From ac4baf28eab0a4412810f02237b981933c985e95 Mon Sep 17 00:00:00 2001 From: efiacor Date: Mon, 8 May 2023 18:17:03 +0100 Subject: [PATCH] [SDC-DISTRO-CLIENT] SSL config updates Signed-off-by: efiacor Change-Id: Iacaf5072241e56bf72db13acef0f533814ae8989 Issue-ID: SDC-4476 --- sdc-distribution-ci/etc/sdc-user-keystore.jks | Bin 0 -> 2894 bytes sdc-distribution-ci/etc/sdc-user-truststore.jks | Bin 0 -> 1702 bytes .../test/core/config/DistributionClientConfig.java | 18 +-- .../test/core/service/CustomKafkaContainer.java | 1 + sdc-distribution-client/etc/README.txt | 16 --- sdc-distribution-client/etc/sdc-client.jks | Bin 1177 -> 0 bytes sdc-distribution-client/etc/sdcclientstore.jks | Bin 907 -> 0 bytes .../java/org/onap/sdc/http/HttpClientFactory.java | 130 ++++----------------- .../main/java/org/onap/sdc/impl/Configuration.java | 13 ++- .../org/onap/sdc/impl/DistributionClientImpl.java | 3 +- .../onap/sdc/utils/kafka/KafkaCommonConfig.java | 17 +-- .../org/onap/sdc/utils/kafka/SdcKafkaProducer.java | 12 +- .../org/onap/sdc/http/HttpClientFactoryTest.java | 6 +- .../org/onap/sdc/http/SdcConnectorClientTest.java | 5 +- .../org/onap/sdc/utils/KafkaCommonConfigTest.java | 6 +- .../test/java/org/onap/sdc/utils/SdcKafkaTest.java | 2 +- .../java/org/onap/sdc/utils/TestConfiguration.java | 18 ++- .../src/test/resources/etc/sdc-user-keystore.jks | Bin 0 -> 2894 bytes .../src/test/resources/etc/sdc-user-truststore.jks | Bin 0 -> 1702 bytes .../src/test/resources/sdc-user-keystore.jks | Bin 0 -> 2894 bytes .../src/test/resources/sdc-user-truststore.jks | Bin 0 -> 1702 bytes 21 files changed, 83 insertions(+), 164 deletions(-) create mode 100644 sdc-distribution-ci/etc/sdc-user-keystore.jks create mode 100644 sdc-distribution-ci/etc/sdc-user-truststore.jks delete mode 100644 sdc-distribution-client/etc/README.txt delete mode 100644 sdc-distribution-client/etc/sdc-client.jks delete mode 100644 sdc-distribution-client/etc/sdcclientstore.jks create mode 100644 sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks create mode 100644 sdc-distribution-client/src/test/resources/etc/sdc-user-truststore.jks create mode 100644 sdc-distribution-client/src/test/resources/sdc-user-keystore.jks create mode 100644 sdc-distribution-client/src/test/resources/sdc-user-truststore.jks diff --git a/sdc-distribution-ci/etc/sdc-user-keystore.jks b/sdc-distribution-ci/etc/sdc-user-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..7c3c72a781fa7e3c352210b509ede7cac83b959b GIT binary patch literal 2894 zcma);Wmpr87RR?SM$29p0!pX!XmE&h4nzq-x^qZ(j+moMk(i*M!03<==0uSa5F9uO zl~z(|B;<0RdmrC>Ki&J`ob#Ojsc*mMz|nLDARq-CO}h)B5lz-hK41V+0ZY-eOJFqZ z+`0T2j;3t+uM*``Fq-o5xr{rv0tnr|r|4;cpi(rY+PSC#cl$Fz$pE*4EB&3)!^Oa` zHzZ^49tSq|I%f|fa5YaPbcL1@1QLdVfIM(|2=%`!VD1w*e< zm~G;*^uv_asuQhgK7n8~c$78aUD|^0sP@xWx*Sf}-zmdCcir;82{>KdQU0;cSd^kr zN~6N}aHKdlT2srkR<;tLJb0_o+e`~Mm3>t)-SqU8ze_><-A}+`seI=14GfWC4+z{%9!Y@^N+a zeB`TU4gK0naOR4IZ8pW8DHoVrw>f^baXlqVVt!{Pa8wZELvgbS0HuC;A6lZT#gz-Y z`BmS)yyn>>jgwF6&zIb-ZB|E@d00!?Jk1s70vXGi+><^-ki;bp7Ri-@KK69y*N87K z`RfCYUJ?hDfwMmMEyws$*TfD7xt>j-Qsdj+Iy4H~L%C-&SRZk&<)IH}b*-+Z=a& zBgf!jq}@1B6k|0>TXpE{qoKFQbQ02b`AQ9$4{_XC&g@@T57@(y_`)m7_h+46S6%hS zv`-$0e66{A)he+%uQIp8=g?pr)3CxB^{dq7WOyZ!97%Sn4DL5X73p_9sB@$XLu@^4mvm~TRuz46P|DpBWNXHk(hNkcpPft zG09=awK`f{u%Vmm^szLy^T}mK1MIi-lOVMflUIFWaW>;?Jf3n_R9gHc)q_NK9#s&s zf83rb8j{`NXNwU+y)&if&WP{NR^z-~E6KY)dg#xn{YI$1=3;#8o9ODgqXDppQ!;C~ zVFXqgPx`RbE-RZ;=1^g+)1vJYqDkn2lel7COHAMUO~~oVrSVCpLxMjOkwf&Fb%e#A z1M9-r;87A~a$uW!