From 55b339f77d4944b17a4eeefb8ade6ff5f05a422d Mon Sep 17 00:00:00 2001 From: Matthieu Geerebaert Date: Fri, 10 Jan 2020 16:05:10 +0100 Subject: [PATCH] Add support for HTTPS with self signed certificates Dual port 8080 & 8443 Change-Id: I4acda5a1064a62d663243be810b1e3d3e458e742 Issue-ID: EXTAPI-255 Signed-off-by: MatthieuGeerebaert --- .env | 5 ++- Dockerfile | 6 ++- docker-compose.yml | 4 +- docs/installation/installation.rst | 5 +++ .../nbi/configuration/HttpAndHttpsContainer.java | 47 +++++++++++++++++++++ src/main/resources/application-ssl.properties | 24 +++++++++++ src/main/resources/application.properties | 8 ++-- src/main/resources/keystore/nbi.onap.p12 | Bin 0 -> 2651 bytes src/test/java/karate-config.js | 3 +- .../karatetest/features/02--ServiceOrder.feature | 4 +- .../05--ListenerResourceTestTarget.feature | 12 +++--- 11 files changed, 100 insertions(+), 18 deletions(-) create mode 100644 src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java create mode 100644 src/main/resources/application-ssl.properties create mode 100644 src/main/resources/keystore/nbi.onap.p12 diff --git a/.env b/.env index b5e681d..df2e722 100644 --- a/.env +++ b/.env @@ -18,7 +18,8 @@ NBI_VERSION=v4 # APPLICATION SERVER_CONTEXTPATH=/nbi/api/v4 -SERVER_PORT=8080 +SERVER_PORT=8443 +HTTP_PORT=8080 # ONAP ONAP_LCPCLOUDREGIONID= @@ -27,7 +28,7 @@ ONAP_CLOUDOWNER= NEXUS_DOCKER_REPO=nexus3.onap.org:10001 # NBI -NBI_URL=http://localhost:8080/nbi/api/v4 +NBI_URL=https://localhost:8443/nbi/api/v4 NBI_CALLFORVNF=false # SDC diff --git a/Dockerfile b/Dockerfile index ab23eec..6d2c3de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,8 +36,10 @@ RUN for cert in $(ls -d /certs/*); do \ USER appuser:appgroup -ENV SERVER_PORT=${SERVER_PORT:-8080} -ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom" +ENV SERVER_PORT=${SERVER_PORT:-8443} +ENV HTTP_PORT=${HTTP_PORT:-8080} +ENV JAVA_OPTS="-Dspring.profiles.active=ssl -Djava.security.egd=file:/dev/./urandom" EXPOSE $SERVER_PORT +EXPOSE $HTTP_PORT ENTRYPOINT java -XX:+UseContainerSupport $JAVA_OPTS -jar /app.jar diff --git a/docker-compose.yml b/docker-compose.yml index 607475c..47b98ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -35,9 +35,11 @@ services: MYSQL_USER: rene # APP *************************************************************************************** nbi: - image: ${NEXUS_DOCKER_REPO}/onap/externalapi/nbi:${DOCKER_IMAGE_VERSION:-latest} + # image: ${NEXUS_DOCKER_REPO}/onap/externalapi/nbi:${DOCKER_IMAGE_VERSION:-latest} + build: . ports: - 8080:8080 + - 8443:8443 env_file: - .env environment: diff --git a/docs/installation/installation.rst b/docs/installation/installation.rst index 9850c92..95b7279 100644 --- a/docs/installation/installation.rst +++ b/docs/installation/installation.rst @@ -53,6 +53,7 @@ Requirements * Docker * Docker-compose +* Free ports 8080 and 8443 Edit *docker-compose.yml* to select previous generated local build, replace:: @@ -80,6 +81,10 @@ Test http://localhost:8080/nbi/api/v4/status +and + +https://localhost:8443/nbi/api/v4/status + You should get:: { diff --git a/src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java b/src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java new file mode 100644 index 0000000..f63728f --- /dev/null +++ b/src/main/java/org/onap/nbi/configuration/HttpAndHttpsContainer.java @@ -0,0 +1,47 @@ +/** + * Copyright (c) 2020 Orange + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.nbi.configuration; + +import org.apache.catalina.connector.Connector; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; +import org.springframework.boot.web.servlet.server.ServletWebServerFactory; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("ssl") +public class HttpAndHttpsContainer { + + @Value("${http.port}") + private int httpPort; + + @Bean + public ServletWebServerFactory servletContainer() { + TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); + tomcat.addAdditionalTomcatConnectors(createStandardConnector()); + return