5 files changed, 92 insertions, 52 deletions

diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java
index 8a4dbdd1..e1d1197b 100644
--- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java
@@ -15,12 +15,10 @@
  */
 package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.notification;
 
-import com.google.common.base.Splitter;
 import org.onap.aai.domain.yang.v11.RelationshipList;
 import org.onap.aai.domain.yang.v11.Vnfc;
 import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.AAIRestApiProvider;
 import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring.Conditions;
-import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.CbamUtils;
 import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.CbamRestApiProvider;
 import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.DriverProperties;
 import org.slf4j.Logger;
@@ -45,15 +43,15 @@ public class VnfcManager extends AbstractManager {
         super(aaiRestApiProvider, cbamRestApiProvider, driverProperties);
     }
 
+    /**
+     * @param vnfId      the identifier of the VNF
+     * @param cbamVnfcId the identifier of the VNFC in CBAM
+     * @return the URL of the VNFC
+     */
     public static String buildUrl(String vnfId, String cbamVnfcId) {
         return format("/vnfcs/vnfc/%s", buildId(vnfId, cbamVnfcId));
     }
 
-    public static String getCbamVnfcId(String vnfcId) {
-        String vnfId = Splitter.on(CbamUtils.SEPARATOR).split(vnfcId).iterator().next();
-        return vnfcId.replaceFirst(vnfId + SEPARATOR, "");
-    }
-
     private static String buildId(String vnfId, String cbamVnfcId) {
         return vnfId + SEPARATOR + cbamVnfcId;
     }
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java
index 8d658310..701b42eb 100644
--- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java
@@ -64,24 +64,18 @@ public class OnapVnfdBuilder {
             StringBuilder body = new StringBuilder();
             for (Map.Entry<String, JsonElement> node : nodeTemplates) {
                 String type = childElement(node.getValue().getAsJsonObject(), "type").getAsString();
-                switch (type) {
-                    case "tosca.nodes.nfv.VDU":
-                        body.append(buildVdu(node.getKey(), node.getValue().getAsJsonObject(), nodeTemplates));
-                        break;
-                    case "tosca.nodes.nfv.VirtualStorage":
-                        body.append(buildVolume(node.getKey(), node.getValue().getAsJsonObject()));
-                        break;
-                    case "tosca.nodes.nfv.VL":
-                        body.append(buildVl(node.getKey()));
-                        break;
-                    case "tosca.nodes.nfv.ICP":
-                        body.append(buildIcp(node.getKey(), node.getValue().getAsJsonObject()));
-                        break;
-                    case "tosca.nodes.nfv.ECP":
-                        body.append(buildEcp(node.getKey(), node.getValue(), nodeTemplates));
-                        break;
-                    default:
-                        logger.warn("The {} type is not converted", type);
+                if ("tosca.nodes.nfv.VDU".equals(type)) {
+                    body.append(buildVdu(node.getKey(), node.getValue().getAsJsonObject(), nodeTemplates));
+                } else if ("tosca.nodes.nfv.VirtualStorage".equals(type)) {
+                    body.append(buildVolume(node.getKey(), node.getValue().getAsJsonObject()));
+                } else if ("tosca.nodes.nfv.VL".equals(type)) {
+                    body.append(buildVl(node.getKey()));
+                } else if ("tosca.nodes.nfv.ICP".equals(type)) {
+                    body.append(buildIcp(node.getKey(), node.getValue().getAsJsonObject()));
+                } else if ("tosca.nodes.nfv.ECP".equals(type)) {
+                    body.append(buildEcp(node.getKey(), node.getValue(), nodeTemplates));
+                } else {
+                    logger.warn("The {} type is not converted", type);
                 }
             }
             return buildHeader(topologyTemplate) + body.toString();
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/SecurityConfig.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/SecurityConfig.java
new file mode 100644
index 00000000..e3dd0714
--- /dev/null
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/SecurityConfig.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2016-2017, Nokia Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * Responsible for initializing the Spring security
+ */
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+    /**
+     * Does not configure security, but solves the https://pivotal.io/security/cve-2017-4995
+     * "The fix ensures that by default only explicitly mapped classes will be deserialized.
+     * The effect of using explicitly mapped classes is to create a whitelist which works with all
+     * supported versions of Jackson. If users explicitly opt into global default typing, the previous
+     * potentially dangerous configuration is restored."
+     *
+     * @param http the security configuration
+     */
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .authorizeRequests()
+                .anyRequest()
+                .permitAll();
+    }
+
+}
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java
index c2358cf1..6c70c26d 100644
--- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java
@@ -83,7 +83,7 @@ public class CbamSecurityProvider {
             } catch (Exception e) {
                 throw buildFatalFailure(logger, "The trustedCertificates must be a base64 encoded collection of PEM certificates", e);
             }
-            if (trustedPems.size() == 0) {
+            if (trustedPems.isEmpty()) {
                 throw buildFatalFailure(logger, "No certificate can be extracted from " + content);
             }
             try {
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java
index d543f3ce..36df12a6 100644
--- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java
+++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java
@@ -427,7 +427,6 @@ public class LifecycleManager {
         logOperationInput(vnfId, "termination", request);
         return scheduleExecution(vnfId, httpResponse, "terminate", jobInfo -> {
             TerminateVnfRequest cbamRequest = new TerminateVnfRequest();
-            //cbamRequest.setAdditionalParams(jobInfo);
             if (request.getTerminationType() == null) {
                 cbamRequest.setTerminationType(TerminationType.FORCEFUL);
             } else {
@@ -518,37 +517,28 @@ public class LifecycleManager {
      */
     public JobInfo scaleVnf(String vnfmId, String vnfId, VnfScaleRequest request, HttpServletResponse httpResponse) {
         logOperationInput(vnfId, SCALE_OPERATION_NAME, request);
-        return scheduleExecution(vnfId, httpResponse, SCALE_OPERATION_NAME, new AsynchronousExecution() {
-            @Override
-            public void execute(JobInfo jobInfo) {
-                ScaleVnfRequest cbamRequest = new ScaleVnfRequest();
-                cbamRequest.setAspectId(request.getAspectId());
-                cbamRequest.setNumberOfSteps(Integer.valueOf(request.getNumberOfSteps()));
-                cbamRequest.setType(convert(request.getType()));
-                com.nokia.cbam.lcm.v32.model.VnfInfo vnf = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
-                JsonObject root = new Gson().toJsonTree(jobInfo).getAsJsonObject();
-                com.nokia.cbam.lcm.v32.model.VnfInfo cbamVnfInfo = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
-                String vnfdContent = catalogManager.getCbamVnfdContent(vnfmId, cbamVnfInfo.getVnfdId());
-                Set<Map.Entry<String, JsonElement>> acceptableOperationParameters = getAcceptableOperationParameters(vnfdContent, "Basic", SCALE_OPERATION_NAME);
-                buildAdditionalParameters(request, root, acceptableOperationParameters);
-                cbamRequest.setAdditionalParams(root);
-                grantManager.requestGrantForScale(vnfmId, vnfId, getVimIdFromInstantiationRequest(vnfmId, vnf), getVnfdIdFromModifyableAttributes(vnf), request, jobInfo.getJobId());
-                OperationExecution operationExecution = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdScalePost(vnfId, cbamRequest, NOKIA_LCM_API_VERSION).blockingFirst();
-                waitForOperationToFinish(vnfmId, vnfId, operationExecution.getId());
-            }
+        return scheduleExecution(vnfId, httpResponse, SCALE_OPERATION_NAME, jobInfo -> {
+            ScaleVnfRequest cbamRequest = new ScaleVnfRequest();
+            cbamRequest.setAspectId(request.getAspectId());
+            cbamRequest.setNumberOfSteps(Integer.valueOf(request.getNumberOfSteps()));
+            cbamRequest.setType(convert(request.getType()));
+            com.nokia.cbam.lcm.v32.model.VnfInfo vnf = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
+            JsonObject root = new Gson().toJsonTree(jobInfo).getAsJsonObject();
+            com.nokia.cbam.lcm.v32.model.VnfInfo cbamVnfInfo = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
+            String vnfdContent = catalogManager.getCbamVnfdContent(vnfmId, cbamVnfInfo.getVnfdId());
+            Set<Map.Entry<String, JsonElement>> acceptableOperationParameters = getAcceptableOperationParameters(vnfdContent, "Basic", SCALE_OPERATION_NAME);
+            buildAdditionalParameters(request, root, acceptableOperationParameters);
+            cbamRequest.setAdditionalParams(root);
+            grantManager.requestGrantForScale(vnfmId, vnfId, getVimIdFromInstantiationRequest(vnfmId, vnf), getVnfdIdFromModifyableAttributes(vnf), request, jobInfo.getJobId());
+            OperationExecution operationExecution = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdScalePost(vnfId, cbamRequest, NOKIA_LCM_API_VERSION).blockingFirst();
+            waitForOperationToFinish(vnfmId, vnfId, operationExecution.getId());
         });
     }
 
