aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve Smokowski <ss835w@att.com>2019-07-29 14:11:55 +0000
committerGerrit Code Review <gerrit@onap.org>2019-07-29 14:11:55 +0000
commit5bc663e5831a87b897d43f0f7fb7ec8bce88e633 (patch)
treefa3d5c4fec50241c1dd431601f7f0567bdb78461
parentab18c3ca22cff9e2bba5bddda0a50987541cf173 (diff)
parentc6c0077ac3db6190d1f364360de5af17e9fcd08b (diff)
Merge "Implement TLS for calls into VNFM adapter"
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java8
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml7
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12bin0 -> 4079 bytes
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml (renamed from adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml)14
-rw-r--r--bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java2
-rw-r--r--vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java19
-rw-r--r--vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem30
7 files changed, 75 insertions, 5 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
index 3342e0d054..ab631837db 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
@@ -63,9 +63,9 @@ public class VnfmServiceProviderConfiguration {
private static final Logger logger = LoggerFactory.getLogger(VnfmServiceProviderConfiguration.class);
- @Value("${http.client.ssl.trust-store}")
+ @Value("${http.client.ssl.trust-store:#{null}}")
private Resource keyStore;
- @Value("${http.client.ssl.trust-store-password}")
+ @Value("${http.client.ssl.trust-store-password:#{null}}")
private String keyStorePassword;
@Bean(name = "vnfmServiceProvider")
@@ -77,7 +77,9 @@ public class VnfmServiceProviderConfiguration {
private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate,
final HttpHeadersProvider httpHeadersProvider) {
setGsonMessageConverter(restTemplate);
- setTrustStore(restTemplate);
+ if (keyStore != null) {
+ setTrustStore(restTemplate);
+ }
removeSpringClientFilter(restTemplate);
return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider);
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
index 0bd63dffa9..4434d2edd9 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
@@ -34,6 +34,11 @@ server:
port: 9092
tomcat:
max-threads: 50
+ ssl:
+ key-alias: so@so.onap.org
+ key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
+ key-store: classpath:so-vnfm-adapter.p12
+ key-store-type: PKCS12
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
@@ -50,7 +55,7 @@ sdc:
endpoint: http://sdc.onap/1234A
vnfmadapter:
- endpoint: http://so-vnfm-adapter.onap:9092
+ endpoint: https://so-vnfm-adapter.onap:9092
#Actuator
management:
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12
new file mode 100644
index 0000000000..ae4fddc684
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12
Binary files differ
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
index 3afc542a1b..8cf8b51b9f 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
@@ -38,3 +38,17 @@ sdc:
vnfmadapter:
endpoint: https://so-vnfm-adapter.onap:30406
+
+#Actuator
+management:
+ endpoints:
+ web:
+ base-path: /manage
+ exposure:
+ include: "*"
+ metrics:
+ se-global-registry: false
+ export:
+ prometheus:
+ enabled: true # Whether exporting of metrics to Prometheus is enabled.
+ step: 1m # Step size (i.e. reporting frequency) to use.
diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java
index 4cf5131747..c112d200e3 100644
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java
@@ -45,7 +45,7 @@ public class Constants {
public static final String UNDERSCORE = "_";
public static final String SPACE = "\\s+";
- public static final String VNFM_ADAPTER_DEFAULT_URL = "http://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/";
+ public static final String VNFM_ADAPTER_DEFAULT_URL = "https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/";
public static final String VNFM_ADAPTER_DEFAULT_AUTH = "Basic dm5mbTpwYXNzd29yZDEk";
public static final String FORWARD_SLASH = "/";
diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
index 218cc2de03..83f079c376 100644
--- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
+++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java
