From 1940392a7dabd31a68d97155f58406cf71e5be36 Mon Sep 17 00:00:00 2001 From: Piotr Borelowski Date: Wed, 3 Jun 2020 17:01:27 +0200 Subject: Add a certificate in communication with VNFM Issue-ID: SO-2979 Signed-off-by: Piotr Borelowski Change-Id: I7fa13c9371b7789950af315b7772a0ee409cc34b --- .../configuration/ApplicationConfiguration.java | 56 +++++++++++++++++++++ .../vevnfm/configuration/ConfigProperties.java | 29 +++++++++++ .../so/adapters/vevnfm/service/StartupService.java | 2 - .../src/main/resources/application.yaml | 14 ++++-- .../src/main/resources/certs/org.onap.so.trust.jks | Bin 0 -> 1413 bytes .../src/main/resources/certs/ve-vnfm-adapter.p12 | Bin 0 -> 4079 bytes 6 files changed, 95 insertions(+), 6 deletions(-) create mode 100644 adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks create mode 100644 adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 (limited to 'adapters/etsi-sol002-adapter/src/main') diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java index 411572ff5b..38f7a0cd3f 100644 --- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java +++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java @@ -20,17 +20,44 @@ package org.onap.so.adapters.vevnfm.configuration; +import java.io.IOException; +import java.security.*; +import java.security.cert.CertificateException; +import javax.net.ssl.SSLContext; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider; import org.onap.so.configuration.rest.HttpHeadersProvider; import org.onap.so.rest.service.HttpRestServiceProvider; import org.onap.so.rest.service.HttpRestServiceProviderImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.http.client.BufferingClientHttpRequestFactory; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; @Configuration public class ApplicationConfiguration { + private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class); + + private final Resource clientKeyStore; + private final String clientKeyStorePassword; + private final Resource clientTrustStore; + private final String clientTrustStorePassword; + + public ApplicationConfiguration(final ConfigProperties configProperties) { + clientKeyStore = configProperties.getClientKeyStore(); + clientKeyStorePassword = configProperties.getClientKeyStorePassword(); + clientTrustStore = configProperties.getClientTrustStore(); + clientTrustStorePassword = configProperties.getClientTrustStorePassword(); + } + @Bean public AuthorizationHeadersProvider headersProvider() { return new AuthorizationHeadersProvider(); @@ -39,6 +66,35 @@ public class ApplicationConfiguration { @Bean public HttpRestServiceProvider restProvider(final RestTemplate restTemplate, final HttpHeadersProvider headersProvider) { + modify(restTemplate); return new HttpRestServiceProviderImpl(restTemplate, headersProvider); } + + private void modify(final RestTemplate restTemplate) { + + if (clientKeyStore == null || clientTrustStore == null) { + return; + } + + try { + final KeyStore keystore = KeyStore.getInstance("PKCS12"); + keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray()); + + final SSLContext sslContext = new SSLContextBuilder() + .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray()) + .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build(); + + logger.info("Setting truststore: {}", clientTrustStore.getURL()); + + final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext); + final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); + final HttpComponentsClientHttpRequestFactory factory = + new HttpComponentsClientHttpRequestFactory(httpClient); + + restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory)); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException + | IOException | UnrecoverableKeyException e) { + logger.error("Error reading truststore, TLS connection to VNFM will fail.", e); + } + } } diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java index d4ca5af0f2..a8a436ddc6 100644 --- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java +++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java @@ -23,6 +23,7 @@ package org.onap.so.adapters.vevnfm.configuration; import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; @Configuration public class ConfigProperties { @@ -72,6 +73,18 @@ public class ConfigProperties { @Value("${spring.security.usercredentials[0].openpass}") private String springSecurityOpenpass; + @Value("${client.key-store:#{null}}") + private Resource clientKeyStore; + + @Value("${client.key-store-password:#{null}}") + private String clientKeyStorePassword; + + @Value("${client.trust-store:#{null}}") + private Resource clientTrustStore; + + @Value("${client.trust-store-password:#{null}}") + private String clientTrustStorePassword; + public String getVevnfmadapterVnfFilterJson() { return vevnfmadapterVnfFilterJson; } @@ -131,4 +144,20 @@ public class ConfigProperties { public String getSpringSecurityOpenpass() { return springSecurityOpenpass; } + + public Resource getClientKeyStore() { + return clientKeyStore; + } + + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + public Resource getClientTrustStore() { + return clientTrustStore; + } + + public String getClientTrustStorePassword() { + return clientTrustStorePassword; + } } diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java index c128275e43..eba1d087c6 100644 --- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java +++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java @@ -28,7 +28,6 @@ import org.onap.so.adapters.vevnfm.configuration.ConfigProperties; import org.onap.so.adapters.vevnfm.exception.VeVnfmException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.retry.annotation.Backoff; import org.springframework.retry.annotation.EnableRetry; import org.springframework.retry.annotation.Recover; @@ -44,7 +43,6 @@ public class StartupService { private final String vnfmDefaultEndpoint; private final AaiConnection aaiConnection; - @Autowired public StartupService(final ConfigProperties configProperties, final AaiConnection aaiConnection) { this.vnfmDefaultEndpoint = configProperties.getVnfmDefaultEndpoint(); this.aaiConnection = aaiConnection; diff --git a/adapters/etsi-sol002-adapter/src/main/resources/application.yaml b/adapters/etsi-sol002-adapter/src/main/resources/application.yaml index c69c95187a..f5b6bc3158 100644 --- a/adapters/etsi-sol002-adapter/src/main/resources/application.yaml +++ b/adapters/etsi-sol002-adapter/src/main/resources/application.yaml @@ -19,17 +19,23 @@ server: vevnfmadapter: vnf-filter-json: '{notificationTypes:[VnfLcmOperationOccurrenceNotification],operationStates:[COMPLETED]}' - endpoint: http://so-ve-vnfm-adapter.onap:9098 + endpoint: http://so-ve-vnfm-adapter:9098 + +client: + key-store: classpath:ve-vnfm-adapter.p12 + key-store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' + trust-store: classpath:org.onap.so.trust.jks + trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' mso: key: 07a7159d3bf51a0e53be7a8f89699be7 aai: - endpoint: https://aai.onap:30233 + endpoint: https://aai:30233 auth: 75C4483F9C05E2C33A8602635FA532397EC44AB667A2B64DED4FEE08DD932F2E3C1FEE vnfm: - default-endpoint: https://so-vnfm-simulator.onap:9093 + default-endpoint: https://so-vnfm-simulator:9093 subscription: /vnflcm/v1/subscriptions notification: /lcm/v1/vnf/instances/notifications @@ -37,7 +43,7 @@ notification: vnf-filter-type: NONE dmaap: - endpoint: http://message-router.onap:30227 + endpoint: http://message-router:30227 topic: /events/unauthenticated.DCAE_CL_OUTPUT closed-loop: control: diff --git a/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks b/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks new file mode 100644 index 0000000000..1f0d8a550a Binary files /dev/null and b/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks differ diff --git a/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 b/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 new file mode 100644 index 0000000000..ae4fddc684 Binary files /dev/null and b/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 differ -- cgit 1.2.3-korg