     private void buildAdditionalParameters(VnfScaleRequest request, JsonObject root, Set<Map.Entry<String, JsonElement>> acceptableOperationParameters) {
         if (request.getAdditionalParam() != null) {
             for (Map.Entry<String, JsonElement> item : new Gson().toJsonTree(request.getAdditionalParam()).getAsJsonObject().entrySet()) {
-                boolean found = false;
-                for (Map.Entry<String, JsonElement> acceptableOperationParameter : acceptableOperationParameters) {
-                    if (acceptableOperationParameter.getKey().equals(item.getKey())) {
-                        found = true;
-                    }
-                }
-                if (found) {
+                if (isParameterAccepted(acceptableOperationParameters, item)) {
                     root.add(item.getKey(), item.getValue());
                 }
             }
@@ -557,6 +547,16 @@ public class LifecycleManager {
         }
     }
 
+    private boolean isParameterAccepted(Set<Map.Entry<String, JsonElement>> acceptableOperationParameters, Map.Entry<String, JsonElement> item) {
+        boolean found = false;
+        for (Map.Entry<String, JsonElement> acceptableOperationParameter : acceptableOperationParameters) {
+            if (acceptableOperationParameter.getKey().equals(item.getKey())) {
+                found = true;
+            }
+        }
+        return found;
+    }
+
     /**
      * Heal the VNF
      *