aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichaelMorris <michael.morris@est.tech>2019-07-18 11:42:07 +0000
committerMichaelMorris <michael.morris@est.tech>2019-07-18 11:42:07 +0000
commitd419c8d0fbfb235234c5a3f01711b1c76a9748bb (patch)
tree36ea085aac53cb5417495bed6b29cc57e70bd416
parent785c77ae295b287678d4842269222c31b3e4c330 (diff)
Implement TLS for calls from VNFM adapter to VNFM
Issue-ID: SO-2116 Change-Id: I1e5bdfcf3164545c89fb370014d49ef3ae6a9cf1 Signed-off-by: MichaelMorris <michael.morris@est.tech>
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml18
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java3
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java8
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java53
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java2
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java2
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml6
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jksbin0 -> 1413 bytes
-rw-r--r--vnfm-simulator/vnfm-service/pom.xml18
-rw-r--r--vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java10
-rw-r--r--vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/controller/SvnfmController.java2
-rw-r--r--vnfm-simulator/vnfm-service/src/main/resources/application.yaml7
-rw-r--r--vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-simulator.p12bin0 -> 4079 bytes
13 files changed, 118 insertions, 11 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml
index 09c28f93f1..e2dd64d0f4 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml
@@ -58,6 +58,24 @@
</configuration>
</plugin>
</plugins>
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ <filtering>true</filtering>
+ <excludes>
+ <exclude>**/*.p12</exclude>
+ <exclude>**/*.jks</exclude>
+ </excludes>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ <filtering>false</filtering>
+ <includes>
+ <include>**/*.p12</include>
+ <include>**/*.jks</include>
+ </includes>
+ </resource>
+ </resources>
</build>
<dependencies>
<dependency>
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java
index 57d6615d66..735e1f9d42 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java
@@ -49,6 +49,7 @@ import java.util.NoSuchElementException;
import java.util.Set;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
+import javax.net.ssl.SSLContext;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
@@ -133,7 +134,7 @@ public class SdcPackageProvider {
private byte[] getPackage(final String csarId) {
final String SERVICE_NAME = "vnfm-adapter";
- try (CloseableHttpClient client = HttpClients.createDefault()) {
+ try (CloseableHttpClient client = HttpClients.custom().setSSLContext(SSLContext.getDefault()).build()) {
final HttpGet httpget = new HttpGet(format(GET_PACKAGE_URL, baseUrl, csarId));
httpget.setHeader(ACCEPT, APPLICATION_OCTET_STREAM_VALUE);
httpget.setHeader("X-ECOMP-InstanceID", SERVICE_NAME);
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java
index 1fa62efa25..019a08af78 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java
@@ -28,6 +28,7 @@ import org.onap.aai.domain.yang.GenericVnfs;
import org.onap.aai.domain.yang.Vserver;
import org.onap.so.client.aai.AAIObjectType;
import org.onap.so.client.aai.entities.uri.AAIUriFactory;
+import org.onap.so.client.graphinventory.entities.uri.Depth;
import org.onap.vnfmadapter.v1.model.Tenant;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,8 +59,8 @@ public class AaiServiceProviderImpl implements AaiServiceProvider {
@Override
public GenericVnfs invokeQueryGenericVnf(final String selfLink) {
return aaiClientProvider.getAaiClient()
- .get(GenericVnfs.class, AAIUriFactory.createResourceUri(AAIObjectType.GENERIC_VNFS)
- .queryParam("selflink", selfLink.replaceAll("https", "http")))
+ .get(GenericVnfs.class,
+ AAIUriFactory.createResourceUri(AAIObjectType.GENERIC_VNFS).queryParam("selflink", selfLink))
.orElseGet(() -> {
logger.debug("No vnf found in AAI with selflink: {}", selfLink);
return null;
@@ -78,7 +79,8 @@ public class AaiServiceProviderImpl implements AaiServiceProvider {
@Override
public EsrVnfm invokeGetVnfm(final String vnfmId) {
return aaiClientProvider.getAaiClient()
- .get(EsrVnfm.class, AAIUriFactory.createResourceUri(AAIObjectType.VNFM, vnfmId)).orElseGet(() -> {
+ .get(EsrVnfm.class, AAIUriFactory.createResourceUri(AAIObjectType.VNFM, vnfmId).depth(Depth.ONE))
+ .orElseGet(() -> {