(~DiI?Wbqk-f8>k5t19fYu?KCJCjck%n3OGrix;LnRK1u7eZNi zN?$=GRn~LPRr^e_(e;h%^(Fu2|N^9@IR@3f?oL zOJQ0c$^c2>+%Ah)Kd!(oA!jBN7fT{&Xee`O37K1y33sI8;!B*H;-_`;l8G zm9HX>E78A=MRLTxwHhO&du=B^UhkgDq*6%QUco&$&#^1pj9Xi!=<(Waf!-<&joUl2L%emF4B- z6cx@n{P!Lz$T^ys&ZP?=AmBVu{kcE|{9mv(7+EeI>Jt@mg#r5D3UHk}h~lvS2iAfh zy?hKGk(1~%v1y;&nIDG+XKB?LN<3NNF``%)e(3mU6PJcaJWx6cZOMCtuQh28n%UIf z@8TXI#C}k0P8qbD%dV2HbT{L8EHe*=y9fZM0Gg)@p&fz5jDqdTiK~MK#Mc!Ri2kG3g07NhU0yXc8+4?;( zoi-T}hKT`Dg-jDqmitsR;yU7N-TO-X_7=X|A1%jo5Y_}qNLk>XgJt0;&)7iFYd6Ap z@^MqSQqfs8&Y`rZ{>6YvoE}r6tvNRm9l-XD193rId{9vge+PBCRcW>2hR_rarwzv# z8AROf6%fnzdO5@8mA&xwKyBE;ZJ7h75-8vKWAta1ZOOgvMNBBrXHf zif&8-BiTPA{S;Pob{4JpS?u*rHaSME7p>|~BU;USM?-Z5KW909t3Uo^9)h`hDlV7x zfcc>0=Ji^n?KHA=Ulet4tyBhDea5;coVfd8u!NhXexjAXayfsfN>(vT**;J3`nuyh zpCHr_>^#I%zMMmSaY|gZxTZO;qtC^|)}3`R?9GdlJR96@ql1iGA?fqVkXe*(2J@Gh zZg~fX0s8OSLIiuI#l4PXnw{yTE#SD%9pPzp3l9}v9J^tRe*HyFp&N6o)3YI3*-Nb% zYV7-0eVh$%7O()uLVrb>({)VJQmHgQTO$VAF&|QS3qcR7ZedDBp52|ei3o_SAciH0 zy@qrM?QB#1B6o?a$4Ip~nSe`GNuPV&S;MwGA3yW=5@qUT={d8w4Tx&U3g_R4Q3W`r z_*yce)?Ea_H%w54Ic`3IpKS671ee+3A@2($nKCTfTO!5#d*fALk@gvW&YmVe89Al4 z8{=Fl^p`=V{vE#^e%fnYPfOTvBpUQ%Fx1{J(yJtCaqknP+BLT_X>m<|Nw2!P^JU!w zD#yL;j=Ew|TV5Snv2q$SU`la|Xe%Y4$Jb^c(q4|bRN|{JyrLJ6^aM%J`1=G<@!O5Y znO5~p-iDXhz006Jg5krybUye_h|k3faIAB1a?r^Tc#x&7w+ z=)_nAswBjahcTdADH_wJ%rwz~v<>OgrAB4+I&TNFk(LRyy}EUL&wHArqIL_-u`L1# z8Mch#LQ0(m3VqC{PY5L*?fA;D=bwDZ=EcirBtLDwthYrgz@W(8d~n^_aZrzZ3d?d- zX0~)fxnn>}tD&pns1@tiN^%~uYR0RhWo+t#4MUo*nn44ncj3wT~m)vs;(; zAGXcI?pvUa6=c+&-a`$Bn17^2cS?NGz2#C%rK>43veYYuJ?i=JE(C4_mxeR^`7uF2 zN&uLrv-WoXlZHJ2IeWL%V%^tFoFgi0s#Opf(91`2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q352$J$2umM-lKPSwxO0^ERt1)v(S5V1whA*&iW*>8rX1n0aI%L)%(os)9twx2 z(uE8x*Z&ron&u7EyZuQP`N_!iqaGS{Y0QShJpR5c#yv^5qL#m3MM$@fA~aJMB9IwC zz`Ho$$oc-*%A@2RLVT-c7~$BgZDV%eas+>3pu57D{pFhAQ}4j$!7ZvF@7}>FElTZR z$K4tQS|BZ*L7*g>duQud;^>BOiv_n^)*8ewXt$VbRnkt|VYKK}MnMte*YP9iUhgHB zn!PM*@WE+n{S~LNg;cKyS}HY0qJGVdz;m ztzQSsQtXaUoG&P-U)_tb)Zf1+V64anX79V$XJy(BV-bhvPK7RGOqYGL^NKF5Up`rY@N)ar`Yt0t@S^Ie{eOEzIjaSYaOEE4j1A-J?mBb@};fYM5 zKefHM1<`c9p?x6Z+h|C!EqLZ;#9kq}PRG)- z&QBMqJ9Zyd+9D|x!a60DtRP3Jc&_r`d!VDzHb5cbW&KipDx2(k5Kg>7d7Br;D8Fl& zQlVHqELfLw+=E;$QlTLN^f2~X06GmSxT zj*%);x_2->l?A*lw67+KJt-ej!%)j8EJ~W4r z0olKNrn#!*Ky0z&G#QJb(n;C_pdj1r#v)B=y<`;o%N>YRKIvWu z=*v=(jlzLzYg#$0wP>=SOj<=QKVJhuXHAHQr8j}I+#it-7)XaphJ#pQu@<`DW}K0-R9? z(ZH{yO|I;`3G<2(aFd7?*vMzJi&2lDW|hjQ>U!DLRQw|eySot2ua+A2(fZG7Gg)dd zb0o4A^#hE}P}l|0tBE-A87xicrtgicE)}%)hMd4A>{N39%9&GyfdB>VVhh1~d7dJ2 z&M#iYZo=6GNdj&^17yY!Y|VWK`!nDyhNgF5x*6O3J{PuwF4+(2>7bQ3pk9Xsz2f?C z$)L$E1phs;WZ)MQDK0~slG|GeFdjB_ZLKBJfIo!mDmwmqQIC#&##Y<%YO&-&JiR#* zNC9O71OfpC00bcK=lzP|oNwy~<_+qO w<3^#j$rMH8F0#v-CnM7+zkI3$6z!ZwC5;|_^5DgA#uoZ}Mb(C17y<$(5H1NUY5)KL literal 0 HcmV?d00001 diff --git a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java index f229216..fc818fd 100644 --- a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java +++ b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java @@ -34,8 +34,14 @@ public class DistributionClientConfig implements IConfiguration { public static final int DEFAULT_POLLING_INTERVAL = 20; public static final int DEFAULT_POLLING_TIMEOUT = 20; public static final String DEFAULT_USER = "dcae"; - public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-client.jks"; - public static final String DEFAULT_KEY_STORE_PASSWORD = "Aa123456"; + private String keyStorePath; + private String keyStorePassword; + public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-user-keystore.jks"; + public static final String DEFAULT_KEY_STORE_PASSWORD = "zreRDCnNLsZ7"; + public static final String DEFAULT_TRUST_STORE_PATH = "etc/sdc-user-truststore.jks"; + public static final String DEFAULT_TRUST_STORE_PASSWORD = "changeit"; + public String trustStorePath; + public String trustStorePassword; public static final boolean DEFAULT_ACTIVATE_SERVER_TLS_AUTH = false; public static final boolean DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES = true; public static final boolean DEFAULT_USE_HTTPS_WITH_SDC = false; @@ -48,10 +54,6 @@ public class DistributionClientConfig implements IConfiguration { private String consumerGroup; private String environmentName; private String comsumerID; - private String keyStorePath; - private String keyStorePassword; - private final String trustStorePath; - private final String trustStorePassword; private boolean activateServerTLSAuth; private boolean isFilterInEmptyResources; private boolean useHttpsWithSDC; @@ -77,8 +79,8 @@ public class DistributionClientConfig implements IConfiguration { this.user = DEFAULT_USER; this.keyStorePath = DEFAULT_KEY_STORE_PATH; this.keyStorePassword = DEFAULT_KEY_STORE_PASSWORD; - this.trustStorePath = DEFAULT_KEY_STORE_PATH; - this.trustStorePassword = DEFAULT_KEY_STORE_PASSWORD; + this.trustStorePath = DEFAULT_TRUST_STORE_PATH; + this.trustStorePassword = DEFAULT_TRUST_STORE_PASSWORD; this.activateServerTLSAuth = DEFAULT_ACTIVATE_SERVER_TLS_AUTH; this.isFilterInEmptyResources = DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES; this.useHttpsWithSDC = DEFAULT_USE_HTTPS_WITH_SDC; diff --git a/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java b/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java index e2eabc1..8de8949 100644 --- a/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java +++ b/sdc-distribution-ci/src/test/java/org/onap/test/core/service/CustomKafkaContainer.java @@ -33,6 +33,7 @@ public class CustomKafkaContainer extends FixedHostPortGenericContainerh1WUQW4y3z{|#|)#lOmotKf3o0Y+!%8=K9n~gb?g-e9RF+?rIkjH=v#N`%d z_Vf)llr@lstLJ1C*PU+beK zx+*zkd9xlHU#y%qRj=*s1rBk!AaQOZle>$vk1BgSwqs?MYd-Am(G-8LwrY80*AJ%D zygh|&zFU-c2!{SXu6$#i%mTkjUZ1|i)X(&cZVr`Q((+&m&xf@Cv)5{Kn{IN=d?Nqe zUc}7D`LAoWmS3*UvxtDF6Q{GRH+CyGx!cyWD0cEhc_xh`0?uBc=GZhxPco@!hUaugwcr&MyLE{>byfRDU5`)Ht4OrDItXonukdfbnGrIuO z03*ZFZ}Rgkp8a!4u6W1v{OHEpTn|{eSLa{YJAFCJ@89<-KA%Y1b;`?!<4*dyu8+By z92~i`+@gav{npZYHGi#}b=bZiH@~jE#Qq~yZdR9-NT>bFg@r4*c893Hl$yt5pp)gk z>|C|?wau z%N~1Ut@3pJw!1;+*IIsAYqVW_wblQ4m3~XF>>X?EuU_1I=QuB~`=j1ZUV@%1$-MI} n1*=r=+fh`#!mqVi-`#D_W2-{XkVSk3iIc9XmF*5&(^vT zK|C%V7RL~^5JM3IArO~anA;__EHx*;AU8Fy#8B8k5G2Yh%;lU|l9-d9uHfWqAScdi zXlh_=WCSG5Of90sd5wTvLrW-^R@OE#Dj|E2k(GhDiIJbdpox)-sfm%1;lz^Ti<$c# zI4x=Ktt`rlPy3mA<4|^*-KAnH|BlC3e=b}deMw2cadh zfwq&|j`7`m=HC~7c+&NPTc`4V>0b;@kgS>D(iL#J;z?JmFYtP&9jSo0-BIJ+wSU*^`{LcV2}_pL1s{Q5ucv{7K~^}d4# zCv3gsa>%W}yLx%X%p!OD&vxP#Su^=f^>RMXco5h7o^{4u-z?