From c6c0077ac3db6190d1f364360de5af17e9fcd08b Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Mon, 22 Jul 2019 14:28:09 +0000 Subject: Implement TLS for calls into VNFM adapter Issue-ID: SO-2143 Change-Id: I2fcacab7aebc9a22b952d881b0bf2404e1638b37 Signed-off-by: MichaelMorris --- .../vnfm/VnfmServiceProviderConfiguration.java | 8 +-- .../src/main/resources/application.yaml | 7 ++- .../src/main/resources/so-vnfm-adapter.p12 | Bin 0 -> 4079 bytes .../src/test/resources/application-test.yaml | 40 --------------- .../src/test/resources/application.yaml | 54 +++++++++++++++++++++ 5 files changed, 65 insertions(+), 44 deletions(-) create mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 delete mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml create mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml (limited to 'adapters/mso-vnfm-adapter') diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java index 3342e0d054..ab631837db 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java @@ -63,9 +63,9 @@ public class VnfmServiceProviderConfiguration { private static final Logger logger = LoggerFactory.getLogger(VnfmServiceProviderConfiguration.class); - @Value("${http.client.ssl.trust-store}") + @Value("${http.client.ssl.trust-store:#{null}}") private Resource keyStore; - @Value("${http.client.ssl.trust-store-password}") + @Value("${http.client.ssl.trust-store-password:#{null}}") private String keyStorePassword; @Bean(name = "vnfmServiceProvider") @@ -77,7 +77,9 @@ public class VnfmServiceProviderConfiguration { private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate, final HttpHeadersProvider httpHeadersProvider) { setGsonMessageConverter(restTemplate); - setTrustStore(restTemplate); + if (keyStore != null) { + setTrustStore(restTemplate); + } removeSpringClientFilter(restTemplate); return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider); } diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml index 0bd63dffa9..4434d2edd9 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml @@ -34,6 +34,11 @@ server: port: 9092 tomcat: max-threads: 50 + ssl: + key-alias: so@so.onap.org + key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' + key-store: classpath:so-vnfm-adapter.p12 + key-store-type: PKCS12 mso: key: 07a7159d3bf51a0e53be7a8f89699be7 @@ -50,7 +55,7 @@ sdc: endpoint: http://sdc.onap/1234A vnfmadapter: - endpoint: http://so-vnfm-adapter.onap:9092 + endpoint: https://so-vnfm-adapter.onap:9092 #Actuator management: diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 new file mode 100644 index 0000000000..ae4fddc684 Binary files /dev/null and b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 differ diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml deleted file mode 100644 index 3afc542a1b..0000000000 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright © 2019 Nordix Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -spring: - security: - usercredentials: - - username: test - password: '$2a$12$Zi3AuYcZoZO/gBQyUtST2.F5N6HqcTtaNci2Et.ufsQhski56srIu' - role: BPEL-Client - - username: vnfm - password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' - role: BPEL-Client - -mso: - key: 07a7159d3bf51a0e53be7a8f89699be7 - -aai: - auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 - endpoint: https://aai.onap:8443 - version: v15 - -sdc: - username: sdcUser - password: sdcPassword - key: adadadadad - endpoint: http://sdc.onap/1234A - - -vnfmadapter: - endpoint: https://so-vnfm-adapter.onap:30406 diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml new file mode 100644 index 0000000000..8cf8b51b9f --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml @@ -0,0 +1,54 @@ +# Copyright © 2019 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +spring: + security: + usercredentials: + - username: test + password: '$2a$12$Zi3AuYcZoZO/gBQyUtST2.F5N6HqcTtaNci2Et.ufsQhski56srIu' + role: BPEL-Client + - username: vnfm + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 + endpoint: https://aai.onap:8443 + version: v15 + +sdc: + username: sdcUser + password: sdcPassword + key: adadadadad + endpoint: http://sdc.onap/1234A + + +vnfmadapter: + endpoint: https://so-vnfm-adapter.onap:30406 + +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. -- cgit 1.2.3-korg