logger.debug("VNFM not found in AAI");
return null;
});
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
index 2aee1c06e3..3342e0d054 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
@@ -22,16 +22,34 @@ package org.onap.so.adapters.vnfmadapter.extclients.vnfm;
import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE;
import com.google.gson.Gson;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
import java.util.Iterator;
+import java.util.ListIterator;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
import org.onap.so.adapters.vnfmadapter.extclients.vnfm.lcn.JSON;
import org.onap.so.configuration.rest.BasicHttpHeadersProvider;
import org.onap.so.configuration.rest.HttpHeadersProvider;
+import org.onap.so.logging.jaxrs.filter.SpringClientFilter;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.GsonHttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
@@ -43,6 +61,13 @@ import org.springframework.web.client.RestTemplate;
@Configuration
public class VnfmServiceProviderConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(VnfmServiceProviderConfiguration.class);
+
+ @Value("${http.client.ssl.trust-store}")
+ private Resource keyStore;
+ @Value("${http.client.ssl.trust-store-password}")
+ private String keyStorePassword;
+
@Bean(name = "vnfmServiceProvider")
public HttpRestServiceProvider httpRestServiceProvider(
@Qualifier(CONFIGURABLE_REST_TEMPLATE) @Autowired final RestTemplate restTemplate) {
@@ -52,6 +77,8 @@ public class VnfmServiceProviderConfiguration {
private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate,
final HttpHeadersProvider httpHeadersProvider) {
setGsonMessageConverter(restTemplate);
+ setTrustStore(restTemplate);
+ removeSpringClientFilter(restTemplate);
return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider);
}
@@ -66,4 +93,30 @@ public class VnfmServiceProviderConfiguration {
restTemplate.getMessageConverters().add(new GsonHttpMessageConverter(gson));
}
+ private void setTrustStore(final RestTemplate restTemplate) {
+ SSLContext sslContext;
+ try {
+ sslContext = new SSLContextBuilder().loadTrustMaterial(keyStore.getURL(), keyStorePassword.toCharArray())
+ .build();
+ logger.info("Setting truststore: {}", keyStore.getURL());
+ final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ final HttpComponentsClientHttpRequestFactory factory =
+ new HttpComponentsClientHttpRequestFactory(httpClient);
+ restTemplate.setRequestFactory(factory);
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+ | IOException exception) {
+ logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception);
+ }
+ }
+
+ private void removeSpringClientFilter(final RestTemplate restTemplate) {
+ ListIterator<ClientHttpRequestInterceptor> interceptorIterator = restTemplate.getInterceptors().listIterator();
+ while (interceptorIterator.hasNext()) {
+ if (interceptorIterator.next() instanceof SpringClientFilter) {
+ interceptorIterator.remove();
+ }
+ }
+ }
+
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java
index 0b5b09ae39..c470008d08 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java
@@ -54,7 +54,7 @@ public class VnfmServiceProviderImpl implements VnfmServiceProvider {
@Override
public Optional<InlineResponse201> getVnf(final String vnfSelfLink) {
- return httpServiceProvider.get(vnfSelfLink.replaceAll("https", "http"), InlineResponse201.class);
+ return httpServiceProvider.get(vnfSelfLink, InlineResponse201.class);
}
@Override
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java
index a4f7d3206d..fa2fa30b4a 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java
@@ -114,7 +114,7 @@ public class LifecycleManager {
private String getSelfLink(final InlineResponse201 vnfmResponse, final EsrVnfm vnfm) {
if (vnfmResponse.getLinks() != null && vnfmResponse.getLinks().getSelf() != null
&& vnfmResponse.getLinks().getSelf().getHref() != null) {
- return vnfmResponse.getLinks().getSelf().getHref().replaceAll("https", "http");
+ return vnfmResponse.getLinks().getSelf().getHref();
}
return vnfm.getEsrSystemInfoList().getEsrSystemInfo().iterator().next().getServiceUrl() + "/vnf_instances/"
+ vnfmResponse.getId();
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
index 951d4a3bb9..0bd63dffa9 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
@@ -23,6 +23,12 @@ spring:
http:
converters:
preferred-json-mapper: gson
+
+http:
+ client:
+ ssl:
+ trust-store: classpath:org.onap.so.trust.jks
+ trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
server:
port: 9092
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jks b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jks
new file mode 100644
index 0000000000..1f0d8a550a
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jks
Binary files differ
diff --git a/vnfm-simulator/vnfm-service/pom.xml b/vnfm-simulator/vnfm-service/pom.xml
index c09c5f070a..7beccb6561 100644
--- a/vnfm-simulator/vnfm-service/pom.xml
+++ b/vnfm-simulator/vnfm-service/pom.xml
@@ -144,5 +144,23 @@
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
+ <resources>
+ <resource>
+ <directory>src/main/resources</directory>
+ <filtering>true</filtering>
+ <excludes>
+ <exclude>**/*.p12</exclude>
+ <exclude>**/*.jks</exclude>
+ </excludes>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ <filtering>false</filtering>
+ <includes>
+ <include>**/*.p12</include>
+ <include>**/*.jks</include>
+ </includes>
+ </resource>
+ </resources>
</build>
</project>
diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java
index 91b79754a5..32c05ebca8 100644
--- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java
+++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/config/ApplicationConfig.java
@@ -4,6 +4,7 @@ import java.net.InetAddress;
import java.util.Arrays;
import org.onap.svnfm.simulator.constants.Constant;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.ApplicationArguments;
import org.springframework.boot.ApplicationRunner;
import org.springframework.cache.Cache;
@@ -19,6 +20,9 @@ public class ApplicationConfig implements ApplicationRunner {
private static final String PORT = "local.server.port";
+ @Value("${server.dns.name:so-vnfm-simulator.onap}")
+ private String serverDnsName;
+
@Autowired
private Environment environment;
@@ -26,7 +30,7 @@ public class ApplicationConfig implements ApplicationRunner {
@Override
public void run(final ApplicationArguments args) throws Exception {
- baseUrl = "http://" + InetAddress.getLocalHost().getHostAddress() + ":" + environment.getProperty(PORT);
+ baseUrl = "https://" + serverDnsName + ":" + environment.getProperty(PORT);
}
public String getBaseUrl() {
@@ -35,8 +39,8 @@ public class ApplicationConfig implements ApplicationRunner {
@Bean
public CacheManager cacheManager() {
- Cache inlineResponse201 = new ConcurrentMapCache(Constant.IN_LINE_RESPONSE_201_CACHE);
- SimpleCacheManager manager = new SimpleCacheManager();
+ final Cache inlineResponse201 = new ConcurrentMapCache(Constant.IN_LINE_RESPONSE_201_CACHE);
+ final SimpleCacheManager manager = new SimpleCacheManager();
manager.setCaches(Arrays.asList(inlineResponse201));
return manager;
}
diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/controller/SvnfmController.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/controller/SvnfmController.java
index 9c3a02d4e6..d3ff66aed0 100644
--- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/controller/SvnfmController.java
+++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/controller/SvnfmController.java
@@ -168,6 +168,6 @@ public class SvnfmController {
final HttpHeaders headers = new HttpHeaders();
headers.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON);
- return new ResponseEntity<>(response, headers, HttpStatus.OK);
+ return new ResponseEntity<>(response, headers, HttpStatus.CREATED);
}
}
diff --git a/vnfm-simulator/vnfm-service/src/main/resources/application.yaml b/vnfm-simulator/vnfm-service/src/main/resources/application.yaml
index 2ef302ce25..ea8105d891 100644
--- a/vnfm-simulator/vnfm-service/src/main/resources/application.yaml
+++ b/vnfm-simulator/vnfm-service/src/main/resources/application.yaml
@@ -34,6 +34,11 @@ server:
port: 9093
tomcat:
max-threads: 50
+ ssl:
+ key-alias: so@so.onap.org
+ key--store-password: '7Em3&j4.19xYiMelhD5?xbQ.'
+ key-store: classpath:so-vnfm-simulator.p12
+ key-store-type: PKCS12
vnfds:
vnfdlist:
@@ -56,4 +61,4 @@ vnfds:
- vnfcid: VNFC4
resourceTemplateId: vnfd2_vnfc4
vduId: vnfd2_vduForVnfc4
- type: COMPUTE \ No newline at end of file
+ type: COMPUTE
diff --git a/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-simulator.p12 b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-simulator.p12
new file mode 100644
index 0000000000..7ac02855bc
--- /dev/null
+++ b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-simulator.p12
Binary files differ