diff options
Diffstat (limited to 'adapters')
12 files changed, 218 insertions, 74 deletions
diff --git a/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java b/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java index 469a7ad7e4..354c3d07f7 100644 --- a/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java +++ b/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java @@ -9,9 +9,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -67,35 +67,35 @@ public class R__CloudConfigMigration implements JdbcMigration, MigrationInfoProv public void migrate(Connection connection) throws Exception { logger.debug("Starting migration for CloudConfig"); - CloudConfig cloudConfig = null; + CloudConfig cloudConfiguration = null; // Try the override file String configLocation = System.getProperty("spring.config.additional-location"); if (configLocation != null) { try (InputStream stream = new FileInputStream(Paths.get(configLocation).normalize().toString())) { - cloudConfig = loadCloudConfig(stream); + cloudConfiguration = loadCloudConfig(stream); } catch (Exception e) { logger.warn("Error Loading override.yaml", e); } } - if (cloudConfig == null) { + if (cloudConfiguration == null) { logger.debug("No CloudConfig defined in {}", configLocation); // Try the application.yaml file try (InputStream stream = R__CloudConfigMigration.class.getResourceAsStream(getApplicationYamlName())) { - cloudConfig = loadCloudConfig(stream); + cloudConfiguration = loadCloudConfig(stream); } - if (cloudConfig == null) { + if (cloudConfiguration == null) { logger.debug("No CloudConfig defined in {}", getApplicationYamlName()); } } - if (cloudConfig != null) { - migrateCloudIdentity(cloudConfig.getIdentityServices().values(), connection); - migrateCloudSite(cloudConfig.getCloudSites().values(), connection); - migrateCloudifyManagers(cloudConfig.getCloudifyManagers().values(), connection); + if (cloudConfiguration != null) { + migrateCloudIdentity(cloudConfiguration.getIdentityServices().values(), connection); + migrateCloudSite(cloudConfiguration.getCloudSites().values(), connection); + migrateCloudifyManagers(cloudConfiguration.getCloudifyManagers().values(), connection); } } @@ -110,13 +110,13 @@ public class R__CloudConfigMigration implements JdbcMigration, MigrationInfoProv private CloudConfig loadCloudConfig(InputStream stream) throws IOException { ObjectMapper mapper = new ObjectMapper(new YAMLFactory()); R__CloudConfigMigration cloudConfigMigration = mapper.readValue(stream, R__CloudConfigMigration.class); - CloudConfig cloudConfig = cloudConfigMigration.getCloudConfig(); + CloudConfig cloudConfiguration = cloudConfigMigration.getCloudConfig(); - if (cloudConfig != null) { - cloudConfig.populateId(); + if (cloudConfiguration != null) { + cloudConfiguration.populateId(); } - return cloudConfig; + return cloudConfiguration; } private String getApplicationYamlName() { diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java index 999d27335b..6a42456715 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java @@ -40,6 +40,10 @@ public class AuditStackService { private static final Logger logger = LoggerFactory.getLogger(AuditStackService.class); + private static final String DEFAULT_AUDIT_LOCK_TIME = "60000"; + + private static final String DEFAULT_MAX_CLIENTS_FOR_TOPIC = "10"; + @Autowired public Environment env; @@ -53,41 +57,40 @@ public class AuditStackService { private AuditQueryStackService auditQueryStack; @PostConstruct - public void auditAddAAIInventory() throws Exception { + public void auditAddAAIInventory() { for (int i = 0; i < getMaxClients(); i++) { ExternalTaskClient client = createExternalTaskClient(); client.subscribe("InventoryAddAudit") - .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", "60000"))) + .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", DEFAULT_AUDIT_LOCK_TIME))) .handler(auditCreateStack::executeExternalTask).open(); } } @PostConstruct - public void auditDeleteAAIInventory() throws Exception { + public void auditDeleteAAIInventory() { for (int i = 0; i < getMaxClients(); i++) { ExternalTaskClient client = createExternalTaskClient(); client.subscribe("InventoryDeleteAudit") - .