diff options
author | Steve Smokowski <ss835w@att.com> | 2019-07-29 14:11:55 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-29 14:11:55 +0000 |
commit | 5bc663e5831a87b897d43f0f7fb7ec8bce88e633 (patch) | |
tree | fa3d5c4fec50241c1dd431601f7f0567bdb78461 | |
parent | ab18c3ca22cff9e2bba5bddda0a50987541cf173 (diff) | |
parent | c6c0077ac3db6190d1f364360de5af17e9fcd08b (diff) |
Merge "Implement TLS for calls into VNFM adapter"
-rw-r--r-- | adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java | 8 | ||||
-rw-r--r-- | adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml | 7 | ||||
-rw-r--r-- | adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 | bin | 0 -> 4079 bytes | |||
-rw-r--r-- | adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml (renamed from adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml) | 14 | ||||
-rw-r--r-- | bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java | 2 | ||||
-rw-r--r-- | vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java | 19 | ||||
-rw-r--r-- | vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem | 30 |
7 files changed, 75 insertions, 5 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java index 3342e0d054..ab631837db 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java @@ -63,9 +63,9 @@ public class VnfmServiceProviderConfiguration { private static final Logger logger = LoggerFactory.getLogger(VnfmServiceProviderConfiguration.class); - @Value("${http.client.ssl.trust-store}") + @Value("${http.client.ssl.trust-store:#{null}}") private Resource keyStore; - @Value("${http.client.ssl.trust-store-password}") + @Value("${http.client.ssl.trust-store-password:#{null}}") private String keyStorePassword; @Bean(name = "vnfmServiceProvider") @@ -77,7 +77,9 @@ public class VnfmServiceProviderConfiguration { private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate, final HttpHeadersProvider httpHeadersProvider) { setGsonMessageConverter(restTemplate); - setTrustStore(restTemplate); + if (keyStore != null) { + setTrustStore(restTemplate); + } removeSpringClientFilter(restTemplate); return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider); } diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml index 0bd63dffa9..4434d2edd9 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml @@ -34,6 +34,11 @@ server: port: 9092 tomcat: max-threads: 50 + ssl: + key-alias: so@so.onap.org + key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' + key-store: classpath:so-vnfm-adapter.p12 + key-store-type: PKCS12 mso: key: 07a7159d3bf51a0e53be7a8f89699be7 @@ -50,7 +55,7 @@ sdc: endpoint: http://sdc.onap/1234A vnfmadapter: - endpoint: http://so-vnfm-adapter.onap:9092 + endpoint: https://so-vnfm-adapter.onap:9092 #Actuator management: diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 Binary files differnew file mode 100644 index 0000000000..ae4fddc684 --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml index 3afc542a1b..8cf8b51b9f 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml @@ -38,3 +38,17 @@ sdc: vnfmadapter: endpoint: https://so-vnfm-adapter.onap:30406 + +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java index 4cf5131747..c112d200e3 100644 --- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java +++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/adapter/vnfm/tasks/Constants.java @@ -45,7 +45,7 @@ public class Constants { public static final String UNDERSCORE = "_"; public static final String SPACE = "\\s+"; - public static final String VNFM_ADAPTER_DEFAULT_URL = "http://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/"; + public static final String VNFM_ADAPTER_DEFAULT_URL = "https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/"; public static final String VNFM_ADAPTER_DEFAULT_AUTH = "Basic dm5mbTpwYXNzd29yZDEk"; public static final String FORWARD_SLASH = "/"; diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java index 218cc2de03..83f079c376 100644 --- a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/services/OperationProgressor.java @@ -1,5 +1,7 @@ package