import org.onap.dcae.collectors.veshv.config.api.model.ServerConfiguration
import org.onap.dcae.collectors.veshv.config.api.model.ValidationException
import org.onap.dcae.collectors.veshv.ssl.boundary.SecurityConfiguration
+import org.onap.dcae.collectors.veshv.ssl.boundary.SecurityKeysPaths
import org.onap.dcae.collectors.veshv.utils.arrow.OptionUtils.binding
import org.onap.dcae.collectors.veshv.utils.arrow.mapBinding
import org.onap.dcae.collectors.veshv.utils.arrow.doOnEmpty
.doOnEmpty { logger.debug { "Cannot bind cbs configuration" } }
.bind()
- val securityConfiguration = SecurityConfiguration(partialConfig.security.bind().keys)
+ val securityConfiguration = validatedSecurityConfiguration(partialConfig)
+ .doOnEmpty { logger.debug { "Cannot bind security configuration" } }
+ .bind()
val collectorConfiguration = validatedCollectorConfig(partialConfig)
.doOnEmpty { logger.debug { "Cannot bind collector configuration" } }
}
}
- fun validatedCbsConfiguration(partial: PartialConfiguration) =
+ internal fun validatedCbsConfiguration(partial: PartialConfiguration) =
partial.mapBinding {
it.cbs.bind().let {
CbsConfiguration(
}
}
+ private fun validatedSecurityConfiguration(partial: PartialConfiguration) =
+ partial.mapBinding {
+ it.security.bind().let {
+ SecurityConfiguration(it.keys.map(SecurityKeysPaths::asImmutableSecurityKeys))
+ }
+ }
+
private fun validatedCollectorConfig(partial: PartialConfiguration) =
partial.mapBinding {
partial.collector.bind().let {
* @author Pawel Biniek <pawel.biniek@nokia.com>
* @since March 2019
*/
-class DurationOfSecondsAdapter : JsonDeserializer<Duration> {
+internal class DurationOfSecondsAdapter : JsonDeserializer<Duration> {
override fun deserialize(json: JsonElement, typeOfT: Type, context: JsonDeserializationContext) =
Duration.ofSeconds(json.asLong)
import com.google.gson.JsonElement
import com.google.gson.JsonObject
import org.onap.dcae.collectors.veshv.config.impl.PartialSecurityConfig
-import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys
-import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore
-import org.onap.dcaegen2.services.sdk.security.ssl.Passwords
-import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys
+import org.onap.dcae.collectors.veshv.ssl.boundary.SecurityKeysPaths
import java.io.File
import java.lang.reflect.Type
private fun hasSslDisableSet(security: JsonObject) =
security.has(SSL_DISABLE_KEY) && security[SSL_DISABLE_KEY].asBoolean
- private fun JsonObject.securityKeys(f: (JsonObject) -> SecurityKeys) = f(getAsJsonObject(KEYS_OBJECT_KEY))
+ private fun JsonObject.securityKeys(f: (JsonObject) -> SecurityKeysPaths) = f(getAsJsonObject(KEYS_OBJECT_KEY))
- private fun asImmutableSecurityKeys(keys: JsonObject) = ImmutableSecurityKeys.builder()
- .keyStore(ImmutableSecurityKeysStore.of(
- File(keys[KEY_STORE_FILE_KEY].asString).toPath()))
- .keyStorePassword(
- Passwords.fromString(keys[KEY_STORE_PASSWORD_KEY].asString))
- .trustStore(ImmutableSecurityKeysStore.of(
- File(keys[TRUST_STORE_FILE_KEY].asString).toPath()))
- .trustStorePassword(
- Passwords.fromString(keys[TRUST_STORE_PASSWORD_KEY].asString))
- .build()
+ private fun asImmutableSecurityKeys(keys: JsonObject) = SecurityKeysPaths(
+ File(keys[KEY_STORE_FILE_KEY].asString).toPath(),
+ keys[KEY_STORE_PASSWORD_KEY].asString,
+ File(keys[TRUST_STORE_FILE_KEY].asString).toPath(),
+ keys[TRUST_STORE_PASSWORD_KEY].asString
+ )
companion object {
private val SSL_DISABLE_KEY = "sslDisable"
import arrow.core.None
import arrow.core.Option
import org.onap.dcae.collectors.veshv.config.api.model.Routing
+import org.onap.dcae.collectors.veshv.ssl.boundary.SecurityKeysPaths
import org.onap.dcae.collectors.veshv.utils.logging.LogLevel
-import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys
-import java.net.InetSocketAddress
import java.time.Duration
/**
val requestIntervalSec: Option<Duration> = None
)
-internal data class PartialSecurityConfig(val keys: Option<SecurityKeys> = None)
