From 1940392a7dabd31a68d97155f58406cf71e5be36 Mon Sep 17 00:00:00 2001
From: Piotr Borelowski
Date: Wed, 3 Jun 2020 17:01:27 +0200
Subject: Add a certificate in communication with VNFM
Issue-ID: SO-2979
Signed-off-by: Piotr Borelowski
Change-Id: I7fa13c9371b7789950af315b7772a0ee409cc34b
---
.../configuration/ApplicationConfiguration.java | 56 +++++++++++++++++++++
.../vevnfm/configuration/ConfigProperties.java | 29 +++++++++++
.../so/adapters/vevnfm/service/StartupService.java | 2 -
.../src/main/resources/application.yaml | 14 ++++--
.../src/main/resources/certs/org.onap.so.trust.jks | Bin 0 -> 1413 bytes
.../src/main/resources/certs/ve-vnfm-adapter.p12 | Bin 0 -> 4079 bytes
6 files changed, 95 insertions(+), 6 deletions(-)
create mode 100644 adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks
create mode 100644 adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12
(limited to 'adapters/etsi-sol002-adapter/src/main')
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
index 411572ff5b..38f7a0cd3f 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ApplicationConfiguration.java
@@ -20,17 +20,44 @@
package org.onap.so.adapters.vevnfm.configuration;
+import java.io.IOException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
import org.onap.so.adapters.vevnfm.provider.AuthorizationHeadersProvider;
import org.onap.so.configuration.rest.HttpHeadersProvider;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
@Configuration
public class ApplicationConfiguration {
+ private static final Logger logger = LoggerFactory.getLogger(ApplicationConfiguration.class);
+
+ private final Resource clientKeyStore;
+ private final String clientKeyStorePassword;
+ private final Resource clientTrustStore;
+ private final String clientTrustStorePassword;
+
+ public ApplicationConfiguration(final ConfigProperties configProperties) {
+ clientKeyStore = configProperties.getClientKeyStore();
+ clientKeyStorePassword = configProperties.getClientKeyStorePassword();
+ clientTrustStore = configProperties.getClientTrustStore();
+ clientTrustStorePassword = configProperties.getClientTrustStorePassword();
+ }
+
@Bean
public AuthorizationHeadersProvider headersProvider() {
return new AuthorizationHeadersProvider();
@@ -39,6 +66,35 @@ public class ApplicationConfiguration {
@Bean
public HttpRestServiceProvider restProvider(final RestTemplate restTemplate,
final HttpHeadersProvider headersProvider) {
+ modify(restTemplate);
return new HttpRestServiceProviderImpl(restTemplate, headersProvider);
}
+
+ private void modify(final RestTemplate restTemplate) {
+
+ if (clientKeyStore == null || clientTrustStore == null) {
+ return;
+ }
+
+ try {
+ final KeyStore keystore = KeyStore.getInstance("PKCS12");
+ keystore.load(clientKeyStore.getInputStream(), clientKeyStorePassword.toCharArray());
+
+ final SSLContext sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(clientTrustStore.getURL(), clientTrustStorePassword.toCharArray())
+ .loadKeyMaterial(keystore, clientKeyStorePassword.toCharArray()).build();
+
+ logger.info("Setting truststore: {}", clientTrustStore.getURL());
+
+ final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
+ final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
+ final HttpComponentsClientHttpRequestFactory factory =
+ new HttpComponentsClientHttpRequestFactory(httpClient);
+
+ restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
+ } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
+ | IOException | UnrecoverableKeyException e) {
+ logger.error("Error reading truststore, TLS connection to VNFM will fail.", e);
+ }
+ }
}
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
index d4ca5af0f2..a8a436ddc6 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/configuration/ConfigProperties.java
@@ -23,6 +23,7 @@ package org.onap.so.adapters.vevnfm.configuration;
import org.onap.so.adapters.vevnfm.constant.NotificationVnfFilterType;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
