From 01f3ecda24e893d5799c382f1daaccf439eb745b Mon Sep 17 00:00:00 2001 From: "Tait,Trevor(rt0435)" Date: Tue, 18 Sep 2018 13:43:20 -0400 Subject: [PATCH] Remove credentials data Issue-ID: SDNC-458 Service Decomposition and Network Discovery Microservice have sensitive keystore/certificate/password data in their configuration files that needs to be removed. In order for Network Discovery Microservice JUNIT to execute a dummy Enricher REST client client-cert-onap.p12 was added to src/test/resources. This is the ONAP certificate that will be used when the ONAP Enricher is available, then it will be copied to config/auth. Change-Id: I3aac665815757f9a31bbe0b4020f44cd3fe1eb12 Signed-off-by: Tait,Trevor(rt0435) --- pomba/network-discovery/config/application.properties | 7 ------- .../config/auth/enricher-client-cert.p12 | Bin 2605 -> 0 bytes .../pomba/networkdiscovery/EnricherConfiguration.java | 6 +++--- .../unittest/service/NetworkDiscoveryTest.java | 2 ++ .../src/test/resources/client-cert-onap.p12 | Bin 0 -> 2556 bytes .../service-decomposition/config/application.properties | 5 ----- .../pomba/servicedecomposition/AAIConfiguration.java | 15 --------------- 7 files changed, 5 insertions(+), 30 deletions(-) delete mode 100644 pomba/network-discovery/config/auth/enricher-client-cert.p12 create mode 100644 pomba/network-discovery/src/test/resources/client-cert-onap.p12 diff --git a/pomba/network-discovery/config/application.properties b/pomba/network-discovery/config/application.properties index 563f726..6dba59d 100644 --- a/pomba/network-discovery/config/application.properties +++ b/pomba/network-discovery/config/application.properties @@ -22,13 +22,6 @@ server.context_parameters.p-name=value #context parameter with p-name as key and basicAuth.username=admin basicAuth.password=OBF:1u2a1toa1w8v1tok1u30 -# A&AI Enircher REST Client Configuration -enricher.url=https://d2enrichment:9505 -enricher.connectionTimeout=5000 -enricher.readTimeout=60000 -enricher.keyStorePath=config/auth/enricher-client-cert.p12 -enricher.keyStorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o - enricher.types = vserver, l3-network enricher.type.vserver.url = /enricher/v11/cloud-infrastructure/vservers/vserver/{0}?sot=!aai enricher.type.l3-network.url = /enricher/v11/network/l3-networks/l3-network/{0}?sot=!aai diff --git a/pomba/network-discovery/config/auth/enricher-client-cert.p12 b/pomba/network-discovery/config/auth/enricher-client-cert.p12 deleted file mode 100644 index 12e0ae94fad6a3caf00f4547734ecfc708daa76f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2605 zcmV+|3exp3f(j`D0Ru3C3GW68Duzgg_YDCD0ic2j-~@sR+%SR(*f4?wj|K@UhDe6@ z4FLxRpn?Q|FoFbp0s#Opf&_I22`Yw2hW8Bt2LUh~1_~;MNQUzc=cXZA~n&U z@}bpjA6%Z-M-)0NUQ(KV0cW7jOqf#AyTtu^@sDJfiR>B0B{t^EYmV4^U`1qebq-26 z#rQ>V4N0aEKFgTOHoKxQbdO+DRpnGchAJNprfpBV?{S@nO&k4EU~1JTCU>utpHne= zs#r&to;pV?Q6P38@H9- z&B;rvzV|hx%yuKLw^OhIU#$xAj7L;7Fx=!{p@=7X6IpIW%y~CcbA@)1&hxR0%DQEw zYh=*sSbN0)=)+^p_QsEWUDdQRyMOx$9ZQzmKG$Y^rRN!>L;D(_WdAmTiFVB%PCy=X zj9TKvQB>T;%e)*Ld;ME3;=t+dwiu=-WY36K!c=vMxg?+;`QJXwnGyM8)?