org.onap.svnfm.simulator.services; +import java.io.IOException; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; @@ -34,10 +36,13 @@ import org.onap.svnfm.simulator.model.Vnfds; import org.onap.svnfm.simulator.repository.VnfOperationRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.core.io.ClassPathResource; public abstract class OperationProgressor implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(OperationProgressor.class); + private static final String CERTIFICATE_TO_TRUST = "so-vnfm-adapter.crt.pem"; + protected final VnfOperation operation; protected final SvnfmService svnfmService; private final VnfOperationRepository vnfOperationRepository; @@ -61,14 +66,25 @@ public abstract class OperationProgressor implements Runnable { String callBackUrl = subscriptionService.getSubscriptions().iterator().next().getCallbackUri(); callBackUrl = callBackUrl.substring(0, callBackUrl.indexOf("/lcn/")); apiClient.setBasePath(callBackUrl); + apiClient.setSslCaCert(getCertificateToTrust()); notificationClient = new DefaultApi(apiClient); final org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient grantApiClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.ApiClient(); grantApiClient.setBasePath(callBackUrl); + grantApiClient.setSslCaCert(getCertificateToTrust()); grantClient = new org.onap.so.adapters.vnfmadapter.extclients.vnfm.grant.api.DefaultApi(grantApiClient); } + private InputStream getCertificateToTrust() { + try { + return new ClassPathResource(CERTIFICATE_TO_TRUST).getInputStream(); + } catch (final IOException exception) { + LOGGER.error("Error reading certificate to trust, https calls to VNFM adapter will fail", exception); + return null; + } + } + @Override public void run() { try { @@ -176,6 +192,9 @@ public abstract class OperationProgressor implements Runnable { MediaType.APPLICATION_JSON, authHeader); } catch (final ApiException exception) { LOGGER.error("Error sending notification: " + notification, exception); + LOGGER.error("Response code: {}, body: {}, basePath: {}", exception.getCode(), exception.getResponseBody(), + notificationClient.getApiClient().getBasePath()); + } } diff --git a/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem new file mode 100644 index 0000000000..3c899e3bf5 --- /dev/null +++ b/vnfm-simulator/vnfm-service/src/main/resources/so-vnfm-adapter.crt.pem @@ -0,0 +1,30 @@ +Bag Attributes + friendlyName: so@so.onap.org + localKeyID: 54 69 6D 65 20 31 35 36 33 34 36 33 36 32 39 35 38 33 +subject=/CN=so-vnfm-adapter/emailAddress=/OU=so@so.onap.org/OU=OSAAF/O=ONAP/C=US +issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9 +-----BEGIN CERTIFICATE----- +MIIEITCCAwmgAwIBAgIILuAnLLineoYwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTE5MDcxODE1MjcwOVoXDTIwMDcxODE1MjcwOVow +cDEYMBYGA1UEAwwPc28tdm5mbS1hZGFwdGVyMQ8wDQYJKoZIhvcNAQkBFgAxFzAV +BgNVBAsMDnNvQHNvLm9uYXAub3JnMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwE +T05BUDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCu2NbWjFiZ5Tz5P7daCD6mqJqSWV3f+gkM2VC/UYM/43hd/2ILJbbtsv4uzS/P +GXl3UIKBjb7zRiDCvLNMFsHCZ9/gIonG1z737S42LCrdVKq/KQ59yIOPrxYmLyiQ +Xy81ChX77b2KvKPPeF+K/wnh5fLwlcJ18geeCoWGaMK0C/i6J/uUb9z+Ef0Nmtau +NdXAuUnERCKMra+3kFxZwaRC/gSCy+/s6EQdeaGNiijg03AmrUx9XjrJjHbYMDVo +OKSxtv0E4fxbfmTpHaKCuN4eg+0nEXw/eiIEuSHJuh3KKv7wRoP/hG/Tdog7x60M +SD+hdNjCbFP6yAyMPfoxVnjHAgMBAAGjgecwgeQwCQYDVR0TBAIwADAOBgNVHQ8B +Af8EBAMCBeAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1Ud +IwRNMEuAFIH3mVsQuciM3vNSXupOaaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVOCAQcwHQYDVR0OBBYEFFLrO3T4 +QybeDQ28mHgC/xT5f03qMDAGA1UdEQQpMCeCD3NvLXZuZm0tYWRhcHRlcoIUc28t +dm5mbS1hZGFwdGVyLm9uYXAwDQYJKoZIhvcNAQELBQADggEBACe+JaVIjTku/QNp +XoQCNN+sllSZmEHTLmYfpSzY5BY2AeJsgTYqFtAhtp6uQf8Jr993CyEyeJ4if2Z9 +J5NWoJKmY1+a63UphB1mg4sNSCuDxvbxPjtrFkOx/DiB1XEUdoifS9IQSDIIuhaD +YP6sih1TBOh/2ityCe51Mu1J9/wgb24rlYouVtEyQeIai4dqngFHeQHeNXOnGN0z +osEcKSYa0C+ZOAomBMT58C2aDz9vyI8YPuzwVSDKndmXUgvrkkVnxk3qJRtghDQc +RV+4SeZg8s4+5DxKL4AL15IAaAPMJHi+MRtfm7qNzqCEl5sAEzO7S4oVHeWLNFV8 +a9PHErg= +-----END CERTIFICATE----- |