>grW5Kh5qcM=OW5Y7WzFU-w&Vc7i-yR4f8rLqTHIGGt8us+$^Ac)!EsH^ZwH_7zSFhR0qew;OgmItWzwo+-KZ@vWohM7 z*S7li)7SXV`jvZHWMh2P{F9b3n=IYluF(y3I%@EyuIm8Y{^Z| diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java index 94e20fb..ee75102 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/http/HttpClientFactory.java @@ -22,6 +22,7 @@ package org.onap.sdc.http; import java.io.FileInputStream; import java.io.IOException; +import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -29,6 +30,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -39,10 +41,12 @@ import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.SSLContexts; import org.onap.sdc.api.consumer.IConfiguration; import org.onap.sdc.utils.Pair; @@ -71,9 +75,7 @@ public class HttpClientFactory { } private Pair createHttpsClient(IConfiguration configuration) { - return new Pair<>(HTTPS, - initSSL(configuration.getUser(), configuration.getPassword(), configuration.getKeyStorePath(), - configuration.getKeyStorePassword(), configuration.activateServerTLSAuth())); + return new Pair<>(HTTPS, initSSLMtls(configuration)); } private Pair createHttpClient(IConfiguration configuration) { @@ -84,123 +86,37 @@ public class HttpClientFactory { .setProxy(getHttpProxyHost()).build()); } - private CloseableHttpClient initSSL(String username, String password, String keyStorePath, String keyStorePass, - boolean isSupportSSLVerification) { + private CloseableHttpClient initSSLMtls(IConfiguration configuration) { - try { + try (FileInputStream kis = new FileInputStream(configuration.getKeyStorePath()); + FileInputStream tis = new FileInputStream(configuration.getTrustStorePath())) { - // SSLContextBuilder is not thread safe CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(new AuthScope("localhost", AUTHORIZATION_SCOPE_PORT), - new UsernamePasswordCredentials(username, password)); - SSLContext sslContext; - sslContext = SSLContext.getInstance(TLS); - TrustManagerFactory tmf = createTrustManagerFactory(); - TrustManager[] tms = tmf.getTrustManagers(); - if (isSupportSSLVerification) { - - if (keyStorePath != null && !keyStorePath.isEmpty()) { - // Using null here initialises the TMF with the default - // trust store. - - // Get hold of the default trust manager - X509TrustManager defaultTm = null; - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - defaultTm = (X509TrustManager) tm; - break; - } - } - - // Do the same with your trust store this time - // Adapt how you load the keystore to your needs - KeyStore trustStore = loadKeyStore(keyStorePath, keyStorePass); - - tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(trustStore); - - // Get hold of the default trust manager - X509TrustManager myTm = null; - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - myTm = (X509TrustManager) tm; - break; - } - } - - // Wrap it in your own class. - final X509TrustManager finalDefaultTm = defaultTm; - final X509TrustManager finalMyTm = myTm; - X509TrustManager customTm = new X509TrustManager() { - @Override - public X509Certificate[] getAcceptedIssuers() { - // If you're planning to use client-cert auth, - // merge results from "defaultTm" and "myTm". - return