<groupId>io.arrow-kt</groupId>
<artifactId>arrow-effects</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.arrow-kt</groupId>
+ <artifactId>arrow-core</artifactId>
+ </dependency>
<dependency>
<groupId>io.projectreactor</groupId>
<artifactId>reactor-core</artifactId>
*/
package org.onap.dcae.collectors.veshv.impl.socket
+import arrow.core.Option
import arrow.effects.IO
+import io.netty.handler.ssl.SslContext
import org.onap.dcae.collectors.veshv.boundary.CollectorProvider
import org.onap.dcae.collectors.veshv.boundary.Server
import org.onap.dcae.collectors.veshv.boundary.ServerHandle
}
private fun configureServer(opts: ServerOptions.Builder<*>) {
+ val sslContext: Option<SslContext> = sslContextFactory.createSslContext(serverConfig.securityConfiguration)
+ if (sslContext.isDefined()) opts.sslContext(sslContext.orNull())
opts.port(serverConfig.port)
- opts.sslContext(sslContextFactory.createSslContext(serverConfig.securityConfiguration))
}
private fun handleConnection(nettyInbound: NettyInbound): Mono<Void> {
*/
package org.onap.dcae.collectors.veshv.impl.socket
+import arrow.core.None
+import arrow.core.Option
+import arrow.core.Some
import io.netty.handler.ssl.ClientAuth
import io.netty.handler.ssl.SslContext
import io.netty.handler.ssl.SslContextBuilder
internal open class SslContextFactory {
- fun createSslContext(secConfig: SecurityConfiguration): SslContext =
- createSslContextWithConfiguredCerts(secConfig)
- .sslProvider(SslProvider.OPENSSL)
- .clientAuth(ClientAuth.REQUIRE)
- .build()
+ fun createSslContext(secConfig: SecurityConfiguration): Option<SslContext> =
+ if (secConfig.sslDisable) {
+ Option.empty()
+ } else {
+ Option.just(createSslContextWithConfiguredCerts(secConfig)
+ .sslProvider(SslProvider.OPENSSL)
+ .clientAuth(ClientAuth.REQUIRE)
+ .build())
+ }
protected open fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder =
SslContextBuilder.forServer(secConfig.cert.toFile(), secConfig.privateKey.toFile())
package org.onap.dcae.collectors.veshv.impl.socket
import io.netty.handler.ssl.ClientAuth
-import io.netty.handler.ssl.OpenSslServerContext
import io.netty.handler.ssl.ReferenceCountedOpenSslContext
import io.netty.handler.ssl.SslContextBuilder
import org.assertj.core.api.Assertions.assertThat
import org.jetbrains.spek.api.Spek
import org.jetbrains.spek.api.dsl.describe
+import org.jetbrains.spek.api.dsl.given
import org.jetbrains.spek.api.dsl.it
+import org.jetbrains.spek.api.dsl.on
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import java.nio.file.Paths
+import kotlin.test.assertTrue
/**
* @author Piotr Jaszczyk <piotr.jaszczyk@nokia.com>
*/
object SslContextFactoryTest : Spek({
describe("SslContextFactory") {
- val sampleConfig = SecurityConfiguration(
- privateKey = Paths.get("/", "tmp", "pk.pem"),
- cert = Paths.get("/", "tmp", "cert.crt"),
- trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
+ given("config without disabled SSL") {
+ val sampleConfig = SecurityConfiguration(
+ privateKey = Paths.get("/", "tmp", "pk.pem"),
+ cert = Paths.get("/", "tmp", "cert.crt"),
+ trustedCert = Paths.get("/", "tmp", "clientCa.crt"))
- val cut = object : SslContextFactory() {
- var actualConfig: SecurityConfiguration? = null
- override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
- actualConfig = secConfig
- return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
+ val cut = object : SslContextFactory() {
+ override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder {
+ return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key"))
+ }
+
+ private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
}
- private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path)
- }
+ on("creation of SSL context") {
+ val result = cut.createSslContext(sampleConfig)
- val result = cut.createSslContext(sampleConfig)
+ it("should be server context") {
+ assertTrue(result.exists {
+ it.isServer
+ })
+ }
- it("should be server context") {
- assertThat(result.isServer).isTrue()
- }
+ it("should use OpenSSL provider") {
+ assertTrue(result.isDefined())
+ }
- it("should use OpenSSL provider") {
- assertThat(result).isInstanceOf(OpenSslServerContext::class.java)
+ /*
+ * It is too important to leave it untested on unit level.
+ * Because of the Netty API design we need to do it this way.
+ */
+ it("should turn on client authentication") {
+ val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
+ .getDeclaredField("clientAuth")
+ .run {
+ isAccessible = true
+ get(result.orNull()) as ClientAuth
+ }
+ assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+ }
+ }
}
- /*
- * It is too important to leave it untested on unit level.
- * Because of the Netty API design we need to do it this way.