+internal data class PartialSecurityConfig(val keys: Option<SecurityKeysPaths> = None)
internal data class PartialCollectorConfig(
val routing: Option<Routing> = None
import arrow.core.None
import arrow.core.Option
import arrow.core.Some
+import arrow.core.getOrElse
import com.nhaarman.mockitokotlin2.mock
+import com.nhaarman.mockitokotlin2.verify
+import com.nhaarman.mockitokotlin2.whenever
import org.assertj.core.api.Assertions.assertThat
import org.assertj.core.api.Assertions.fail
+import org.assertj.core.api.ObjectAssert
import org.jetbrains.spek.api.Spek
import org.jetbrains.spek.api.dsl.describe
import org.jetbrains.spek.api.dsl.it
import org.onap.dcae.collectors.veshv.config.api.model.Routing
import org.onap.dcae.collectors.veshv.config.impl.ConfigurationValidator.Companion.DEFAULT_LOG_LEVEL
+import org.onap.dcae.collectors.veshv.ssl.boundary.SecurityKeysPaths
import org.onap.dcae.collectors.veshv.utils.logging.LogLevel
import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys
import java.time.Duration
describe("validating complete configuration") {
val idleTimeoutSec = Duration.ofSeconds(10L)
val firstReqDelaySec = Duration.ofSeconds(10L)
- val securityKeys = Some(mock<SecurityKeys>())
+ val securityKeys = mock<SecurityKeysPaths>()
+ val immutableSecurityKeys = mock<SecurityKeys>()
+ whenever(securityKeys.asImmutableSecurityKeys()).thenReturn(immutableSecurityKeys)
val config = PartialConfiguration(
Some(PartialServerConfig(
Some(Duration.ofSeconds(3))
)),
Some(PartialSecurityConfig(
- securityKeys
+ Some(securityKeys)
)),
Some(PartialCollectorConfig(
someFromEmptyRouting
assertThat(it.server.idleTimeout)
.isEqualTo(idleTimeoutSec)
- assertThat(it.security.keys)
- .isEqualTo(securityKeys)
+ verify(securityKeys).asImmutableSecurityKeys()
+ assertThat(it.security.keys
+ .getOrElse { fail("Should be immutableSecurityKeys") })
+ .isEqualTo(immutableSecurityKeys)
assertThat(it.cbs.firstRequestDelay)
.isEqualTo(firstReqDelaySec)
describe("validating configuration with security disabled") {
val idleTimeoutSec = Duration.ofSeconds(10)
val firstReqDelaySec = Duration.ofSeconds(10)
- val securityKeys: Option<SecurityKeys> = None
+ val missingSecurityKeys: Option<SecurityKeysPaths> = None
val config = PartialConfiguration(
Some(PartialServerConfig(
Some(Duration.ofSeconds(3))
)),
Some(PartialSecurityConfig(
- securityKeys
+ missingSecurityKeys
)),
Some(PartialCollectorConfig(
someFromEmptyRouting
.isEqualTo(idleTimeoutSec)
assertThat(it.security.keys)
- .isEqualTo(securityKeys)
+ .isEqualTo(missingSecurityKeys)
assertThat(it.cbs.firstRequestDelay)
.isEqualTo(firstReqDelaySec)
--- /dev/null
+/*
+ * ============LICENSE_START=======================================================
+ * dcaegen2-collectors-veshv
+ * ================================================================================
+ * Copyright (C) 2019 NOKIA
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dcae.collectors.veshv.ssl.boundary
+
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeys
+import org.onap.dcaegen2.services.sdk.security.ssl.ImmutableSecurityKeysStore
+import org.onap.dcaegen2.services.sdk.security.ssl.Passwords
+import org.onap.dcaegen2.services.sdk.security.ssl.SecurityKeys
+import java.nio.file.Path
+
+data class SecurityKeysPaths(
+ val keyStore: Path,
+ val keyStorePassword: String,
+ val trustStore: Path,
+ val trustStorePassword: String
+) {
+ fun asImmutableSecurityKeys(): SecurityKeys = ImmutableSecurityKeys.builder()
+ .keyStore(ImmutableSecurityKeysStore.of(keyStore))
+ .keyStorePassword(Passwords.fromString(keyStorePassword))
+ .trustStore(ImmutableSecurityKeysStore.of(trustStore))
+ .trustStorePassword(Passwords.fromString(trustStorePassword))
+ .build()
+
+ override fun toString(): String {
+ return "SecurityKeysPaths(keyStore='$keyStore', " +
+ "keyStorePassword=<password>, " +
+ "trustStore='$trustStore', " +
+ "trustStorePassword=<password>)"
+ }
+
+}