summaryrefslogtreecommitdiffstats
path: root/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src
diff options
context:
space:
mode:
Diffstat (limited to 'adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src')
-rw-r--r--adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/CommonConstants.java47
-rw-r--r--adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/VnfmAdapterUrlProvider.java105
-rw-r--r--adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/configuration/MessageConverterConfiguration.java49
-rw-r--r--adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/AuthorizationServerConfig.java55
-rw-r--r--adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2AccessTokenAdapter.java51
-rw-r--r--adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2ResourceServer.java53
6 files changed, 360 insertions, 0 deletions
diff --git a/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/CommonConstants.java b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/CommonConstants.java
new file mode 100644
index 0000000000..963bd512da
--- /dev/null
+++ b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/CommonConstants.java
@@ -0,0 +1,47 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter.common;
+
+/**
+ * VNFM Adapter Common constants
+ *
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ * @author Gareth Roper (gareth.roper@est.tech)
+ */
+public class CommonConstants {
+
+ public static final String SERVICE_NAME = "vnfm-adapter";
+ public static final String SERVICE_VERSION = "v1";
+ public static final String BASE_URL = "/so/" + SERVICE_NAME + "/" + SERVICE_VERSION;
+
+ public static final String PACKAGE_MANAGEMENT_BASE_URL = BASE_URL + "/vnfpkgm/v1";
+
+ public static final String ETSI_CATALOG_MANAGER_BASE_ENDPOINT = "/etsicatalogmanager";
+ public static final String ETSI_SUBSCRIPTION_NOTIFICATION_ENDPOINT = "/notification";
+ public static final String ETSI_SUBSCRIPTION_NOTIFICATION_CONTROLLER_BASE_URL =
+ BASE_URL + ETSI_CATALOG_MANAGER_BASE_ENDPOINT;
+ public static final String ETSI_SUBSCRIPTION_NOTIFICATION_BASE_URL =
+ ETSI_SUBSCRIPTION_NOTIFICATION_CONTROLLER_BASE_URL + ETSI_SUBSCRIPTION_NOTIFICATION_ENDPOINT;
+
+ public static final String OPERATION_NOTIFICATION_ENDPOINT = "/lcn/VnfLcmOperationOccurrenceNotification";
+
+ private CommonConstants() {}
+}
diff --git a/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/VnfmAdapterUrlProvider.java b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/VnfmAdapterUrlProvider.java
new file mode 100644
index 0000000000..99611ad3db
--- /dev/null
+++ b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/VnfmAdapterUrlProvider.java
@@ -0,0 +1,105 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 Ericsson. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.adapters.vnfmadapter.common;
+
+import static org.onap.so.adapters.vnfmadapter.common.CommonConstants.BASE_URL;
+import static org.onap.so.adapters.vnfmadapter.common.CommonConstants.ETSI_SUBSCRIPTION_NOTIFICATION_BASE_URL;
+import static org.onap.so.adapters.vnfmadapter.common.CommonConstants.OPERATION_NOTIFICATION_ENDPOINT;
+import static org.onap.so.adapters.vnfmadapter.common.CommonConstants.PACKAGE_MANAGEMENT_BASE_URL;
+import static org.slf4j.LoggerFactory.getLogger;
+import java.net.URI;
+import java.security.GeneralSecurityException;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.onap.so.utils.CryptoUtils;
+import org.slf4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+
+
+/**
+ * Provides VNFM Adapter endpoint URLs
+ *
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@Configuration
+public class VnfmAdapterUrlProvider {
+
+ private static final Logger logger = getLogger(VnfmAdapterUrlProvider.class);
+ private static final String COLON = ":";
+ private static final int LIMIT = 2;
+
+ private final String vnfmAdapterEndpoint;
+ private final String msoKeyString;
+ private final String vnfmAdapterAuth;
+
+ @Autowired