- */
- it("should turn on client authentication") {
- val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java
- .getDeclaredField("clientAuth")
- .run {
- isAccessible = true
- get(result) as ClientAuth
- }
- assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE)
+ given("config with SSL disabled") {
+ val securityConfiguration = SecurityConfiguration(
+ sslDisable = true,
+ privateKey = Paths.get("sample", "key"),
+ cert = Paths.get("sample", "cert"),
+ trustedCert = Paths.get("/", "sample", "trusted", "cert")
+ )
+ val cut = SslContextFactory()
+
+ on("creation of SSL context") {
+ val result = cut.createSslContext(securityConfiguration)
+
+ it("should not create any SSL context ") {
+ assertThat(result.isDefined()).isFalse()
+ }
+ }
}
+
}
})
* @since May 2018
*/
data class SecurityConfiguration(
+ val sslDisable: Boolean = false,
val privateKey: Path,
val cert: Path,
val trustedCert: Path)
LISTEN_PORT,
CONSUL_CONFIG_URL,
CONSUL_FIRST_REQUEST_DELAY,
+ SSL_DISABLE,
PRIVATE_KEY_FILE,
CERT_FILE,
TRUST_CERT_FILE,
}
private fun createSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration {
+ val sslDisable = cmdLine.hasOption(SSL_DISABLE)
val pkFile = cmdLine.stringValue(PRIVATE_KEY_FILE, DefaultValues.PRIVATE_KEY_FILE)
val certFile = cmdLine.stringValue(CERT_FILE, DefaultValues.CERT_FILE)
val trustCertFile = cmdLine.stringValue(TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE)
return SecurityConfiguration(
+ sslDisable = sslDisable,
privateKey = stringPathToPath(pkFile),
cert = stringPathToPath(certFile),
trustedCert = stringPathToPath(trustCertFile)
lateinit var result: ServerConfiguration
beforeEachTest {
- result = parse("--listen-port", listenPort,
+ result = parse("--ssl-disable",
+ "--listen-port", listenPort,
"--config-url", configurationUrl,
"--first-request-delay", firstRequestDelay,
"--private-key-file", pk.toFile().absolutePath,
it("should set proper security configuration") {
assertThat(result.securityConfiguration).isEqualTo(
- SecurityConfiguration(pk, cert, trustCert)
+ SecurityConfiguration(sslDisable = true, privateKey = pk, cert = cert, trustedCert = trustCert)
)
}
.desc("Comma-separated Kafka topics")
.build()
),
+ SSL_DISABLE(Option.builder("l")
+ .longOpt("ssl-disable")
+ .desc("Disable SSL encryption")
+ .build()
+ ),
PRIVATE_KEY_FILE(Option.builder("k")
.longOpt("private-key-file")
.hasArg()
import org.apache.commons.cli.DefaultParser
import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration
import org.onap.dcae.collectors.veshv.utils.commandline.ArgBasedConfiguration
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.CERT_FILE
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.MESSAGES_TO_SEND_AMOUNT
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.PRIVATE_KEY_FILE
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.TRUST_CERT_FILE
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_HOST
-import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.VES_HV_PORT
+import org.onap.dcae.collectors.veshv.utils.commandline.CommandLineOption.*
/**
VES_HV_PORT,
VES_HV_HOST,
MESSAGES_TO_SEND_AMOUNT,
+ SSL_DISABLE,
PRIVATE_KEY_FILE,
CERT_FILE,
TRUST_CERT_FILE
}
private fun parseSecurityConfig(cmdLine: CommandLine): SecurityConfiguration {
+ val sslDisable = cmdLine.hasOption(SSL_DISABLE)
val pkFile = cmdLine.stringValue(PRIVATE_KEY_FILE, DefaultValues.PRIVATE_KEY_FILE)
val certFile = cmdLine.stringValue(CERT_FILE, DefaultValues.CERT_FILE)
val trustCertFile = cmdLine.stringValue(TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE)
return SecurityConfiguration(
+ sslDisable = sslDisable,
privateKey = stringPathToPath(pkFile),
cert = stringPathToPath(certFile),
trustedCert = stringPathToPath(trustCertFile))
import org.onap.dcae.collectors.veshv.simulators.xnf.config.ArgConfigurationProvider.*
import org.onap.dcae.collectors.veshv.simulators.xnf.config.SimulatorConfiguration
import java.nio.file.Paths
+import kotlin.test.assertTrue
object ArgConfigurationProviderTest : Spek({
fun parse(vararg cmdLine: String): SimulatorConfiguration =
cut.parse(cmdLine).fold(
- {throw AssertionError("Parsing result should be present")},
+ { throw AssertionError("Parsing result should be present") },
::identity
)
given("all parameters are present in the long form") {
beforeEachTest {
- result = parse("--ves-port", "6969",
+ result = parse("--ssl-disable",
+ "--ves-port", "6969",
"--ves-host", vesHost,
"--messages", messagesAmount.toString(),
"--private-key-file", pk.toFile().absolutePath,
it("should set proper security configuration") {
assertThat(result.security).isEqualTo(
- SecurityConfiguration(pk, cert, trustCert)
+ SecurityConfiguration(sslDisable = true, privateKey = pk, cert = cert, trustedCert = trustCert)
)
}
}
}
}
}
+
+ given("disabled ssl certs together with all other parameters") {
+ beforeEachTest {
+ result = parse("--ssl-disable",
+ "--ves-port", "888",
+ "--ves-host", vesHost,
+ "--messages", messagesAmount.toString(),
+ "--private-key-file", pk.toFile().absolutePath,
+ "--cert-file", cert.toFile().absolutePath,
+ "--trust-cert-file", trustCert.toFile().absolutePath)
+ }
+
+ on("security config") {
+ val securityConfiguration = result.security
+
+ it("should set ssl disable to true"){
+ assertTrue(securityConfiguration.sslDisable)
+ }
+
+ it("should set proper security configuration") {
+ assertThat(securityConfiguration).isEqualTo(
+ SecurityConfiguration(
+ sslDisable = true,
+ privateKey = pk,
+ cert = cert,
+ trustedCert = trustCert)
+ )
+ }
+ }
+ }
}
})