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", "60000"))) + .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", DEFAULT_AUDIT_LOCK_TIME))) .handler(auditDeleteStack::executeExternalTask).open(); } } @PostConstruct - public void auditQueryInventory() throws Exception { + public void auditQueryInventory() { for (int i = 0; i < getMaxClients(); i++) { ExternalTaskClient client = createExternalTaskClient(); client.subscribe("InventoryQueryAudit") - .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", "60000"))) + .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", DEFAULT_AUDIT_LOCK_TIME))) .handler(auditQueryStack::executeExternalTask).open(); } } - protected ExternalTaskClient createExternalTaskClient() throws Exception { + protected ExternalTaskClient createExternalTaskClient() { ClientRequestInterceptor interceptor = createClientRequestInterceptor(); - ExternalTaskClient client = ExternalTaskClient.create() - .baseUrl(env.getRequiredProperty("mso.workflow.endpoint")).maxTasks(1).addInterceptor(interceptor) - .asyncResponseTimeout(120000).backoffStrategy(new ExponentialBackoffStrategy(0, 0, 0)).build(); - return client; + return ExternalTaskClient.create().baseUrl(env.getRequiredProperty("mso.workflow.endpoint")).maxTasks(1) + .addInterceptor(interceptor).asyncResponseTimeout(120000) + .backoffStrategy(new ExponentialBackoffStrategy(0, 0, 0)).build(); } protected ClientRequestInterceptor createClientRequestInterceptor() { @@ -97,13 +100,11 @@ public class AuditStackService { } catch (IllegalStateException | GeneralSecurityException e) { logger.error("Error Decrypting Password", e); } - ClientRequestInterceptor interceptor = - new BasicAuthProvider(env.getRequiredProperty("mso.config.cadi.aafId"), auth); - return interceptor; + return new BasicAuthProvider(env.getRequiredProperty("mso.config.cadi.aafId"), auth); } protected int getMaxClients() { - return Integer.parseInt(env.getProperty("workflow.topics.maxClients", "10")); + return Integer.parseInt(env.getProperty("workflow.topics.maxClients", DEFAULT_MAX_CLIENTS_FOR_TOPIC)); } diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java index a9af3683f5..e95e9a3a83 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java @@ -11,9 +11,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -370,8 +370,8 @@ public class MsoNetworkAdapterAsyncImpl implements MsoNetworkAdapterAsync { NetworkAdapterNotify notifyPort = getNotifyEP(notificationUrl); notifyPort.deleteNetworkNotification(messageId, false, exCat, eMsg, null); } catch (Exception e1) { - logger.error("{} {} Error sending createNetwork notification {} ", - MessageEnum.RA_CREATE_NETWORK_NOTIF_EXC, ErrorCode.DataError.getValue(), e1.getMessage(), e1); + logger.error(CREATE_NETWORK_ERROR_LOGMSG, MessageEnum.RA_CREATE_NETWORK_NOTIF_EXC, + ErrorCode.DataError.getValue(), e1.getMessage(), e1); } return; diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java index c934291246..4c115271f0 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java @@ -90,6 +90,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { private static final String NETWORK_FQDN = "network_fqdn"; private static final String CREATE_NETWORK_CONTEXT = "CreateNetwork"; private static final String NEUTRON_MODE = "NEUTRON"; + private static final String CLOUD_OWNER = "CloudOwner"; private static final Logger logger = LoggerFactory.getLogger(MsoNetworkAdapterImpl.class); @@ -310,7 +311,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { StackInfo heatStack = null; long queryNetworkStarttime = System.currentTimeMillis(); try { - heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkName); + heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkName); } catch (MsoException me) { me.addContext(CREATE_NETWORK_CONTEXT); logger.error("{} {} Create Network (heat): query network {} in {}/{}: ", @@ -424,7 +425,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { try { if (backout == null) backout = true; - heatStack = heat.createStack(cloudSiteId, "CloudOwner", tenantId, networkName, null, template, + heatStack = heat.createStack(cloudSiteId, CLOUD_OWNER, tenantId, networkName, null, template, stackParams, true, heatTemplate.getTimeoutMinutes(), null, null, null, backout.booleanValue()); } catch (MsoException me) { me.addContext(CREATE_NETWORK_CONTEXT); @@ -607,7 +608,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { StackInfo heatStack = null; long queryStackStarttime = System.currentTimeMillis(); try { - heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkName); + heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkName); } catch (MsoException me) { me.addContext(UPDATE_NETWORK_CONTEXT); logger.error("{} {} Exception - QueryStack query {} in {}/{} ", MessageEnum.RA_QUERY_NETWORK_EXC, @@ -727,7 +728,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { // Ignore MsoStackNotFound exception because we already checked. long updateStackStarttime = System.currentTimeMillis(); try { - heatStack = heatWithUpdate.updateStack(cloudSiteId, "CloudOwner", tenantId, networkId, template, + heatStack = heatWithUpdate.updateStack(cloudSiteId, CLOUD_OWNER, tenantId, networkId, template, stackParams, true, heatTemplate.getTimeoutMinutes()); } catch (MsoException me) { me.addContext(UPDATE_NETWORK_CONTEXT); @@ -919,7 +920,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { StackInfo heatStack = null; long queryStackStarttime = System.currentTimeMillis(); try { - heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkNameOrId); + heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkNameOrId); } catch (MsoException me) { me.addContext("QueryNetwork"); logger.error("{} {} Exception - Query Network (heat): {} in {}/{} ", MessageEnum.RA_QUERY_NETWORK_EXC, @@ -1072,9 +1073,9 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { // was deleted. // So query first to report back if stack WAS deleted or just NOTOFUND StackInfo heatStack = null; - heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkId); + heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkId); if (heatStack != null && heatStack.getStatus() != HeatStatus.NOTFOUND) { - heat.deleteStack(tenantId, "CloudOwner", cloudSiteId, networkId, true); + heat.deleteStack(tenantId, CLOUD_OWNER, cloudSiteId, networkId, true); networkDeleted.value = true; } else { networkDeleted.value = false; @@ -1157,7 +1158,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter { try { // The deleteStack function in MsoHeatUtils returns success if the stack // was not found. So don't bother to query first. - heat.deleteStack(tenantId, "CloudOwner", cloudSiteId, networkId, true); + heat.deleteStack(tenantId, CLOUD_OWNER, cloudSiteId, networkId, true); } catch (MsoException me) { me.addContext("RollbackNetwork"); logger.error("{} {} Exception - Rollback Network (heat): {} in {}/{} ", diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java index df2c3a2973..4eb5d5637f 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java @@ -90,6 +90,7 @@ public class NetworkAdapterRest { private static final String TESTING_KEYWORD = "___TESTING___"; private String exceptionMsg = "Exception:"; private static final String SHARED = "shared"; + private static final String EXTERNAL = "external"; @Autowired private MsoNetworkAdapterImpl adapter; @@ -207,8 +208,8 @@ public class NetworkAdapterRest { shared = ctn.getShared(); } } - if (params.containsKey("external")) { - external = params.get("external"); + if (params.containsKey(EXTERNAL)) { + external = params.get(EXTERNAL); } else { if (ctn.getExternal() != null) { external = ctn.getExternal(); @@ -228,8 +229,8 @@ public class NetworkAdapterRest { } if (params.containsKey(SHARED)) shared = params.get(SHARED); - if (params.containsKey("external")) - external = params.get("external"); + if (params.containsKey(EXTERNAL)) + external = params.get(EXTERNAL); adapter.createNetwork(req.getCloudSiteId(), req.getTenantId(), req.getNetworkType(), req.getModelCustomizationUuid(), req.getNetworkName(), req.getProviderVlanNetwork().getPhysicalNetworkName(), @@ -603,8 +604,8 @@ public class NetworkAdapterRest { shared = ctn.getShared(); } } - if (params.containsKey("external")) { - external = params.get("external"); + if (params.containsKey(EXTERNAL)) { + external = params.get(EXTERNAL); } else { if (ctn.getExternal() != null) { external = ctn.getExternal(); @@ -624,8 +625,8 @@ public class NetworkAdapterRest { if (params.containsKey(SHARED)) { shared = params.get(SHARED); } - if (params.containsKey("external")) { - external = params.get("external"); + if (params.containsKey(EXTERNAL)) { + external = params.get(EXTERNAL); } adapter.updateNetwork(req.getCloudSiteId(), req.getTenantId(), req.getNetworkType(), req.getModelCustomizationUuid(), req.getNetworkStackId(), req.getNetworkName(), diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java index 96e5db7ce7..f09fa34cb9 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java @@ -854,7 +854,7 @@ public class MsoVnfCloudifyAdapterImpl implements MsoVnfAdapter { // Include aliases. String alias = htp.getParamAlias(); - if (alias != null && !alias.equals("") && !params.containsKey(alias)) { + if (alias != null && !"".equals(alias) && !params.containsKey(alias)) { params.put(alias, htp); } } diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java index d5fe285274..41bcc8c481 100644 --- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java +++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java @@ -323,7 +323,7 @@ public class MsoVnfPluginAdapterImpl implements MsoVnfAdapter { String type = templateParam.getParamType(); logger.debug("Parameter: {} is of type ", templateParam.getParamName(), type); - if (type.equalsIgnoreCase("number")) { + if ("number".equalsIgnoreCase(type)) { try { return Integer.valueOf(inputValue.toString()); } catch (Exception e) { diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt new file mode 100644 index 0000000000..66876311db --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt @@ -0,0 +1,128 @@ +The following describes how to configure authentication for the VNFM adapter.
+
+
+==========================================
+To confgure TLS
+==========================================
+
+---------------
+VNFM Adapter
+---------------
+The following parameters can be set to configure the certificate for the VNFM adapter
+server:
+ ssl:
+ key-alias: so@so.onap.org
+ key--store-password: 'I,re7WWEJR$e]x370wRgx?qE'
+ key-store: classpath:org.onap.so.p12
+ key-store-type: PKCS12
+The values shown above relate to the certificate included in the VNFM adapter jar which has been generated from AAF. If a different certificate is to be used then these values should be changed accordingly.
+
+The following paramters can be set to configure the trust store for the VNFM adapter:
+http:
+ client:
+ ssl:
+ trust-store: org.onap.so.trust.jks
+ trust-store-password: NyRD](z:EJJNIt?},QgM3o7H
+The values shown above relate to the trust store included in the VNFM adapter jar which has been generated from AAI. If a different trust store is to be used then these values should be changed accordingly.
+
+Ensure the value for the below parameter uses https instead of http
+vnfmadapter:
+ endpoint: http://so-vnfm-adapter.onap:9092
+
+---------------
+bpmn-infra
+---------------
+For bpmn-infra, ensure the value for the below parameter uses https instead of http
+so:
+ vnfm:
+ adapter:
+ url: https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/
+
+
+==========================================
+To use two way TLS
+==========================================
+
+Ensure the value for username and password are empty in the AAI entry for the VNFM (The VNFM adapter will use oauth instead of two way TLS if the username/password is set).
+Ensure TLS has been configuered as detailed above.
