From: Piotr Jaszczyk Date: Tue, 29 May 2018 11:35:11 +0000 (+0200) Subject: Use SSL for encrypting the connection X-Git-Tag: 1.0.0~108 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=a4becf29f32de7467793867c3be1d5ab5876477e;p=dcaegen2%2Fcollectors%2Fhv-ves.git Use SSL for encrypting the connection Netty's OpenSSL bindings are used Closes ONAP-179 Change-Id: I8249fbaaed1dd869b733db04a27cebf53962c80c Issue-ID: DCAEGEN2-601 Signed-off-by: Piotr Jaszczyk --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 796bc236..c1e55541 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,4 +13,4 @@ build: - hv-collector-core/target/reports - hv-collector-main/target/reports - hv-collector-utils/target/reports - \ No newline at end of file + diff --git a/hv-collector-core/pom.xml b/hv-collector-core/pom.xml index ed501a44..6509e899 100644 --- a/hv-collector-core/pom.xml +++ b/hv-collector-core/pom.xml @@ -93,6 +93,12 @@ io.projectreactor.kafka reactor-kafka + + io.netty + netty-tcnative-boringssl-static + runtime + ${os.detected.classifier} + javax.json javax.json-api diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/boundary/adapters.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/boundary/adapters.kt index d4de1b5b..2cda86e9 100644 --- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/boundary/adapters.kt +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/boundary/adapters.kt @@ -22,7 +22,6 @@ package org.onap.dcae.collectors.veshv.boundary import org.onap.dcae.collectors.veshv.domain.CollectorConfiguration import org.onap.dcae.collectors.veshv.domain.RoutedMessage import org.onap.dcae.collectors.veshv.domain.VesMessage -import org.onap.ves.VesEventV5.VesEvent.CommonEventHeader import reactor.core.publisher.Flux interface Sink { diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/SecurityConfiguration.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/SecurityConfiguration.kt new file mode 100644 index 00000000..ea430c2c --- /dev/null +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/SecurityConfiguration.kt @@ -0,0 +1,31 @@ +/* + * ============LICENSE_START======================================================= + * dcaegen2-collectors-veshv + * ================================================================================ + * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dcae.collectors.veshv.domain + +import java.nio.file.Path + +/** + * @author Piotr Jaszczyk + * @since May 2018 + */ +data class SecurityConfiguration( + val privateKey: Path, + val cert: Path, + val trustedCert: Path) diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/ServerConfiguration.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/ServerConfiguration.kt index cf484d7c..b58dffbf 100644 --- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/ServerConfiguration.kt +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/domain/ServerConfiguration.kt @@ -23,4 +23,7 @@ package org.onap.dcae.collectors.veshv.domain * @author Piotr Jaszczyk * @since May 2018 */ -data class ServerConfiguration( val configurationUrl: String, val port: Int) +data class ServerConfiguration( + val port: Int, + val configurationUrl: String, + val securityConfiguration: SecurityConfiguration) diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/factory/ServerFactory.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/factory/ServerFactory.kt index 5e60fa56..ca81d69d 100644 --- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/factory/ServerFactory.kt +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/factory/ServerFactory.kt @@ -22,12 +22,14 @@ package org.onap.dcae.collectors.veshv.factory import org.onap.dcae.collectors.veshv.boundary.CollectorProvider import org.onap.dcae.collectors.veshv.boundary.Server import org.onap.dcae.collectors.veshv.domain.ServerConfiguration -import org.onap.dcae.collectors.veshv.impl.NettyTcpServer +import org.onap.dcae.collectors.veshv.impl.socket.NettyTcpServer +import org.onap.dcae.collectors.veshv.impl.socket.SslContextFactory /** * @author Piotr Jaszczyk * @since May 2018 */ object ServerFactory { - val createNettyTcpServer: (ServerConfiguration, CollectorProvider) -> Server = ::NettyTcpServer + fun createNettyTcpServer(serverConfiguration: ServerConfiguration, collectorProvider: CollectorProvider): Server = + NettyTcpServer(serverConfiguration, SslContextFactory(), collectorProvider) } diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/NettyTcpServer.