finalDefaultTm.getAcceptedIssuers(); - } - - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - try { - finalMyTm.checkServerTrusted(chain, authType); - } catch (CertificateException e) { - // This will throw another CertificateException - // if this fails too. - finalDefaultTm.checkServerTrusted(chain, authType); - } - } - - @Override - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - // If you're planning to use client-cert auth, - // do the same as checking the server. - finalDefaultTm.checkClientTrusted(chain, authType); - } - }; - - tms = new TrustManager[] { customTm }; - - } - - sslContext.init(null, tms, null); - SSLContext.setDefault(sslContext); - - } else { - - SSLContextBuilder builder = new SSLContextBuilder(); - - builder.loadTrustMaterial(null, (chain, authType) -> true); - - sslContext = builder.build(); - } + new UsernamePasswordCredentials(configuration.getUser(), configuration.getPassword())); + + final KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(kis, configuration.getKeyStorePassword().toCharArray()); + final KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(ks, configuration.getKeyStorePassword().toCharArray()); + + final KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(tis, configuration.getTrustStorePassword().toCharArray()); + final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + trustManagerFactory.init(ts); + final SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(ts, new TrustSelfSignedStrategy()).loadKeyMaterial(ks, configuration.getKeyStorePassword().toCharArray()).build(); HostnameVerifier hostnameVerifier = (hostname, session) -> hostname.equalsIgnoreCase(session.getPeerHost()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new String[] { TLS }, null, - hostnameVerifier); + hostnameVerifier); + return HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).setProxy(getHttpsProxyHost()) - .setSSLSocketFactory(sslsf).build(); + .setSSLSocketFactory(sslsf).build(); } catch (Exception e) { throw new HttpSdcClientException("Failed to create https client", e); } } - private TrustManagerFactory createTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException { - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(DEFAULT_INIT_KEY_STORE_VALUE); - return tmf; - } - - private KeyStore loadKeyStore(String keyStorePath, String keyStorePass) - throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { - KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - try (FileInputStream keyStoreData = new FileInputStream(keyStorePath)) { - trustStore.load(keyStoreData, keyStorePass.toCharArray()); - } - return trustStore; - } - private HttpHost getHttpProxyHost() { HttpHost proxyHost = null; if (configuration.isUseSystemProxy() && System.getProperty("http.proxyHost") != null diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java index add4185..8841856 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java @@ -21,15 +21,14 @@ package org.onap.sdc.impl; import java.util.List; - import org.onap.sdc.api.consumer.IConfiguration; public class Configuration implements IConfiguration { - private List msgBusAddressList; + private String msgBusAddressList; private final String kafkaSecurityProtocolConfig; private final String kafkaSaslMechanism; - private final