tomcat; + } + + private Connector createStandardConnector() { + Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); + connector.setPort(httpPort); + return connector; + } + +} diff --git a/src/main/resources/application-ssl.properties b/src/main/resources/application-ssl.properties new file mode 100644 index 0000000..994083a --- /dev/null +++ b/src/main/resources/application-ssl.properties @@ -0,0 +1,24 @@ +# +# Copyright (c) 2018 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +http.port=8080 + +# tls/ssl +server.port=8443 +server.ssl.key-store=classpath:keystore/nbi.onap.p12 +server.ssl.key-store-type=PKCS12 +server.ssl.key-store-password=externalapi +server.ssl.key-alias=nbi.onap diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index fe0b9d1..b146afd 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -24,8 +24,8 @@ nbi.version = v4 # SERVER server.servlet.context-path = /nbi/api/${nbi.version} -server.port = 8080 server.public.ip = localhost +server.port = 8080 # LOGGING logging.level. = WARN @@ -40,8 +40,8 @@ onap.tenantId = 6e97a2bd51d74f6db5671d8dc1517d82 onap.cloudOwner = CloudOwner # NBI -nbi.url = http://localhost:${server.port}${server.servlet.context-path} -nbi.public.url = http://${server.public.ip}:${server.port}${server.servlet.context-path} +nbi.url = https://localhost:${server.port}${server.servlet.context-path} +nbi.public.url = https://${server.public.ip}:${server.port}${server.servlet.context-path} nbi.callForVNF = false # SCHEDULER @@ -109,4 +109,4 @@ spring.datasource.validationQuery = SELECT 1 spring.datasource.driver-class-name = org.mariadb.jdbc.Driver spring.jpa.show-sql = false spring.jpa.hibernate.ddl-auto = update -spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy \ No newline at end of file +spring.jpa.hibernate.naming-strategy = org.hibernate.cfg.ImprovedNamingStrategy diff --git a/src/main/resources/keystore/nbi.onap.p12 b/src/main/resources/keystore/nbi.onap.p12 new file mode 100644 index 0000000000000000000000000000000000000000..6083f1d92e44d56eb001be5488ac42cdb5218ee2 GIT binary patch literal 2651 zcmY+EcR1UN8pnT$#7ga;YS%bsB}T2Pt)z+ybDs0Z`@HY-{eIu?pC1H{*&Ym{L*SU%>6v5_jS~-8Knx%P zju`~OG5tc|m<|y*DCQp))CGcrI-bdPXJbVV``_0&W)PTwgZxC`AO{F(dglMjXXX45 zcr*z86z`TCUrAUoI;;o^VQiWf1k(Y%77!d{P^ryFMAV1V1O1!Vl5dcOl9 zpS*=*HQIk9I*w6F{`FJ~Ah){jd|TMc)pd_^BPJy#93Ep$Plh=8UrBuN6XfyW%3r+J zcf&fQN#^eHR=S6nt?Qu3%AXzKhjP~0C~SY3jmS~3RY0??>N(-j8RrI z33hxM6POZhmOFe~RmLIMDdsJ&sZPZl z>Mtx{sVn@(96Z6s%d4P0!L+fZ!3uNten}H?6BC-c_Gjk0kES+SKMYy$6JBj;ajS8M_}7 zTfK(sxh`b6>Stg29Hr7++vM8%a-m^q@O0!gRBggn?^^NYZ8%)p(^>#Xj%*4eJ7(X5 zKlFRTmFcg2zFg0&(h_|_wJCcC+xO{LuCTg4m=p1}H8kipqOx`}FhU^{es`5F3Yh7x^Y_U%`3l3)gEoFX=$gYG<7WxSwf?D3=VU^=g4(^70I zp!E>>jpOBF`U#Qti;4S%QCc~83|Wi&!ELU9~Mt_ zOipyt7sCN)ARph<6B}4shuF&ZkHSiFrPW*)HB0j44^bM&^{DrMD@UW>2 z56&jOzS%C!BuH{;2W;}cxPkN|-R@zkb~>eDQgMIKQPPXlO!BGerL4w@hP1SIU!i$` zG*QUr(6|TKBCg%Za+X{A-lb^x^esBo;@W~fCPJ(YrpInE<9Nlr3hZ3xid}UrwNv0G z^hig2*ci{#q+5CnY)gWjEfe)_%KO~NA&?eb%6YW%(V%Y2Ng1n}+7qcf&Oz`vZo|8= z*!RuvHCDnIv^eU}k=x)$f5EipMjBiW8VEXpER% zi=5rU%)YJKwv0661U5dn1L!IS1#W(R8%zS49=BO%XzYLTi>7W$qIyamz<7sfd6R-q zq;9*?6XK5T$Z>_7Nqm!)(Z$n0(b2lRJ4c8s&*SK>*qmGl*(hL8R+eYx$=xqeWttD# zJveR7ygybUZhv)N-QjvHDuuy=;LTC4D68FSrDEUOw?|e z&G@2~ZThtn5c=^6%NAW7>t=6;30Rxr6dwlnbNL1Y3088u zX=1rmc&wZ*d5YUMlU}=6s?d*w;HzJZhaO9cv#%1u63mx4e&()~yeHFxT*PcxM?c9s zTZA_x@b+f~TYhYr<4p`@AH~)do{R0nl0~jK7j4izYz#*kwKQ9HTiMkRxW7hG?p@d$ zZt3k*x_r=H)rBU0&VTOW-l_Xj*%I{5KU}RZhthi-JdUel#e`e_N0MlwF zV_`!P%Q}BdU+b^a?o6V-hUREMg1>qSOZixEWm2l&CR)666aChU>XW`$fiDSpo(Sv^ zs~M4&w+%vz#-QJ+?FTBaz9E5gt)?28Zw(G8cXA!HXP>Tl4(I$P;MJl=a~utPV2@I% z{=!I{S=pw{XcO@W-(SDyS$^>LVzCq4h=mX%qMGg#SPcsp?R9o^Q7y5mQ)LnEz9X@Q-962z_C4n3L{gp1VcZ*8@(j>x>v58Fubzo+J@z22H76(a z=|&xQ!7fXT>5h?wTa+g5^k&P#?P>22E&{3;wVeU3ItG%8@A9+mhmKdkr^B%qr@aTm z;RfwKF?uU|^7EG33W5kOZ@H|Ushi}fZ{4hv3h346K{`f`w_6Y&0?UglB{J}yZ5*K7 z+Gkfd=j>dRi#i7aEIk~w+pR4G0@X=s>sF6-8~xetuCbxfISgS( z)slK^TGOKODl6B1*m%(#F}!3XJ%MFWfF~`(NL=MdY2Yb0KRUS-wXcBU-QWt5HZpH?tX_33guo>b+t#wTd`4=y8jsc