISM, configuration.getKafkaSaslMechanism()); } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java index b151b23..e0b51eb 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java @@ -20,18 +20,12 @@ package org.onap.sdc.utils.kafka; -import java.util.List; import java.util.Properties; -import java.util.UUID; import java.util.concurrent.Future; -import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.clients.producer.KafkaProducer; -import org.apache.kafka.clients.producer.ProducerConfig; import org.apache.kafka.clients.producer.ProducerRecord; import org.apache.kafka.clients.producer.RecordMetadata; import org.apache.kafka.common.KafkaException; -import org.apache.kafka.common.config.SaslConfigs; -import org.apache.kafka.common.config.SslConfigs; import org.onap.sdc.impl.Configuration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,7 +37,7 @@ public class SdcKafkaProducer { private static final Logger log = LoggerFactory.getLogger(SdcKafkaProducer.class); final KafkaProducer<String, String> producer; - private final List<String> msgBusAddresses; + private final String msgBusAddresses; private final String topicName; /** @@ -89,9 +83,9 @@ public class SdcKafkaProducer { } /** - * @return The list kafka endpoints + * @return The list of kafka endpoints */ - public List<String> getMsgBusAddresses() { + public String getMsgBusAddresses() { return msgBusAddresses; } diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java index 2292fc4..3ee2d02 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java @@ -41,8 +41,10 @@ class HttpClientFactoryTest { TestConfiguration config = spy(new TestConfiguration()); HttpClientFactory httpClientFactory = new HttpClientFactory(config); when(config.activateServerTLSAuth()).thenReturn(true); - when(config.getKeyStorePath()).thenReturn("src/test/resources/sdc-client.jks"); - when(config.getKeyStorePassword()).thenReturn("Aa123456"); + when(config.getKeyStorePath()).thenReturn("src/test/resources/sdc-user-keystore.jks"); + when(config.getKeyStorePassword()).thenReturn("zreRDCnNLsZ7"); + when(config.getTrustStorePath()).thenReturn("src/test/resources/sdc-user-truststore.jks"); + when(config.getTrustStorePassword()).thenReturn("changeit"); Pair<String, CloseableHttpClient> client = httpClientFactory.createInstance(); SSLConnectionSocketFactory sslsf = spy(SSLConnectionSocketFactory.getSocketFactory()); CredentialsProvider credsProvider = new BasicCredentialsProvider(); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java index e449c4c..b2c1128 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java @@ -87,7 +87,10 @@ public class SdcConnectorClientTest { when(conf.getUser()).thenReturn("user"); when(conf.getPassword()).thenReturn("password"); when(conf.isUseHttpsWithSDC()).thenReturn(true); - + when(conf.getKeyStorePath()).thenReturn("src/test/resources/sdc-user-keystore.jks"); + when(conf.getKeyStorePassword()).thenReturn("zreRDCnNLsZ7"); + when(conf.getTrustStorePath()).thenReturn("src/test/resources/sdc-user-truststore.jks"); + when(conf.getTrustStorePassword()).thenReturn("changeit"); when(conf.activateServerTLSAuth()).thenReturn(false); final HttpSdcClient httpClient = new HttpSdcClient(conf); SdcConnectorClient client = new SdcConnectorClient(conf, httpClient); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java index 36730b5..a60a785 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java @@ -35,8 +35,7 @@ public class KafkaCommonConfigTest { @Test public void testConsumerPropertiesNoSSL(){ - List<String> msgBusAddress = new ArrayList<>(); - msgBusAddress.add("address1"); + String msgBusAddress = "address1"; testConfigNoSSL.setMsgBusAddress(msgBusAddress); KafkaCommonConfig kafkaCommonConfig = new KafkaCommonConfig(testConfigNoSSL); Properties consumerProperties = kafkaCommonConfig.getConsumerProperties(); @@ -45,8 +44,7 @@ public class KafkaCommonConfigTest { @Test public void testProducerPropertiesWithSSL(){ - List<String> msgBusAddress = new ArrayList<>(); - msgBusAddress.add("address1"); + String msgBusAddress = "address1"; testConfigWithSSL.setMsgBusAddress(msgBusAddress); KafkaCommonConfig kafkaCommonConfig = new KafkaCommonConfig(testConfigWithSSL); Properties consumerProperties = kafkaCommonConfig.getProducerProperties(); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java index c0c60a8..a4d348c 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java @@ -57,7 +57,7 @@ class SdcKafkaTest { startKafkaService(); KafkaTestUtils utils = new KafkaTestUtils(kafkaTestCluster); utils.createTopic(topicName, 1, (short) 1); - configuration.setMsgBusAddress(Collections.singletonList(kafkaTestCluster.getKafkaConnectString())); + configuration.setMsgBusAddress(kafkaTestCluster.getKafkaConnectString()); } @AfterAll diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java index a132cd0..b75d231 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java @@ -42,6 +42,8 @@ public class TestConfiguration implements IConfiguration { private final int kafkaConsumerSessionTimeout; private String keyStorePath; private String keyStorePassword; + private String trustStorePath; + private String trustStorePassword; private boolean activateServerTLSAuth; private boolean isFilterInEmptyResources; private boolean useHttpsWithSDC; @@ -66,8 +68,10 @@ public class TestConfiguration implements IConfiguration { this.relevantArtifactTypes = new ArrayList<>(); this.relevantArtifactTypes.add(ArtifactTypeEnum.HEAT.name()); this.user = "mso-user"; - this.keyStorePath = "etc/sdc-client.jks"; - this.keyStorePassword = "Aa123456"; + this.keyStorePath = "src/test/resources/etc/sdc-user-keystore.jks"; + this.keyStorePassword = "zreRDCnNLsZ7"; + this.trustStorePath = "src/test/resources/etc/sdc-user-truststore.jks"; + this.trustStorePassword = "changeit"; this.activateServerTLSAuth = true; this.isFilterInEmptyResources = false; this.useHttpsWithSDC = true; @@ -155,6 +159,16 @@ public class TestConfiguration implements IConfiguration { return keyStorePassword; } + @Override + public String getTrustStorePath() { + return trustStorePath; + } + + @Override + public String getTrustStorePassword() { + return trustStorePassword; + } + public String getConsumerID() { return consumerID; } diff --git a/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks b/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks Binary files differnew file mode 100644 index 0000000..7c3c72a --- /dev/null +++ b/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks diff --git a/sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks b/sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks Binary files differnew file mode 100644 index 0000000..d1fb017 --- /dev/null +++ b/sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks diff --git a/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks b/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks Binary files differnew file mode 100644 index 0000000..7c3c72a --- /dev/null +++ b/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks diff --git a/sdc-distribution-client/src/test/resources/sdc-user-truststore.jks b/sdc-distribution-client/src/test/resources/sdc-user-truststore.jks Binary files differnew file mode 100644 index 0000000..d1fb017 --- /dev/null +++ b/sdc-distribution-client/src/test/resources/sdc-user-truststore.jks |