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt similarity index 78% rename from hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/NettyTcpServer.kt rename to hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt index ca77df2a..34aa2e8f 100644 --- a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/NettyTcpServer.kt +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/NettyTcpServer.kt @@ -17,7 +17,7 @@ * limitations under the License. * ============LICENSE_END========================================================= */ -package org.onap.dcae.collectors.veshv.impl +package org.onap.dcae.collectors.veshv.impl.socket import org.onap.dcae.collectors.veshv.boundary.CollectorProvider import org.onap.dcae.collectors.veshv.boundary.Server @@ -27,6 +27,7 @@ import org.reactivestreams.Publisher import reactor.core.publisher.Mono import reactor.ipc.netty.NettyInbound import reactor.ipc.netty.NettyOutbound +import reactor.ipc.netty.options.ServerOptions import reactor.ipc.netty.tcp.TcpServer import java.util.function.BiFunction @@ -34,13 +35,16 @@ import java.util.function.BiFunction * @author Piotr Jaszczyk * @since May 2018 */ -internal class NettyTcpServer(val serverConfig: ServerConfiguration, - val collectorProvider: CollectorProvider) : Server { +internal class NettyTcpServer(private val serverConfig: ServerConfiguration, + private val sslContextFactory: SslContextFactory, + private val collectorProvider: CollectorProvider) : Server { override fun start(): Mono { logger.info { "Listening on port ${serverConfig.port}" } return Mono.defer { - val nettyContext = TcpServer.create(serverConfig.port) + val nettyContext = TcpServer.builder() + .options(this::configureServer) + .build() .start(BiFunction> { t, u -> handleConnection(t, u) }) @@ -48,6 +52,11 @@ internal class NettyTcpServer(val serverConfig: ServerConfiguration, } } + private fun configureServer(opts: ServerOptions.Builder<*>) { + opts.port(serverConfig.port) + opts.sslContext(sslContextFactory.createSslContext(serverConfig.securityConfiguration)) + } + private fun handleConnection(nettyInbound: NettyInbound, nettyOutbound: NettyOutbound): Mono { logger.debug("Got connection") val pipe = collectorProvider().handleConnection(nettyInbound.receive()) diff --git a/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt new file mode 100644 index 00000000..e94965cd --- /dev/null +++ b/hv-collector-core/src/main/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactory.kt @@ -0,0 +1,40 @@ +/* + * ============LICENSE_START======================================================= + * dcaegen2-collectors-veshv + * ================================================================================ + * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dcae.collectors.veshv.impl.socket + +import io.netty.handler.ssl.ClientAuth +import io.netty.handler.ssl.SslContext +import io.netty.handler.ssl.SslContextBuilder +import io.netty.handler.ssl.SslProvider +import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration + + +internal open class SslContextFactory { + fun createSslContext(secConfig: SecurityConfiguration): SslContext = + createSslContextWithConfiguredCerts(secConfig) + .sslProvider(SslProvider.OPENSSL) + .clientAuth(ClientAuth.REQUIRE) + .build() + + protected open fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder = + SslContextBuilder.forServer(secConfig.cert.toFile(), secConfig.privateKey.toFile()) + .trustManager(secConfig.trustedCert.toFile()) + +} diff --git a/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt b/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt new file mode 100644 index 00000000..2b72620b --- /dev/null +++ b/hv-collector-core/src/test/kotlin/org/onap/dcae/collectors/veshv/impl/socket/SslContextFactoryTest.kt @@ -0,0 +1,79 @@ +/* + * ============LICENSE_START======================================================= + * dcaegen2-collectors-veshv + * ================================================================================ + * Copyright (C) 2018 NOKIA Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.dcae.collectors.veshv.impl.socket + +import io.netty.handler.ssl.ClientAuth +import io.netty.handler.ssl.OpenSslServerContext +import io.netty.handler.ssl.ReferenceCountedOpenSslContext +import io.netty.handler.ssl.SslContextBuilder +import org.assertj.core.api.Assertions.assertThat +import org.jetbrains.spek.api.Spek +import org.jetbrains.spek.api.dsl.describe +import org.jetbrains.spek.api.dsl.it +import org.jetbrains.spek.api.dsl.xit +import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration +import java.nio.file.Paths + +/** + * @author Piotr Jaszczyk + * @since June 2018 + */ +object SslContextFactoryTest : Spek({ + describe("SslContextFactory") { + val sampleConfig = SecurityConfiguration( + privateKey = Paths.get("/", "tmp", "pk.pem"), + cert = Paths.get("/", "tmp", "cert.crt"), + trustedCert = Paths.get("/", "tmp", "clientCa.crt")) + + val cut = object : SslContextFactory() { + var actualConfig: SecurityConfiguration? = null + override fun createSslContextWithConfiguredCerts(secConfig: SecurityConfiguration): SslContextBuilder { + actualConfig = secConfig + return SslContextBuilder.forServer(resource("/ssl/ca.crt"), resource("/ssl/server.key")) + } + + private fun resource(path: String) = SslContextFactoryTest.javaClass.getResourceAsStream(path) + } + + val result = cut.createSslContext(sampleConfig) + + it("should be server context") { + assertThat(result.isServer).isTrue() + } + + it("should use OpenSSL provider") { + assertThat(result).isInstanceOf(OpenSslServerContext::class.java) + } + + /* + * It is too important to leave it untested on unit level. + * Because of the Netty API design we need to do it this way. + */ + it("should turn on client authentication") { + val clientAuth: ClientAuth = ReferenceCountedOpenSslContext::class.java + .getDeclaredField("clientAuth") + .run { + isAccessible = true + get(result) as ClientAuth + } + assertThat(clientAuth).isEqualTo(ClientAuth.REQUIRE) + } + } +}) diff --git a/hv-collector-core/src/test/resources/ssl/ca.crt b/hv-collector-core/src/test/resources/ssl/ca.crt new file mode 100644 index 00000000..29057f26 --- /dev/null +++ b/hv-collector-core/src/test/resources/ssl/ca.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIJANad+zi5MeDSMA0GCSqGSIb3DQEBCwUAMEsxCzAJBgNV +BAYTAlBMMQswCQYDVQQIDAJETDEQMA4GA1UEBwwHV3JvY2xhdzEOMAwGA1UECgwF +Tm9raWExDTALBgNVBAsMBE1BTk8wHhcNMTgwNjAxMTMwOTE2WhcNMTkwNjAxMTMw +OTE2WjBLMQswCQYDVQQGEwJQTDELMAkGA1UECAwCREwxEDAOBgNVBAcMB1dyb2Ns +YXcxDjAMBgNVBAoMBU5va2lhMQ0wCwYDVQQLDARNQU5PMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEArqcdlj5G4OTByGfZQ+vvdFX2ZPGKKUmUV6JYjbQH +v9C131WD2GFpbE9fAXG+R0n9c+0mbqUj3rnHzB6g5zUJBCJZXk4mM9KTq5iUfFU1 +uSQGWVCkgqmWijCROR2Eqm+v/vaSCqj77EuDEqmLe8EkFOaOKGMMdlJYYfPAyExu +k1qfmeXGzD0c/YR6ks72GW2q2xWDujvddOuxAC7CYa1iLTYSh39KLfDuoOvktqI0 +syCTyPExvmltJsb9N3AN78g+TObfAWGnkpD+QHlB1X52DU0S05+8OUkhV43aX1cd +8cIQrCvJUL/FPKe3AKgyEbLjbhkQhGQhOyjM1ptKuMucSwIDAQABo1MwUTAdBgNV +HQ4EFgQUBtX8BzxCxBS7ZTTL0pe8XcSp+McwHwYDVR0jBBgwFoAUBtX8BzxCxBS7 +ZTTL0pe8XcSp+McwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA +niw6/qRG5ULJ6OTUd4kvw4i42EV3aV9ypd+EIzv3IuqNZBu4vqYoUSRoc1n6YwPZ +YcDq0xrVi5uw8zRR8M4/GhhT4jGLxjPHD1Jby7IyuPzByBsMJUNfdjYHjebEC820 +WJ8nbHaGm3cJVB4zMlJd5gA5+R8vp4OQmQsULxoWhDn09X4IXb/izOSK5YClf/XB +W2mQyYeAb+2H7q9fT5VVJved6h2BZsmq+SQSKlXnBMIvEjpgh7RLUuuANMgival6 +NlSezPQD9iuyj9g2Xz3z8ggRGahYPSKAb6+fg3TGg/Vokd4GYEMflfC2tw+eM07n +oTa03o8tD9V4paP/vx7cUg== +-----END CERTIFICATE----- diff --git a/hv-collector-core/src/test/resources/ssl/server.crt b/hv-collector-core/src/test/resources/ssl/server.crt new file mode 100644 index 00000000..0af22e29 --- /dev/null +++ b/hv-collector-core/src/test/resources/ssl/server.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEjCCAfoCCQDSzpBZljMk+jANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJQ +TDELMAkGA1UECAwCREwxEDAOBgNVBAcMB1dyb2NsYXcxDjAMBgNVBAoMBU5va2lh +MQ0wCwYDVQQLDARNQU5PMB4XDTE4MDYwMTEzMDkxNloXDTE5MDUyNzEzMDkxNlow +SzELMAkGA1UEBhMCUEwxCzAJBgNVBAgMAkRMMRAwDgYDVQQHDAdXcm9jbGF3MQ4w +DAYDVQQKDAVOb2tpYTENMAsGA1UECwwETUFOTzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOdOjGM8+5+ArMawknY+QPTO4Q//QuRi46OxkU28DshayG1o +pyCoKD6zYB4Q7cgSY8xrwX7Ct6QINaGefSddKdDJl4zzjiVCUK7vaKxaOK2hOl7k +Iq7HuvAG6TaO7CaeBFafGNxpocgC2WkoZCIqQ32gXHjU5mpTrzwtUyX91Xc43puP +nHGBz6XDVlV52DvJQ1v9xed4bM70DgSg3FcD77mcPDbr98UvPa477RKeAz8eAc+J +jxMg8uNGYX0sthGEcOiOf1Dz8UeMU1M2Qw6MGDqrW+RMaM9K8/mlbQ/SFqoPg4MD +q3zbQie0IzfanQuygz9Zy7dDAVgzmjrX8/tf+nMCAwEAATANBgkqhkiG9w0BAQsF +AAOCAQEALPII5UXwBSNGcVa14t3NUUb0jtXdtmKr6sRMqFdR81tREcJHGnMauxO9 +IuECQuDkIRkv2XR+Swn2vZdOkYtHSAHSRLxPUhwjYKFC7uTd6T1ljTiYJ/NtGCV3 +75n0qh2aneCXr9KVExK6KzYVFJKMKmbEJludaQrM/Z+kDXGwwUMcyb8LLO+avgek +ke1796f0MJ56csHejT9V69/6zc07T/zn0gVcR42AnMr/MzhAkiqUOhy0Cxzek0Xv +72/1PKaf2r9F+WtjQuPRd6LJrM7yTnkzLz7xK+yX17mycIN4KsVf8zhrsCgVJZGL +kLkC4O9faHnrtj0qqV+BPhyF1Ii95w== +-----END CERTIFICATE----- diff --git a/hv-collector-core/src/test/resources/ssl/server.key b/hv-collector-core/src/test/resources/ssl/server.key new file mode 100644 index 00000000..033c99af --- /dev/null +++ b/hv-collector-core/src/test/resources/ssl/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDnToxjPPufgKzG +sJJ2PkD0zuEP/0LkYuOjsZFNvA7IWshtaKcgqCg+s2AeEO3IEmPMa8F+wrekCDWh +nn0nXSnQyZeM844lQlCu72isWjitoTpe5CKux7rwBuk2juwmngRWnxjcaaHIAtlp +KGQiKkN9oFx41OZqU688LVMl/dV3ON6bj5xxgc+lw1ZVedg7yUNb/cXneGzO9A4E +oNxXA++5nDw26/fFLz2uO+0SngM/HgHPiY8TIPLjRmF9LLYRhHDojn9Q8/FHjFNT +NkMOjBg6q1vkTGjPSvP5pW0P0haqD4ODA6t820IntCM32p0LsoM/Wcu3QwFYM5o6 +1/P7X/pzAgMBAAECggEAYBIL1Rv7FqCHIm8sJdhtekCC0fYffmRkUBTsWPEG4shx +/p886x9st74g6dv2JuccdEc9Mr0FMSgHvnzpVnQnbgSM4Yo3O9pzUHU3cH54lAUn +DUqL7TQfvJniOzrZcqCnBKNH3CQzgbNNQZP5IweSyJbWUYl7uiXP3pqksl7fToiS +JBSKzKphwtHRUHS3RCwN118N5RyZH+0LZi0EAOjxi1BVqmKQos0Zr8Gnl/7nHF+g +oRG4vgDZUopNEGX5AELvMBq/hbSrfGT1z+wJkOtoRdinRMGFKO528vCqhEr629Sh +FFUOv3xL7HUEEnDu97I0TxK1o6C5fG/QbeP9viiJIQKBgQD2upLpuyP6iTCdAl/S +lLmQxwEUyD3vhF4oG+B0jKyNkzO7QzM695HH/bXV9GnRH+9HPgxLqtozVpztsuu2 +MXrac2tmJR9OiSchJwgDRvhSUyezEULFAzsIaSeGK16wrcT6xqwVeKumsKp1dW7I +n0w5NxC/N2U87ffjmyOwldOAHwKBgQDv/58mMUutViwicw8ddRJP38QZs804vm7R +YFb5sqt6L7hcSQCszVXdjHP2v/GeK+jl0vZrGS932kY3T2+FhA8ClbKByVdaFzXj +PSEuY/Ow+ebGrlBPBH6sPN4Uvc00MEk1eZXRL8IaT32xJnq2vF4M7SvGNFeH39tc +qOq9VqrrLQKBgQCRzdYN6/qqDrK8xm9sGVnD9eZsqpz3U2j1GOw+0/cQvyG+E0tO +GIl8/zCa3JI/9DhKCJ/pg3DpD9EzIx3qkDkCqVyZg2yJ08Fc9RzmGuWaeOuoBZZI +qM0U/ldOEYkmrboPXKLLGYGOwy4otZofUwwPb7wk1A6uwA5S4hZoP1I6jwKBgQCS +yfH5ViVHO3F7EIyqI7SzjdVPMx3OGwuEnDwWNSWUciN8rlnvVxexjfpPbU7Gw2yL +RODa2GikEajoo3k+XGsh1ZV8tDztKU0YU4c77H5cPDzeQDd2XPVtOz1Jylz8Epx0 +TI1JiMBbf0sNUs+zfLq5hUZE0DbJMC3nGpmYfK3FcQKBgQCFlXdwWzhu33HHa+wc +X7JT0m8W81ex08ndNOCgdYqgOxmZ+VhK8WN91sj3N0X9nMsfSJ9WTRib+FVa8D4M +e7hOddjrKxNcqAhjbnxeCHLExq9kYdjeXa0dS9ywP89nMlGm7qja7+9DSBPisRPe +lcaTvr7E/zSTHK5WDBCzOsV3lQ== +-----END PRIVATE KEY----- diff --git a/hv-collector-main/Dockerfile b/hv-collector-main/Dockerfile index 84ffb437..749edb85 100644 --- a/hv-collector-main/Dockerfile +++ b/hv-collector-main/Dockerfile @@ -5,11 +5,12 @@ LABEL license.name="The Apache Software License, Version 2.0" LABEL license.url="http://www.apache.org/licenses/LICENSE-2.0" LABEL maintainer="Nokia Wroclaw ONAP Team" -EXPOSE 8081 +EXPOSE 6061 WORKDIR /opt/ves-hv-collector +VOLUME /etc/ves-hv/ ENTRYPOINT ["java", "-cp", "*:", "org.onap.dcae.collectors.veshv.main.MainKt"] -CMD ["--listen-port", "8081", "--config-url", ""] +CMD ["--listen-port", "6061"] COPY target/libs/external/* ./ COPY target/libs/internal/* ./ COPY target/hv-collector-main-*.jar ./ \ No newline at end of file diff --git a/hv-collector-main/pom.xml b/hv-collector-main/pom.xml index 80d72331..58fc5d7d 100644 --- a/hv-collector-main/pom.xml +++ b/hv-collector-main/pom.xml @@ -19,8 +19,8 @@ ~ ============LICENSE_END========================================================= --> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 @@ -55,43 +55,60 @@ maven-surefire-plugin org.apache.maven.plugins - - org.apache.maven.plugins - maven-dependency-plugin - - - copy-internal-deps - package - - copy-dependencies - - - ${project.build.directory}/libs/internal - ${project.parent.groupId} - runtime - - - - copy-external-deps - package - - copy-dependencies - - - ${project.build.directory}/libs/external - ${project.parent.groupId} - runtime - - - - - - io.fabric8 - docker-maven-plugin - + + + docker + + + !skipDocker + + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + copy-internal-deps + package + + copy-dependencies + + + ${project.build.directory}/libs/internal + ${project.parent.groupId} + runtime + + + + copy-external-deps + package + + copy-dependencies + + + ${project.build.directory}/libs/external + ${project.parent.groupId} + runtime + + + + + + + + + + ${project.parent.groupId} @@ -111,6 +128,12 @@ commons-cli commons-cli + + io.netty + netty-tcnative-boringssl-static + runtime + ${os.detected.classifier} + org.assertj @@ -128,6 +151,14 @@ org.jetbrains.spek spek-junit-platform-engine + + com.nhaarman + mockito-kotlin + + + org.mockito + mockito-core + diff --git a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt index 4e614cdb..5689a3e6 100644 --- a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt +++ b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfiguration.kt @@ -20,54 +20,55 @@ package org.onap.dcae.collectors.veshv.main import org.apache.commons.cli.* +import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration import org.onap.dcae.collectors.veshv.domain.ServerConfiguration +import java.io.File +import java.nio.file.Paths internal object DefaultValues { - const val PORT = 8600 + const val PORT = 6061 const val CONFIG_URL = "" + const val PRIVATE_KEY_FILE = "/etc/ves-hv/server.key" + const val CERT_FILE = "/etc/ves-hv/server.crt" + const val TRUST_CERT_FILE = "/etc/ves-hv/trust.crt" } -internal object ArgBasedServerConfiguration { - private val OPT_PORT = Option.builder("p") - .longOpt("listen-port") - .hasArg() - .desc("Listen port") - .build() - - private val OPT_CONFIG_URL = Option.builder("c") - .longOpt("config-url") - .optionalArg(true) - .hasArg() - .desc("Url of ves configuration on consul") - .build() - - private val options by lazy { - val options = Options() - options.addOption(OPT_PORT) - options.addOption(OPT_CONFIG_URL) - options - } +internal class ArgBasedServerConfiguration { fun parse(args: Array): ServerConfiguration { val parser = DefaultParser() try { - parser.parse(options, args).run { - return ServerConfiguration( - stringValue(OPT_CONFIG_URL, DefaultValues.CONFIG_URL), - intValue(OPT_PORT, DefaultValues.PORT)) - } + val cmdLine = parser.parse(options, args) + val port = cmdLine.intValue(OPT_PORT, DefaultValues.PORT) + val configUrl = cmdLine.stringValue(OPT_CONFIG_URL, DefaultValues.CONFIG_URL) + val secConf = createSecurityConfiguration(cmdLine) + return ServerConfiguration(port, configUrl, secConf) } catch (ex: Exception) { throw WrongArgumentException(ex) } } + private fun createSecurityConfiguration(cmdLine: CommandLine): SecurityConfiguration { + + val pkFile = cmdLine.stringValue(OPT_PK_FILE, DefaultValues.PRIVATE_KEY_FILE) + val certFile = cmdLine.stringValue(OPT_CERT_FILE, DefaultValues.CERT_FILE) + val trustCertFile = cmdLine.stringValue(OPT_TRUST_CERT_FILE, DefaultValues.TRUST_CERT_FILE) + + return SecurityConfiguration( + privateKey = stringPathToPath(pkFile), + cert = stringPathToPath(certFile), + trustedCert = stringPathToPath(trustCertFile) + ) + } + private fun CommandLine.intValue(option: Option, default: Int) = getOptionValue(option.opt)?.toInt() ?: default private fun CommandLine.stringValue(option: Option, default: String) = getOptionValue(option.opt) ?: default + private fun stringPathToPath(path: String) = Paths.get(File(path).toURI()) class WrongArgumentException(parent: Exception) : Exception(parent.message, parent) { fun printMessage() { @@ -79,4 +80,46 @@ internal object ArgBasedServerConfiguration { formatter.printHelp(programName, options) } } + + companion object { + private val OPT_PORT = Option.builder("p") + .longOpt("listen-port") + .hasArg() + .desc("Listen port") + .build() + + private val OPT_CONFIG_URL = Option.builder("c") + .longOpt("config-url") + .hasArg() + .desc("URL of ves configuration on consul") + .build() + + private val OPT_PK_FILE = Option.builder("k") + .longOpt("private-key-file") + .hasArg() + .desc("File with private key in PEM format") + .build() + + private val OPT_CERT_FILE = Option.builder("e") + .longOpt("cert-file") + .hasArg() + .desc("File with server certificate bundle") + .build() + + private val OPT_TRUST_CERT_FILE = Option.builder("t") + .longOpt("trust-cert-file") + .hasArg() + .desc("File with trusted certificate bundle for authenticating clients") + .build() + + private val options by lazy { + val options = Options() + options.addOption(OPT_PORT) + options.addOption(OPT_CONFIG_URL) + options.addOption(OPT_PK_FILE) + options.addOption(OPT_CERT_FILE) + options.addOption(OPT_TRUST_CERT_FILE) + options + } + } } diff --git a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt index d81a063d..3685250a 100644 --- a/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt +++ b/hv-collector-main/src/main/kotlin/org/onap/dcae/collectors/veshv/main/main.kt @@ -35,7 +35,7 @@ private val logger = LoggerFactory.getLogger("main") fun main(args: Array) { try { - val serverConfiguration = ArgBasedServerConfiguration.parse(args) + val serverConfiguration = ArgBasedServerConfiguration().parse(args) val collectorProvider = CollectorFactory( resolveConfigurationProvider(serverConfiguration), diff --git a/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfigurationTest.kt b/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfigurationTest.kt index 0d2188ca..6eec5777 100644 --- a/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfigurationTest.kt +++ b/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/ArgBasedServerConfigurationTest.kt @@ -23,31 +23,60 @@ import org.assertj.core.api.Assertions.assertThat import org.jetbrains.spek.api.Spek import org.jetbrains.spek.api.dsl.given import org.jetbrains.spek.api.dsl.it +import org.onap.dcae.collectors.veshv.domain.SecurityConfiguration +import org.onap.dcae.collectors.veshv.domain.ServerConfiguration +import java.nio.file.Paths /** * @author Piotr Jaszczyk * @since May 2018 */ object ArgBasedServerConfigurationTest : Spek({ - val cut = ArgBasedServerConfiguration + lateinit var cut: ArgBasedServerConfiguration val configurationUrl = "http://test-address/test" + val pk = Paths.get("/", "etc", "ves", "pk.pem") + val cert = Paths.get("/", "etc", "ssl", "certs", "ca-bundle.crt") + val trustCert = Paths.get("/", "etc", "ves", "trusted.crt") + + beforeEachTest { + cut = ArgBasedServerConfiguration() + } fun parse(vararg cmdLine: String) = cut.parse(cmdLine) given("all parameters are present in the long form") { - val result = parse("--listen-port", "6969", "--config-url", configurationUrl) + lateinit var result: ServerConfiguration + + beforeEachTest { + result = parse("--listen-port", "6969", + "--config-url", configurationUrl, + "--private-key-file", pk.toFile().absolutePath, + "--cert-file", cert.toFile().absolutePath, + "--trust-cert-file", trustCert.toFile().absolutePath) + } it("should set proper port") { assertThat(result.port).isEqualTo(6969) } + it("should set proper config url") { assertThat(result.configurationUrl).isEqualTo(configurationUrl) } + + it("should set proper security configuration") { + assertThat(result.securityConfiguration).isEqualTo( + SecurityConfiguration(pk, cert, trustCert) + ) + } } - given("all parameters are present in the short form") { - val result = parse("-p", "666", "-c", configurationUrl) + given("some parameters are present in the short form") { + lateinit var result: ServerConfiguration + + beforeEachTest { + result = parse("-p", "666", "-c", configurationUrl) + } it("should set proper port") { assertThat(result.port).isEqualTo(666) @@ -59,7 +88,11 @@ object ArgBasedServerConfigurationTest : Spek({ } given("all optional parameters are absent") { - val result = parse() + lateinit var result: ServerConfiguration + + beforeEachTest { + result = parse() + } it("should set default port") { assertThat(result.port).isEqualTo(DefaultValues.PORT) @@ -69,4 +102,4 @@ object ArgBasedServerConfigurationTest : Spek({ assertThat(result.configurationUrl).isEqualTo(DefaultValues.CONFIG_URL) } } -}) \ No newline at end of file +}) diff --git a/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/NioBuffersTest.kt b/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/NioBuffersTest.kt index b46d5a28..42bf363c 100644 --- a/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/NioBuffersTest.kt +++ b/hv-collector-main/src/test/kotlin/org/onap/dcae/collectors/veshv/main/NioBuffersTest.kt @@ -22,13 +22,14 @@ package org.onap.dcae.collectors.veshv.main import org.jetbrains.spek.api.Spek import org.jetbrains.spek.api.dsl.describe import org.jetbrains.spek.api.dsl.it +import org.jetbrains.spek.api.dsl.xdescribe import java.nio.ByteBuffer -fun Int.toKibibytes(): Int = this * 1024 -fun Int.toMebibytes(): Int = this * 1024 * 1024 +object NioBuffersTest : Spek({ + fun Int.toKibibytes(): Int = this * 1024 + fun Int.toMebibytes(): Int = this * 1024 * 1024 -object NioBuffersTest : Spek({ val BUFFER_SIZES = listOf(128.toKibibytes(), 512.toKibibytes(), 1.toMebibytes(), 2.toMebibytes()) val NUMBER_OF_ITERATIONS = 100 @@ -53,7 +54,7 @@ object NioBuffersTest : Spek({ for (singleBufferSize in BUFFER_SIZES) { - describe("$singleBufferSize bytes buffers") { + xdescribe("$singleBufferSize bytes buffers") { describe("direct buffers") { val bb1 = ByteBuffer.allocateDirect(singleBufferSize) diff --git a/pom.xml b/pom.xml index e02b1b53..019202f4 100644 --- a/pom.xml +++ b/pom.xml @@ -19,483 +19,518 @@ ~ ============LICENSE_END========================================================= --> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - 4.0.0 + 4.0.0 - - - The Apache Software License, Version 2.0 - http://www.apache.org/licenses/LICENSE-2.0.txt - - + + + The Apache Software License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + + - org.onap.dcaegen2.collectors.veshv - ves-hv-collector - 1.0.0-SNAPSHOT - dcaegen2-collectors-veshv - VES HighVolume Collector - pom + org.onap.dcaegen2.collectors.veshv + ves-hv-collector + 1.0.0-SNAPSHOT + dcaegen2-collectors-veshv + VES HighVolume Collector + pom - - hv-collector-core - hv-collector-main - hv-collector-ct - protobuf - hv-collector-utils - hv-collector-coverage - hv-collector-analysis - hv-collector-client-simulator - + + hv-collector-core + hv-collector-main + hv-collector-ct + protobuf + hv-collector-utils + hv-collector-coverage + hv-collector-analysis + hv-collector-client-simulator + - - 1.2.41 - 3.5.1 - 3.5.1.1 - ${project.build.directory}/generated-sources/proto/main/java/ - - 3.7.0 - 1.7 + + 1.2.41 + 3.7.0 + 1.7 - 1.2.0-RC1 - 5.2.0-RC1 - 1.1.5 - 2.21.0 + + 3.5.1 + 3.5.1.1 + ${project.build.directory}/generated-sources/proto/main/java/ + - true - false - true + + 1.2.0-RC1 + 5.2.0-RC1 + 1.1.5 + 2.21.0 + true + false + true - true - ves-hv-collector/${project.artifactId} - onap - + + true + ves-hv-collector/${project.artifactId} + onap + - - ${project.basedir}/src/main/kotlin - ${project.basedir}/src/test/kotlin - - - ${project.basedir}/src/main/resources - - - - - - org.apache.maven.plugins - maven-resources-plugin - 3.1.0 - - UTF-8 - - - - kotlin-maven-plugin - org.jetbrains.kotlin - ${kotlin.version} - - 1.8 - - - - compile - - compile - - - - ${project.build.sourceDirectory} - ${project.build.directory}/generated-sources/annotations - - - - - test-compile - - test-compile - - - - ${project.build.testSourceDirectory} - - - - - - - com.github.os72 - protoc-jar-maven-plugin - ${protoc-jar-maven-plugin.version} - - - org.codehaus.mojo - build-helper-maven-plugin - ${build-helper-maven-plugin.version} - - - add-source - generate-sources - - add-source - - - - ${protobuf-generated-files.directory} - - - - - - - org.apache.maven.plugins - maven-compiler-plugin - ${maven-compiler-plugin.version} - - 8 - 8 - UTF-8 - true - true - false - - - - org.ow2.asm - asm - 6.1.1 - - - - - - maven-surefire-plugin - org.apache.maven.plugins - ${maven-surefire-plugin.version} - - - default-test - - test - - - ${failIfMissingUnitTests} - 1 - - **/*Test.