diff options
author | priyanshu <pagarwal@amdocs.com> | 2019-03-14 21:18:06 +0530 |
---|---|---|
committer | priyanshu <pagarwal@amdocs.com> | 2019-03-15 11:12:21 +0530 |
commit | 91d1f6c223464dbc62fbca330110c7c46ac2028e (patch) | |
tree | 4e3196e75c75b71aab9f921764a9dd5658b451f9 /workflow-designer-be/src | |
parent | ee0b26c61e4eb9251fb3a2fcc31fb276dcae7865 (diff) |
Secure cassandra support on WF BE
1. Added support for secure cassandra on WF BE.
2. By default the SSL is not enabled.
3. updated ReadMe.
Change-Id: I2ddb5ebf091fd70c9693e7cc325fb44d03949dd6
Issue-ID: SDC-2194
Signed-off-by: priyanshu <pagarwal@amdocs.com>
Diffstat (limited to 'workflow-designer-be/src')
3 files changed, 68 insertions, 14 deletions
diff --git a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/ZusammenConfig.java b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/ZusammenConfig.java index 23e8643b..700b1b9f 100644 --- a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/ZusammenConfig.java +++ b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/ZusammenConfig.java @@ -16,23 +16,44 @@ package org.onap.sdc.workflow.server.config; +import com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions; +import com.datastax.driver.core.SSLOptions; +import java.io.FileInputStream; +import java.security.KeyStore; +import java.security.SecureRandom; import javax.annotation.PostConstruct; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import org.springframework.beans.factory.BeanCreationException; import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.cassandra.ClusterBuilderCustomizer; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration public class ZusammenConfig { - @Value("${zusammen-tenant:workflow}") + @Value("${spring.data.cassandra.keyspace-name}") private String tenant; - @Value("${spring.data.cassandra.contact-points:localhost}") + @Value("${spring.data.cassandra.contact-points}") private String cassandraAddress; - @Value("${spring.data.cassandra.username:}") + @Value("${spring.data.cassandra.username}") private String cassandraUser; - @Value("${spring.data.cassandra.password:}") + @Value("${spring.data.cassandra.password}") private String cassandraPassword; - @Value("${zusammen.cassandra.isAuthenticate:false}") + @Value("${zusammen.cassandra.isAuthenticate}") private String cassandraAuth; + @Value("${spring.data.cassandra.ssl}") + private String cassandraSSL; + @Value("${zusammen.cassandra.trustStorePath}") + private String cassandraTrustStorePath; + @Value("${zusammen.cassandra.trustStorePassword}") + private String cassandraTrustStorePassword; + + private static final String[] CIPHER_SUITES = {"TLS_RSA_WITH_AES_128_CBC_SHA"}; + private static final String KEYSTORE_TYPE = "JKS"; + private static final String SECURE_SOCKET_PROTOCOL = "SSL"; @PostConstruct public void init() { @@ -40,9 +61,36 @@ public class ZusammenConfig { System.setProperty("cassandra.user", cassandraUser); System.setProperty("cassandra.password", cassandraPassword); System.setProperty("cassandra.authenticate", Boolean.toString(Boolean.valueOf(cassandraAuth))); + System.setProperty("cassandra.ssl", Boolean.toString(Boolean.valueOf(cassandraSSL))); + System.setProperty("cassandra.truststore", cassandraTrustStorePath); + System.setProperty("cassandra.truststore.password", cassandraTrustStorePassword); } public String getTenant() { return tenant; } + + @Bean + @ConditionalOnProperty("spring.data.cassandra.ssl") + ClusterBuilderCustomizer