+
+---------------
+VNFM adapter
+---------------
+Set the following parameter for the VNFM adapter:
+server:
+ ssl:
+ client-auth: need
+
+---------------
+bpmn-infra:
+---------------
+Set the following paramters for bpmn-infra:
+rest:
+ http:
+ client:
+ configuration:
+ ssl:
+ keyStore: classpath:org.onap.so.p12
+ keyStorePassword: 'RLe5ExMWW;Kd6GTSt0WQz;.Y'
+ trustStore: classpath:org.onap.so.trust.jks
+ trustStorePassword: '6V%8oSU$,%WbYp3IUe;^mWt4'
+Ensure the value for the below parameter uses https instead of http
+so:
+ vnfm:
+ adapter:
+ url: https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/
+
+---------------
+VNFM simulator:
+---------------
+Set the following parameters for the VNFM simulator (if used):
+server:
+ ssl:
+ client-auth: need
+ request:
+ grant:
+ auth: twowaytls
+
+==========================================
+To use oauth token base authentication
+==========================================
+
+---------------
+VNFM adapter:
+---------------
+Ensure the value for username and password set set in the AAI entry for the VNFM. The VNFM adapter will use this username/password as the client credentials in the request for a token for the VNFM. The token endpoint
+for the VNFM will by default will be derived from the service url for the VNFM in AAI as follows: <base of service url>/oauth/token, e.g. if the service url is https://so-vnfm-simulator.onap/vnflcm/v1 then the token url will
+be taken to be https://so-vnfm-simulator.onap/oauth/token. This can be overriden using the following parameter for the VNFM adapter:
+vnfmadapter:
+ temp:
+ vnfm:
+ oauth:
+ endpoint:
+
+The VNFM adapter exposes a token point at url: https://<hostname>:<port>/oauth/token e.g. https://so-vnfm-adapter.onap:9092/oauth/token. The VNFM can request a token from this endpoint for use in grant requests and notifications
+to the VNFM adapter. The username/password to be used in the token request are passed to the VNFM in a subscription request. The username/password sent by the VNFM adpater in the subscription request can be configuered using the
+following parameter:
+vnfmadapter:
+ auth: <encoded value>
+where <encoded value> is '<username>:<password>' encoded using org.onap.so.utils.CryptoUtils with the key set by the paramter:
+mso:
+ key: <key>
+The default username:password is vnfm-adapter:123456 when vnfm-adapter.auth is not set.
+
+---------------
+VNFM simulator:
+---------------
+Set the following parameters for the simulator:
+spring:
+ profiles:
+ active: oauth-authentication
+server:
+ request:
+ grant:
+ auth: oauth
+
+==========================================
+To use basic auth for notifications
+==========================================
+The same username/password is used as for oauth token requests as describe above and passed to the VNFM in the subscription request.
\ No newline at end of file diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java index 2b33e8b11d..f45d5a0219 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java @@ -22,6 +22,7 @@ package org.onap.so.adapters.vnfmadapter; import org.onap.so.security.MSOSpringFirewall; import org.onap.so.security.WebSecurityConfig; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -34,11 +35,18 @@ import org.springframework.util.StringUtils; @EnableWebSecurity public class WebSecurityConfigImpl extends WebSecurityConfig { + @Value("${server.ssl.client-auth:none}") + private String clientAuth; + @Override protected void configure(final HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() - .httpBasic(); + if (clientAuth.equalsIgnoreCase("need")) { + http.csrf().disable().authorizeRequests().anyRequest().permitAll(); + } else { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and() + .httpBasic(); + } } @Override diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java index b4355efc20..7c22020287 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java @@ -212,6 +212,8 @@ public class VnfmHelper { basicAuthParams.setPassword(decrypedAuth[1]); authentication.addAuthTypeItem(AuthTypeEnum.BASIC); authentication.paramsBasic(basicAuthParams); + + authentication.addAuthTypeItem(AuthTypeEnum.TLS_CERT); return authentication; } diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java index a604f9a6b9..93312cfa64 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java @@ -24,11 +24,12 @@ import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE; import com.google.gson.Gson; import java.io.IOException; import java.security.KeyManagementException; +import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Iterator; -import java.util.ListIterator; import java.util.Map; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; @@ -42,7 +43,6 @@ import org.onap.aai.domain.yang.EsrSystemInfo; import org.onap.aai.domain.yang.EsrVnfm; import org.onap.so.adapters.vnfmadapter.extclients.vnfm.lcn.JSON; import org.onap.so.configuration.rest.BasicHttpHeadersProvider; -import org.onap.so.logging.jaxrs.filter.SpringClientFilter; import org.onap.so.rest.service.HttpRestServiceProvider; import org.onap.so.rest.service.HttpRestServiceProviderImpl; import org.slf4j.Logger; @@ -52,7 +52,7 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; -import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.http.client.BufferingClientHttpRequestFactory; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.GsonHttpMessageConverter; @@ -73,7 +73,12 @@ public class VnfmServiceProviderConfiguration { @Value("${http.client.ssl.trust-store:#{null}}") private Resource trustStore; @Value("${http.client.ssl.trust-store-password:#{null}}") - private String trustPassword; + private String trustStorePassword; + + @Value("${server.ssl.key-store:#{null}}") + private Resource keyStoreResource; + @Value("${server.ssl.key--store-password:#{null}}") + private String keyStorePassword; /** * This property is only intended to be temporary until the AAI schema is updated to support setting the endpoint @@ -98,7 +103,6 @@ public class VnfmServiceProviderConfiguration { if (trustStore != null) { setTrustStore(restTemplate); } - removeSpringClientFilter(restTemplate); return new HttpRestServiceProviderImpl(restTemplate, new BasicHttpHeadersProvider()); } @@ -141,27 +145,26 @@ public class VnfmServiceProviderConfiguration { private void setTrustStore(final RestTemplate restTemplate) { SSLContext sslContext; try { - sslContext = - new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustPassword.toCharArray()).build(); + if (keyStoreResource != null) { + KeyStore keystore = KeyStore.getInstance("pkcs12"); + keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray()); + sslContext = + new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()) + .loadKeyMaterial(keystore, keyStorePassword.toCharArray()).build(); + } else { + sslContext = new SSLContextBuilder() + .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build(); + } logger.info("Setting truststore: {}", trustStore.getURL()); final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext); final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); final HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient); - restTemplate.setRequestFactory(factory); + restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory)); } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException - | IOException exception) { + | IOException | UnrecoverableKeyException exception) { logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception); } } - private void removeSpringClientFilter(final RestTemplate restTemplate) { - ListIterator<ClientHttpRequestInterceptor> interceptorIterator = restTemplate.getInterceptors().listIterator(); - while (interceptorIterator.hasNext()) { - if (interceptorIterator.next() instanceof SpringClientFilter) { - interceptorIterator.remove(); - } - } - } - } diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java index 6cdabb9374..fe55907420 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java @@ -133,7 +133,7 @@ public class VnfmAdapterControllerTest { setUpVimInMockAai(); final String expectedsubscriptionRequest = - "{\"filter\":{\"vnfInstanceSubscriptionFilter\":{\"vnfInstanceIds\":[\"vnfId\"]},\"notificationTypes\":[\"VnfLcmOperationOccurrenceNotification\"]},\"callbackUri\":\"https://so-vnfm-adapter.onap:30406/so/vnfm-adapter/v1/lcn/VnfLcmOperationOccurrenceNotification\",\"authentication\":{\"authType\":[\"OAUTH2_CLIENT_CREDENTIALS\", \"BASIC\"],\"paramsOauth2ClientCredentials\":{\"clientId\":\"vnfm\",\"clientPassword\":\"password1$\",\"tokenEndpoint\":\"https://so-vnfm-adapter.onap:30406/oauth/token\"},\"paramsBasic\":{\"userName\":\"vnfm\",\"password\":\"password1$\"}}}"; + "{\"filter\":{\"vnfInstanceSubscriptionFilter\":{\"vnfInstanceIds\":[\"vnfId\"]},\"notificationTypes\":[\"VnfLcmOperationOccurrenceNotification\"]},\"callbackUri\":\"https://so-vnfm-adapter.onap:30406/so/vnfm-adapter/v1/lcn/VnfLcmOperationOccurrenceNotification\",\"authentication\":{\"authType\":[\"OAUTH2_CLIENT_CREDENTIALS\", \"BASIC\", \"TLS_CERT\"],\"paramsOauth2ClientCredentials\":{\"clientId\":\"vnfm\",\"clientPassword\":\"password1$\",\"tokenEndpoint\":\"https://so-vnfm-adapter.onap:30406/oauth/token\"},\"paramsBasic\":{\"userName\":\"vnfm\",\"password\":\"password1$\"}}}"; final InlineResponse2001 subscriptionResponse = new InlineResponse2001(); final InlineResponse201 createResponse = createCreateResponse(); |