+ public VnfmAdapterUrlProvider(@Value("${vnfmadapter.endpoint}") final String vnfmAdapterEndpoint,
+ @Value("${mso.key}") final String msoKeyString,
+ @Value("${vnfmadapter.auth:BF29BA36F0CFE1C05507781F6B97EFBCA7EFAC9F595954D465FC43F646883EF585C20A58CBB02528A6FAAC}") final String vnfmAdapterAuth) {
+ this.vnfmAdapterEndpoint = vnfmAdapterEndpoint;
+ this.msoKeyString = msoKeyString;
+ this.vnfmAdapterAuth = vnfmAdapterAuth;
+ }
+
+ public String getEtsiSubscriptionNotificationBaseUrl() {
+ return vnfmAdapterEndpoint + ETSI_SUBSCRIPTION_NOTIFICATION_BASE_URL;
+ }
+
+ public URI getSubscriptionUri(final String subscriptionId) {
+ return URI.create(getSubscriptionUriString(subscriptionId));
+ }
+
+ public ImmutablePair<String, String> getDecryptAuth() throws GeneralSecurityException {
+ final String decryptedAuth = CryptoUtils.decrypt(vnfmAdapterAuth, msoKeyString);
+ final String[] auth = decryptedAuth.split(COLON, LIMIT);
+ if (auth.length > 1) {
+ return ImmutablePair.of(auth[0], auth[1]);
+ }
+ logger.error("Unexpected auth value: {}", vnfmAdapterAuth);
+ return ImmutablePair.nullPair();
+ }
+
+ public String getSubscriptionUriString(final String subscriptionId) {
+ return vnfmAdapterEndpoint + PACKAGE_MANAGEMENT_BASE_URL + "/subscriptions/" + subscriptionId;
+ }
+
+ public String getVnfLcmOperationOccurrenceNotificationUrl() {
+ return vnfmAdapterEndpoint + BASE_URL + OPERATION_NOTIFICATION_ENDPOINT;
+ }
+
+ public String getVnfPackageUrl(final String vnfPkgId) {
+ return vnfmAdapterEndpoint + PACKAGE_MANAGEMENT_BASE_URL + "/vnf_packages/" + vnfPkgId;
+ }
+
+ public String getVnfPackageVnfdUrl(final String vnfPkgId) {
+ return getVnfPackageUrl(vnfPkgId) + "/vnfd";
+ }
+
+ public String getVnfPackageContentUrl(final String vnfPkgId) {
+ return getVnfPackageUrl(vnfPkgId) + "/package_content";
+ }
+
+ public String getOauthTokenUrl() {
+ return vnfmAdapterEndpoint + "/oauth/token";
+ }
+
+}
diff --git a/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/configuration/MessageConverterConfiguration.java b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/configuration/MessageConverterConfiguration.java
new file mode 100644
index 0000000000..6f3e0dafd5
--- /dev/null
+++ b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/common/configuration/MessageConverterConfiguration.java
@@ -0,0 +1,49 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.adapters.vnfmadapter.common.configuration;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import org.onap.so.adapters.vnfmadapter.oauth.OAuth2AccessTokenAdapter;
+import org.springframework.boot.autoconfigure.http.HttpMessageConverters;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.converter.json.GsonHttpMessageConverter;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+/**
+ * Configures message converter
+ */
+@Configuration
+public class MessageConverterConfiguration {
+
+ @Bean
+ public HttpMessageConverters customConverters() {
+ final Collection<HttpMessageConverter<?>> messageConverters = new ArrayList<>();
+ final Gson gson = new GsonBuilder()
+ .registerTypeHierarchyAdapter(OAuth2AccessToken.class, new OAuth2AccessTokenAdapter()).create();
+ final GsonHttpMessageConverter gsonHttpMessageConverter = new GsonHttpMessageConverter(gson);
+ messageConverters.add(gsonHttpMessageConverter);
+ return new HttpMessageConverters(true, messageConverters);
+ }
+}
diff --git a/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/AuthorizationServerConfig.java b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/AuthorizationServerConfig.java
new file mode 100644
index 0000000000..83534ff4bb
--- /dev/null
+++ b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/AuthorizationServerConfig.java
@@ -0,0 +1,55 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter.oauth;
+
+import org.onap.so.utils.CryptoUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+
+@Configuration
+@EnableAuthorizationServer
+/**
+ * Configures the authorization server for oauth token based authentication.