clusterBuilderCustomizer() { + SSLOptions sslOptions = RemoteEndpointAwareJdkSSLOptions + .builder() + .withSSLContext(getSslContext()) + .withCipherSuites(CIPHER_SUITES).build(); + return builder -> builder.withSSL(sslOptions); + } + + private SSLContext getSslContext() { + try (FileInputStream tsf = new FileInputStream(cassandraTrustStorePath)) { + SSLContext ctx = SSLContext.getInstance(SECURE_SOCKET_PROTOCOL); + KeyStore ts = KeyStore.getInstance(KEYSTORE_TYPE); + ts.load(tsf, cassandraTrustStorePassword.toCharArray()); + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(ts); + ctx.init(null, tmf.getTrustManagers(), new SecureRandom()); + return ctx; + } catch (Exception ex) { + throw new BeanCreationException(ex.getMessage(), ex); + } + } }
\ No newline at end of file diff --git a/workflow-designer-be/src/main/resources/application-dev.properties b/workflow-designer-be/src/main/resources/application-dev.properties index 97d81ac3..98eda721 100644 --- a/workflow-designer-be/src/main/resources/application-dev.properties +++ b/workflow-designer-be/src/main/resources/application-dev.properties @@ -17,10 +17,10 @@ server.servlet.context-path=/ http.port=${HTTP_PORT:8080} server.port=${SERVER_PORT:8443} -server.ssl.enabled=${SSL_ENABLED:false} -server.ssl.key-password=${SSL_KEY_PASSWORD:} -server.ssl.key-store=${SSL_KEYSTORE_PATH:} -server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:} +server.ssl.enabled=${SERVER_SSL_ENABLED:false} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:} +server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:} +server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:} sdc.be.protocol=${SDC_PROTOCOL:} sdc.be.endpoint=${SDC_ENDPOINT:} @@ -34,6 +34,9 @@ spring.data.cassandra.port=${CS_PORT:9042} spring.data.cassandra.username=${CS_USER:} spring.data.cassandra.password=${CS_PASSWORD:} zusammen.cassandra.isAuthenticate=${CS_AUTHENTICATE:false} +spring.data.cassandra.ssl=${CS_SSL_ENABLED:false} +zusammen.cassandra.trustStorePath=${CS_TRUST_STORE_PATH:} +zusammen.cassandra.trustStorePassword=${CS_TRUST_STORE_PASSWORD:} #Actuators management.endpoint.health.show-details=always diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties index 1ff8311a..d189fbb0 100644 --- a/workflow-designer-be/src/main/resources/application.properties +++ b/workflow-designer-be/src/main/resources/application.properties @@ -17,10 +17,10 @@ server.servlet.context-path=/ http.port=${HTTP_PORT:8080} server.port=${SERVER_PORT:8443} -server.ssl.enabled=${SSL_ENABLED:false} -server.ssl.key-password=${SSL_KEY_PASSWORD:} -server.ssl.key-store=${SSL_KEYSTORE_PATH:} -server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:} +server.ssl.enabled=${SERVER_SSL_ENABLED:false} +server.ssl.key-password=${SERVER_SSL_KEY_PASSWORD:} +server.ssl.key-store=${SERVER_SSL_KEYSTORE_PATH:} +server.ssl.key-store-type=${SERVER_SSL_KEYSTORE_TYPE:} sdc.be.protocol=${SDC_PROTOCOL:} sdc.be.endpoint=${SDC_ENDPOINT:} @@ -33,7 +33,10 @@ spring.data.cassandra.keyspace-name=workflow spring.data.cassandra.port=${CS_PORT:9042} spring.data.cassandra.username=${CS_USER:} spring.data.cassandra.password=${CS_PASSWORD:} -zusammen.cassandra.isAuthenticate=${CS_AUTHENTICATE:true} +zusammen.cassandra.isAuthenticate=${CS_AUTHENTICATE:false} +spring.data.cassandra.ssl=${CS_SSL_ENABLED:false} +zusammen.cassandra.trustStorePath=${CS_TRUST_STORE_PATH:} +zusammen.cassandra.trustStorePassword=${CS_TRUST_STORE_PASSWORD:} #Actuators management.endpoint.health.show-details=always |