+VvT%E-a z4g!Rl;Q~MkiC?E2DA|Oo-|YEA8%WbJRb#lg_;7%7NaHQ>UTS6nUQB$9fh(s;rGI?Z zg;mbM1Galajq7N<3*SIm#tDgN%W!WFW5pIp(b)BSn+X0%GhF??Gno9!Xo-%6H8l zlGkz;n021v95-{P^33^iaLwn5X8jmm(Hpld$;l2)ae={tH)|uTB$9rG^G6>m=KTnQMP%da56$+0=$%s)!_oo|Ci}IMw|OHF3+AN zk4T}^rJFbcXnZy+s!tOV5CZ6$s1^g6!y91*uuT^xOw-5;EPZINaNYwIdIGuAS-xmd z`ejslNpLiro`xSb_s))B?%7d}Ioc!oe@tth+axn0Me{rBdXs8d3O^@C>h=T5k@g{7 zQHX&A^8nGXBmo(Hb6xd;<{hkmFya3qb`Gee;Z=lyBYC+@1lPsJxKf#psczlp z?#L%VIMOy##gaT~r4LOlOf}UrOqBfi99d+ z7l?bg>F_tmzmlHMs51HWFoFd^1_>&LNQUo0(Alc2ml0v1jzWB ziL^q0Y`!+2JJC6}f$1J*AbL(}so);-q)@RQ^~xK%6V|=Q2OnJKAx^U>YMSByhraNd zF<&52-zo6P0Mt}#8v3zTdEJz)J71PEc%^^!C752*Byt8Ki42{jm-1X}w1RI~KYTa6 zp@s;s!o2}{QLx+mMj~tJGZ1dV(q>!Af?$*~z&tD*P4^c^n4(rXmKVWMb86u7eMtME zcMbB|H7$JZbYi3InW8wgYbg=6$xvVJ_-lFGyXxik)J~5GcnO3K1g|`M3!q$CpImri z@qs5yTkMUSNOWS}pi%Vo!+U2_{;U8(>;<4>6IbIion!KXQ*sMDGs@=@{<&ZECZ*Yq zgbENdi3Hu@2mfv`w;IP9emk)4*o_Ys*yU@^I17VZo_$R_w3u+iWq4rGEl3w@MMh^e zeo+5)Pp#Ebd5u!N*RUQOkMMC{U)H|vIv~TIHdt6UT|9|RdJg+rr43FaD^ux0rTnDt zN3D~d&x0C2cwBO_0KWCGpn_LCu&?P#M7Hvj-38db_Bx%%Uoa3ZX#NWnOgRCv?xT9G zR(`wzWq<64Y};c(6AdZ5B`@p6-1;&RO&J1`$*8m?tk8z|+lGSS`a;)qs^}6gniXpI zW7-hHRGcv9MTm!JGJpyNHD=mL16=jj7P^XN2zSs(hxI_W-u)8C4dF!XPTiDbG2=W( zUr|;tVFpwMurt{7k%TW$RmTn@JPM>anj{#W%XA;v>t-DaJxZ)VAr`8(K6pVI;**re zWisy*0G_La$^7~CS5U2XA4&PE3`Wh!B^Y|FG7U9HQDi0AXw}mJCi!{Qu>q*pw2Tee zwdxgn`1qdw$iY{WZ`z#Ew+t}5vKkv>YFMd|>IF*9k%dpXphLWwA)%t7VJEeU-dkb* z|9hQWvQD3osc4v&bwBNudFlx>uVma6dF6NFyvV6BQ%kKGX>*A<3o=}Qx2L7@rbjP5 zQazt^FIZ&%+MEel^saKN4LN&hmYbA~cu{KqUF`T}45EPeOtOV3n)Y%R91 z^dcVCw|_rYery4kH3s^* zM)P{SDPZ~|%zE{xPQbyH_#adgpZn!`m)k+#kYFmJ_M+BtmCfbhao;LF2Zvx7klY|H zl-Q@6v7gCZ4+3sWuHeTJz`>=lLFeN{O=tajtDi`PG&))oeFGXPS(t0%3N-GMJsfhY zssq;}+t^3Ta&*~xA3ZXv}jV@rwz4Q23Y)mJL*48m4Fe3&DDuzgg_YDCF6)_eB6k}^Owt#sq zj06Xk6&UKUlJs3FSTHd#AutIB1uG5%0vZJX1QaTpML P{>760nps{i0s;sC^3m4M diff --git a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java index 9d28322..62ea3f7 100644 --- a/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java +++ b/pomba/network-discovery/src/main/java/org/onap/sdnc/apps/pomba/networkdiscovery/EnricherConfiguration.java @@ -33,13 +33,13 @@ public class EnricherConfiguration { @Autowired private Environment env; - @Value("${enricher.url}") + @Value("${enricher.url:https://localhost:9505}") private String url; - @Value("${enricher.keyStorePath}") + @Value("${enricher.keyStorePath:config/auth/client-cert-onap.p12}") private String keyStorePath; - @Value("${enricher.keyStorePassword:OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o}") + @Value("${enricher.keyStorePassword:OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10}") private String keyStorePassword; @Value("${enricher.connectionTimeout:5000}") diff --git a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java index 943bf7d..1829e6e 100644 --- a/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java +++ b/pomba/network-discovery/src/test/java/org/onap/sdnc/apps/pomba/networkdiscovery/unittest/service/NetworkDiscoveryTest.java @@ -74,6 +74,8 @@ import org.springframework.test.context.web.WebAppConfiguration; @WebAppConfiguration @SpringBootTest @TestPropertySource(properties = { "enricher.url=http://localhost:9505", + "enricher.keyStorePath=src/test/resources/client-cert-onap.p12", + "enricher.keyStorePassword=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10", "basicAuth.username=admin", "basicAuth.password=OBF:1u2a1toa1w8v1tok1u30" }) public class NetworkDiscoveryTest { diff --git a/pomba/network-discovery/src/test/resources/client-cert-onap.p12 b/pomba/network-discovery/src/test/resources/client-cert-onap.