@Configuration
public class ConfigProperties {
@@ -72,6 +73,18 @@ public class ConfigProperties {
@Value("${spring.security.usercredentials[0].openpass}")
private String springSecurityOpenpass;
+ @Value("${client.key-store:#{null}}")
+ private Resource clientKeyStore;
+
+ @Value("${client.key-store-password:#{null}}")
+ private String clientKeyStorePassword;
+
+ @Value("${client.trust-store:#{null}}")
+ private Resource clientTrustStore;
+
+ @Value("${client.trust-store-password:#{null}}")
+ private String clientTrustStorePassword;
+
public String getVevnfmadapterVnfFilterJson() {
return vevnfmadapterVnfFilterJson;
}
@@ -131,4 +144,20 @@ public class ConfigProperties {
public String getSpringSecurityOpenpass() {
return springSecurityOpenpass;
}
+
+ public Resource getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ public Resource getClientTrustStore() {
+ return clientTrustStore;
+ }
+
+ public String getClientTrustStorePassword() {
+ return clientTrustStorePassword;
+ }
}
diff --git a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
index c128275e43..eba1d087c6 100644
--- a/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
+++ b/adapters/etsi-sol002-adapter/src/main/java/org/onap/so/adapters/vevnfm/service/StartupService.java
@@ -28,7 +28,6 @@ import org.onap.so.adapters.vevnfm.configuration.ConfigProperties;
import org.onap.so.adapters.vevnfm.exception.VeVnfmException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.retry.annotation.Backoff;
import org.springframework.retry.annotation.EnableRetry;
import org.springframework.retry.annotation.Recover;
@@ -44,7 +43,6 @@ public class StartupService {
private final String vnfmDefaultEndpoint;
private final AaiConnection aaiConnection;
- @Autowired
public StartupService(final ConfigProperties configProperties, final AaiConnection aaiConnection) {
this.vnfmDefaultEndpoint = configProperties.getVnfmDefaultEndpoint();
this.aaiConnection = aaiConnection;
diff --git a/adapters/etsi-sol002-adapter/src/main/resources/application.yaml b/adapters/etsi-sol002-adapter/src/main/resources/application.yaml
index c69c95187a..f5b6bc3158 100644
--- a/adapters/etsi-sol002-adapter/src/main/resources/application.yaml
+++ b/adapters/etsi-sol002-adapter/src/main/resources/application.yaml
@@ -19,17 +19,23 @@ server:
vevnfmadapter:
vnf-filter-json: '{notificationTypes:[VnfLcmOperationOccurrenceNotification],operationStates:[COMPLETED]}'
- endpoint: http://so-ve-vnfm-adapter.onap:9098
+ endpoint: http://so-ve-vnfm-adapter:9098
+
+client:
+ key-store: classpath:ve-vnfm-adapter.p12
+ key-store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L'
+ trust-store: classpath:org.onap.so.trust.jks
+ trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
aai:
- endpoint: https://aai.onap:30233
+ endpoint: https://aai:30233
auth: 75C4483F9C05E2C33A8602635FA532397EC44AB667A2B64DED4FEE08DD932F2E3C1FEE
vnfm:
- default-endpoint: https://so-vnfm-simulator.onap:9093
+ default-endpoint: https://so-vnfm-simulator:9093
subscription: /vnflcm/v1/subscriptions
notification: /lcm/v1/vnf/instances/notifications
@@ -37,7 +43,7 @@ notification:
vnf-filter-type: NONE
dmaap:
- endpoint: http://message-router.onap:30227
+ endpoint: http://message-router:30227
topic: /events/unauthenticated.DCAE_CL_OUTPUT
closed-loop:
control:
diff --git a/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks b/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks
new file mode 100644
index 0000000000..1f0d8a550a
Binary files /dev/null and b/adapters/etsi-sol002-adapter/src/main/resources/certs/org.onap.so.trust.jks differ
diff --git a/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 b/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12
new file mode 100644
index 0000000000..ae4fddc684
Binary files /dev/null and b/adapters/etsi-sol002-adapter/src/main/resources/certs/ve-vnfm-adapter.p12 differ
--
cgit 1.2.3-korg