+ */
+public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
+
+ private static final int ONE_DAY = 60 * 60 * 24;
+
+ @Value("${vnfmadapter.auth:E39823AAB2739CC654C4E92B52C05BC34149342D0A46451B00CA508C8EDC62242CE4E9DA9445D3C01A3F13}")
+ private String vnfmAdapterAuth;
+
+ @Value("${mso.key}")
+ private String msoEncryptionKey;
+
+ @Override
+ public void configure(final ClientDetailsServiceConfigurer clients) throws Exception {
+ final String[] decrypedAuth = CryptoUtils.decrypt(vnfmAdapterAuth, msoEncryptionKey).split(":");
+ final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+ clients.inMemory().withClient(decrypedAuth[0]).secret(passwordEncoder.encode(decrypedAuth[1]))
+ .authorizedGrantTypes("client_credentials").scopes("write").accessTokenValiditySeconds(ONE_DAY)
+ .refreshTokenValiditySeconds(ONE_DAY);
+ }
+
+}
diff --git a/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2AccessTokenAdapter.java b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2AccessTokenAdapter.java
new file mode 100644
index 0000000000..2f51406e23
--- /dev/null
+++ b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2AccessTokenAdapter.java
@@ -0,0 +1,51 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter.oauth;
+
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonSerializationContext;
+import com.google.gson.JsonSerializer;
+import java.lang.reflect.Type;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+
+public class OAuth2AccessTokenAdapter implements JsonSerializer<OAuth2AccessToken> {
+
+ @Override
+ public JsonElement serialize(final OAuth2AccessToken src, final Type typeOfSrc,
+ final JsonSerializationContext context) {
+ final JsonObject obj = new JsonObject();
+ obj.addProperty(OAuth2AccessToken.ACCESS_TOKEN, src.getValue());
+ obj.addProperty(OAuth2AccessToken.TOKEN_TYPE, src.getTokenType());
+ if (src.getRefreshToken() != null) {
+ obj.addProperty(OAuth2AccessToken.REFRESH_TOKEN, src.getRefreshToken().getValue());
+ }
+ obj.addProperty(OAuth2AccessToken.EXPIRES_IN, src.getExpiresIn());
+ final JsonArray scopeObj = new JsonArray();
+ for (final String scope : src.getScope()) {
+ scopeObj.add(scope);
+ }
+ obj.add(OAuth2AccessToken.SCOPE, scopeObj);
+
+ return obj;
+ }
+}
diff --git a/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2ResourceServer.java b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2ResourceServer.java
new file mode 100644
index 0000000000..9c871db79c
--- /dev/null
+++ b/adapters/etsi-sol003-adapter/etsi-sol003-adapter-common/src/main/java/org/onap/so/adapters/vnfmadapter/oauth/OAuth2ResourceServer.java
@@ -0,0 +1,53 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter.oauth;
+
+import javax.servlet.http.HttpServletRequest;
+import org.onap.so.adapters.vnfmadapter.common.CommonConstants;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+@Configuration
+@EnableResourceServer
+/**
+ * Enforces oauth token based authentication when a token is provided in the request.
+ */
+public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter {
+
+ @Override
+ public void configure(final HttpSecurity http) throws Exception {
+ http.requestMatcher(new OAuth2ResourceServerRequestMatcher()).authorizeRequests()
+ .antMatchers(CommonConstants.BASE_URL + "/grants/**", CommonConstants.BASE_URL + "/lcn/**")
+ .authenticated();
+ }
+
+ private static class OAuth2ResourceServerRequestMatcher implements RequestMatcher {
+ @Override
+ public boolean matches(HttpServletRequest request) {
+ String auth = request.getHeader("Authorization");
+ String uri = request.getRequestURI();
+ return (auth != null && auth.startsWith("Bearer") && (uri.contains("/grants") || uri.contains("/lcn/")));
+ }
+ }
+}