@@ -1,5 +1,7 @@
package org.onap.svnfm.simulator.services;
+import java.io.IOException;
+import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
@@ -34,10 +36,13 @@ import org.onap.svnfm.simulator.model.Vnfds;
import org.onap.svnfm.simulator.repository.VnfOperationRepository;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.core.io.ClassPathResource;
public abstract class OperationProgressor implements Runnable {
private static final Logger LOGGER = LoggerFactory.getLogger(OperationProgressor.class);
+ private static final String CERTIFICATE_TO_TRUST = "so-vnfm-adapter.crt.pem";
+
protected final VnfOperation operation;
protected final SvnfmService svnfmService;
private final VnfOperationRepository vnfOperationRepository;
@@ -61,14 +66,25 @@ public abstract class OperationProgressor implements Runnable {
String callBackUrl = subscriptionService.getSubscriptions().iterator().next().getCallbackUri();
callBackUrl = callBackUrl.substring(0, callBackUrl.indexOf("/lcn/"));
apiClient.setBasePath(callBackUrl);
+ apiClient.setSslCaCert(getCertificateToTrust());
notificationClient = new DefaultApi(apiClient);
final org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient grantApiClient =
new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient();
grantApiClient.setBasePath(callBackUrl);
+ grantApiClient.setSslCaCert(getCertificateToTrust());
grantClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.api.DefaultApi(grantApiClient);
}
+ private InputStream getCertificateToTrust() {
+ try {
+ return new ClassPathResource(CERTIFICATE_TO_TRUST).getInputStream();
+ } catch (final IOException exception) {
+ LOGGER.error("Error reading certificate to trust, https calls to VNFM adapter will fail", exception);
+ return null;
+ }
+ }
+
@Override
public void run() {
try {
@@ -176,6 +192,9 @@ public abstract class OperationProgressor implements Runnable {
MediaType.APPLICATION_JSON, authHeader);
} catch (final ApiException exception) {
LOGGER.error("Error sending notification: " + notification, exception);
+ LOGGER.error("Response code: {}, body: {}, basePath: {}", exception.getCode(), exception.getResponseBody(),
+ notificationClient.getApiClient().getBasePath());
+
}
}
diff --git a/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem
new file mode 100644
index 0000000000..3c899e3bf5
--- /dev/null
+++ b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem
@@ -0,0 +1,30 @@
+Bag Attributes
+ friendlyName: so@so.onap.org
+ localKeyID: 54 69 6D 65 20 31 35 36 33 34 36 33 36 32 39 35 38 33
+subject=/CN=so-vnfm-adapter/emailAddress=/OU=so@so.onap.org/OU=OSAAF/O=ONAP/C=US
+issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9
+-----BEGIN CERTIFICATE-----
+MIIEITCCAwmgAwIBAgIILuAnLLineoYwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
+bnRlcm1lZGlhdGVDQV85MB4XDTE5MDcxODE1MjcwOVoXDTIwMDcxODE1MjcwOVow
+cDEYMBYGA1UEAwwPc28tdm5mbS1hZGFwdGVyMQ8wDQYJKoZIhvcNAQkBFgAxFzAV
+BgNVBAsMDnNvQHNvLm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwE
+T05BUDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCu2NbWjFiZ5Tz5P7daCD6mqJqSWV3f+gkM2VC/UYM/43hd/2ILJbbtsv4uzS/P
+GXl3UIKBjb7zRiDCvLNMFsHCZ9/gIonG1z737S42LCrdVKq/KQ59yIOPrxYmLyiQ
+Xy81ChX77b2KvKPPeF+K/wnh5fLwlcJ18geeCoWGaMK0C/i6J/uUb9z+Ef0Nmtau
+NdXAuUnERCKMra+3kFxZwaRC/gSCy+/s6EQdeaGNiijg03AmrUx9XjrJjHbYMDVo
+OKSxtv0E4fxbfmTpHaKCuN4eg+0nEXw/eiIEuSHJuh3KKv7wRoP/hG/Tdog7x60M
+SD+hdNjCbFP6yAyMPfoxVnjHAgMBAAGjgecwgeQwCQYDVR0TBAIwADAOBgNVHQ8B
+Af8EBAMCBeAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1Ud
+IwRNMEuAFIH3mVsQuciM3vNSXupOaaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FB
+RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVOCAQcwHQYDVR0OBBYEFFLrO3T4
+QybeDQ28mHgC/xT5f03qMDAGA1UdEQQpMCeCD3NvLXZuZm0tYWRhcHRlcoIUc28t
+dm5mbS1hZGFwdGVyLm9uYXAwDQYJKoZIhvcNAQELBQADggEBACe+JaVIjTku/QNp
+XoQCNN+sllSZmEHTLmYfpSzY5BY2AeJsgTYqFtAhtp6uQf8Jr993CyEyeJ4if2Z9
+J5NWoJKmY1+a63UphB1mg4sNSCuDxvbxPjtrFkOx/DiB1XEUdoifS9IQSDIIuhaD
+YP6sih1TBOh/2ityCe51Mu1J9/wgb24rlYouVtEyQeIai4dqngFHeQHeNXOnGN0z
+osEcKSYa0C+ZOAomBMT58C2aDz9vyI8YPuzwVSDKndmXUgvrkkVnxk3qJRtghDQc
+RV+4SeZg8s4+5DxKL4AL15IAaAPMJHi+MRtfm7qNzqCEl5sAEzO7S4oVHeWLNFV8
+a9PHErg=
+-----END CERTIFICATE-----