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d GIT binary patch literal 2556 zcmY+EdpHw{8^>p6vvN1q+;S^Iwz0#F1O>%q@$`lt@_`#}p!mZsr!v zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9lQ! z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P) zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-# z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8 z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|) zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~4pp?YJgza+-^?9hj4GbOZGiTk*` zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$| zOatMJv&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3 zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<) zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ z?gc*Y;wbUR8lJ2rgmFlsgovS9poe; z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYuW*6-_qZ0DEnz99sZ)ti;* z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4 zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e` z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TSMtJ1I5Y>bsno58xjYj38Ok z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{ zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw6>}QGd-<8Iza65dzA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$EBtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0;8pDe`nY>J&-|1qBOe zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI F_zSHP#{>WX literal 0 HcmV?d00001 diff --git a/pomba/service-decomposition/config/application.properties b/pomba/service-decomposition/config/application.properties index 3c7a37d..fbe20ee 100644 --- a/pomba/service-decomposition/config/application.properties +++ b/pomba/service-decomposition/config/application.properties @@ -22,11 +22,6 @@ basicAuth.password=OBF:1u2a1toa1w8v1tok1u30 aai.host=135.63.125.59 aai.port=8443 aai.httpProtocol=http -aai.trustStorePath=tomcat_keystore -aai.keyStorePath=aai-client-cert.p12 -aai.keyStorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o -aai.keyManagerFactoryAlgorithm=SunX509 -aai.keyStoreType=PKCS12 aai.securityProtocol=TLS aai.connectionTimeout=5000 aai.readTimeout=1000 diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java index ba0b730..41451a1 100644 --- a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java +++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java @@ -33,21 +33,6 @@ public class AAIConfiguration { @Value("${aai.httpProtocol}") private String httpProtocol; - @Value("${aai.trustStorePath}") - private String trustStorePath; - - @Value("${aai.keyStorePath}") - private String keyStorePath; - - @Value("${aai.keyStorePassword}") - private String keyStorePassword; - - @Value("${aai.keyManagerFactoryAlgorithm}") - private String keyManagerFactoryAlgorithm; - - @Value("${aai.keyStoreType}") - private String keyStoreType; - @Value("${aai.securityProtocol}") private String securityProtocol; -- 2.16.6