* - - - - - - component-tests - verify - - test - - - ${failIfMissingComponentTests} - 1 - - **/*Specification.* - - - - - - - org.apache.commons - commons-lang3 - 3.7 - - - org.junit.platform - junit-platform-surefire-provider - ${junit-platform.version} - runtime - - - org.jetbrains.spek - spek-junit-platform-engine - ${spek.version} - runtime - - - - - org.apache.maven.plugins - maven-dependency-plugin - 3.1.1 - - - io.fabric8 - docker-maven-plugin - 0.26.0 - - - build-docker-image - pre-integration-test - - build - - - - - ${skipDocker} - true - IfNotPresent - - - ${project.artifactId} - ${docker-image.namespace}/${docker-image.name} - - ${project.basedir} - - ${project.version} - - - - - - - - - + + ${project.basedir}/src/main/kotlin + ${project.basedir}/src/test/kotlin + + + ${project.basedir}/src/main/resources + + + + + + org.apache.maven.plugins + maven-resources-plugin + 3.1.0 + + UTF-8 + + + + kotlin-maven-plugin + org.jetbrains.kotlin + ${kotlin.version} + + 1.8 + + + + compile + + compile + + + + ${project.build.sourceDirectory} + ${project.build.directory}/generated-sources/annotations + + + + + test-compile + + test-compile + + + + ${project.build.testSourceDirectory} + + + + + + + com.github.os72 + protoc-jar-maven-plugin + ${protoc-jar-maven-plugin.version} + + + org.codehaus.mojo + build-helper-maven-plugin + ${build-helper-maven-plugin.version} + + + add-source + generate-sources + + add-source + + + + ${protobuf-generated-files.directory} + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + ${maven-compiler-plugin.version} + + 8 + 8 + UTF-8 + true + true + false + + + + org.ow2.asm + asm + 6.1.1 + + + + + + maven-surefire-plugin + org.apache.maven.plugins + ${maven-surefire-plugin.version} + + + default-test + + test + + + ${failIfMissingUnitTests} + 1 + + **/*Test.* + + + + + + component-tests + verify + + test + + + ${failIfMissingComponentTests} + 1 + + **/*Specification.* + + + + + + + org.apache.commons + commons-lang3 + 3.7 + + + org.junit.platform + junit-platform-surefire-provider + ${junit-platform.version} + runtime + + + org.jetbrains.spek + spek-junit-platform-engine + ${spek.version} + runtime + + + + + org.apache.maven.plugins + maven-dependency-plugin + 3.1.1 + + + + + + kr.motd.maven + os-maven-plugin + 1.6.0 + + + - - - analysis - + + + analysis + true - - - org.jacoco - jacoco-maven-plugin - 0.8.1 - - - default-prepare-agent - - prepare-agent - - - - default-prepare-agent-integration - - prepare-agent-integration - - - - + + + org.jacoco + jacoco-maven-plugin + 0.8.1 + + + default-prepare-agent + + prepare-agent + + + + default-prepare-agent-integration + + prepare-agent-integration + + + + - - org.apache.maven.plugins - maven-antrun-plugin - 1.8 - - - - detekt - verify - - - - - - - - - - - - - - - - - - - - run - - - - - - io.gitlab.arturbosch.detekt - detekt-cli - 1.0.0.RC7 - - - ${project.groupId} - hv-collector-analysis - ${project.version} - - - - - - - + + org.apache.maven.plugins + maven-antrun-plugin + 1.8 + + + + detekt + verify + + + + + + + + + + + + + + + + + + + + run + + + + + + io.gitlab.arturbosch.detekt + detekt-cli + 1.0.0.RC7 + + + ${project.groupId} + hv-collector-analysis + ${project.version} + + + + + + + + docker + + + !skipDocker + + + + linux + x86_64 + ${os.detected.name}-${os.detected.arch} + + + + + + io.fabric8 + docker-maven-plugin + 0.26.0 + + + build-docker-image + pre-integration-test + + build + + + + + true + IfNotPresent + + + ${project.artifactId} + ${docker-image.namespace}/${docker-image.name} + + ${project.basedir} + + ${project.version} + + + + + + - - - - org.jacoco - jacoco-maven-plugin - - - - report - - - - - - + + + + + - - - arturbosch-code-analysis - arturbosch-code-analysis (for detekt) - https://dl.bintray.com/arturbosch/code-analysis/ - default - - true - never - - - false - never - - - + + + + org.jacoco + jacoco-maven-plugin + + + + report + + + + + + - - - - com.google.guava - guava - 25.0-jre - - - com.google.code.findbugs - jsr305 - - - - - org.jetbrains.kotlin - kotlin-stdlib-jdk8 - ${kotlin.version} - - - org.jetbrains.kotlin - kotlin-reflect - ${kotlin.version} - - - ch.qos.logback - logback-classic - 1.3.0-alpha4 - runtime - - - org.slf4j - slf4j-api - 1.8.0-beta1 - - - io.projectreactor - reactor-bom - Bismuth-SR8 - pom - import - - - com.google.protobuf - protobuf-java - ${protobuf.version} - - - commons-cli - commons-cli - 1.4 - - - javax.json - javax.json-api - 1.1.2 - - - org.glassfish - javax.json - 1.1.2 - + + + arturbosch-code-analysis + arturbosch-code-analysis (for detekt) + https://dl.bintray.com/arturbosch/code-analysis/ + default + + true + never + + + false + never + + + - + + + + com.google.guava + guava + 25.0-jre + + + com.google.code.findbugs + jsr305 + + + + + org.jetbrains.kotlin + kotlin-stdlib-jdk8 + ${kotlin.version} + + + org.jetbrains.kotlin + kotlin-reflect + ${kotlin.version} + + + ch.qos.logback + logback-classic + 1.3.0-alpha4 + runtime + + + org.slf4j + slf4j-api + 1.8.0-beta1 + + + io.projectreactor + reactor-bom + Bismuth-SR8 + pom + import + + + io.netty + netty-tcnative-boringssl-static + 2.0.8.Final + ${os.detected.classifier} + + + com.google.protobuf + protobuf-java + ${protobuf.version} + + + commons-cli + commons-cli + 1.4 + + + javax.json + javax.json-api + 1.1.2 + + + org.glassfish + javax.json + 1.1.2 + - - org.jetbrains.spek - spek-api - ${spek.version} - test - - - org.jetbrains.spek - spek-junit-platform-engine - ${spek.version} - test - + + + + org.jetbrains.spek + spek-api + ${spek.version} + test + + + org.jetbrains.spek + spek-junit-platform-engine + ${spek.version} + test + - - org.assertj - assertj-core - 3.9.1 - test - - - com.nhaarman - mockito-kotlin - 1.5.0 - test - - - org.mockito - mockito-core - - - - - org.mockito - mockito-core - 2.18.3 - test - - - org.jetbrains.kotlin - kotlin-test - ${kotlin.version} - test - - - io.projectreactor - reactor-test - 3.1.7.RELEASE - test - - - + + org.assertj + assertj-core + 3.9.1 + test + + + com.nhaarman + mockito-kotlin + 1.5.0 + test + + + org.mockito + mockito-core + + + + + org.mockito + mockito-core + 2.18.3 + test + + + org.jetbrains.kotlin + kotlin-test + ${kotlin.version} + test + + + io.projectreactor + reactor-test + 3.1.7.RELEASE + test + + + diff --git a/ssl/.gitignore b/ssl/.gitignore new file mode 100644 index 00000000..598dc753 --- /dev/null +++ b/ssl/.gitignore @@ -0,0 +1,4 @@ +*.crt +*.key +*.srl +*.csr diff --git a/ssl/Makefile b/ssl/Makefile new file mode 100644 index 00000000..d9d1027f --- /dev/null +++ b/ssl/Makefile @@ -0,0 +1,33 @@ +FILE=sample +CA_PASSWD=onap +SUBJ=/C=PL/ST=DL/L=Wroclaw/O=Nokia/OU=MANO +CA=onap + +sign: $(FILE).crt + +clean: + rm -f *.crt *.key *.srl *.csr + +generate-ca-certificate: $(CA).crt + +generate-private-key: $(FILE).key + +create-public-key: $(FILE).pub + +create-sign-request: $(FILE).csr + +$(CA).crt: + openssl req -new -x509 -keyout $(CA).key -out $(CA).crt -days 365 -passout pass:$(CA_PASSWD) -subj "$(SUBJ)" + +$(FILE).key: + openssl genpkey -algorithm RSA -out $(FILE).key -pkeyopt rsa_keygen_bits:2048 + +$(FILE).pub: $(FILE).key + openssl x509 -req -days 360 -in client.csr -CA $(CA).crt -CAkey $(CA).key -CAcreateserial -out client.crt + +$(FILE).csr: $(FILE).key + openssl req -new -sha256 -key $(FILE).key -out $(FILE).csr -subj "$(SUBJ)" + +$(FILE).crt: $(CA).crt $(FILE).csr + openssl x509 -req -days 360 -in $(FILE).csr -CA $(CA).crt -CAkey $(CA).key -out $(FILE).crt -CAcreateserial -passin pass:$(CA_PASSWD) + diff --git a/ssl/README.md b/ssl/README.md new file mode 100644 index 00000000..efba6107 --- /dev/null +++ b/ssl/README.md @@ -0,0 +1,28 @@ +# Generating SSL certificates + +Typical usage: + +```shell +make FILE=client +make FILE=server +``` + +Will generate CA certificate and signed client and server certificates. + +More "low-level" usage: + +```shell +make generate-ca-certificate +make generate-private-key FILE=client +make sign FILE=client +``` + +# Connecting to a server + +First generate *client* and *server* certificates. Then start a server with it's cert and make ca.crt a trusted certification authority. + +After that you can: + +```shell +./connect.sh client localhost:8600 < file_with_a_data_to_be_sent.dat +``` diff --git a/ssl/connect.sh b/ssl/connect.sh new file mode 100755 index 00000000..16524c3e --- /dev/null +++ b/ssl/connect.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -eou pipefail + +if [[ $# < 2 ]]; then + echo "Please provide a key file prefix and a target host:port" + exit 1 +fi + +key_prefix=$1 +host_and_port=$2 + +cert_file="$key_prefix.crt" +key_file="$key_prefix.key" + +if [[ ! -r "$cert_file" ]]; then + echo "$cert_file is not readable" + exit 2 +fi + +if [[ ! -r "$key_file" ]]; then + echo "$key_file is not readable" + exit 2 +fi + +openssl s_client -connect $host_and_port -cert "$cert_file" -key "$key_file" -CAfile onap.crt +