String kafkaSaslJaasConfig; + private String kafkaSaslJaasConfig = null; private final int kafkaConsumerMaxPollInterval; private final int kafkaConsumerSessionTimeout; private String sdcStatusTopicName; @@ -60,7 +59,9 @@ public class Configuration implements IConfiguration { public Configuration(IConfiguration other) { this.kafkaSecurityProtocolConfig = other.getKafkaSecurityProtocolConfig(); this.kafkaSaslMechanism = other.getKafkaSaslMechanism(); - this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig(); + if (!"SSL".equals(this.kafkaSecurityProtocolConfig)) { + this.kafkaSaslJaasConfig = other.getKafkaSaslJaasConfig(); + } this.comsumerID = other.getConsumerID(); this.consumerGroup = other.getConsumerGroup(); this.pollingInterval = other.getPollingInterval(); @@ -233,11 +234,11 @@ public class Configuration implements IConfiguration { this.sdcNotificationTopicName = sdcNotificationTopicName; } - public List getMsgBusAddress() { + public String getMsgBusAddress() { return msgBusAddressList; } - public void setMsgBusAddress(List newMsgBusAddress) { + public void setMsgBusAddress(String newMsgBusAddress) { msgBusAddressList = newMsgBusAddress; } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java index a34ba1e..0c05b58 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/DistributionClientImpl.java @@ -30,6 +30,7 @@ import fj.data.Either; import java.lang.reflect.Type; import java.nio.charset.StandardCharsets; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.List; import java.util.UUID; @@ -324,7 +325,7 @@ public class DistributionClientImpl implements IDistributionClient { errorWrapper.setInnerElement(kafkaData.right().value()); } else { KafkaDataResponse kafkaDataResponse = kafkaData.left().value(); - configuration.setMsgBusAddress(Collections.singletonList(kafkaDataResponse.getKafkaBootStrapServer())); + configuration.setMsgBusAddress(kafkaDataResponse.getKafkaBootStrapServer()); configuration.setNotificationTopicName(kafkaDataResponse.getDistrNotificationTopicName()); configuration.setStatusTopicName(kafkaDataResponse.getDistrStatusTopicName()); log.debug("MessageBus cluster info retrieved successfully {}", kafkaData.left().value()); diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java index 477e677..b285bfe 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/KafkaCommonConfig.java @@ -19,18 +19,22 @@ */ package org.onap.sdc.utils.kafka; +import java.util.Properties; +import java.util.UUID; +import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.clients.consumer.ConsumerConfig; import org.apache.kafka.clients.producer.ProducerConfig; -import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.common.config.SaslConfigs; import org.apache.kafka.common.config.SslConfigs; import org.onap.sdc.impl.Configuration; -import java.util.Properties; -import java.util.UUID; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class KafkaCommonConfig { + private static final Logger log = LoggerFactory.getLogger(KafkaCommonConfig.class); + private final Configuration configuration; - public KafkaCommonConfig(Configuration configuration){ + public KafkaCommonConfig(Configuration configuration) { this.configuration = configuration; } @@ -47,7 +51,6 @@ public class KafkaCommonConfig { props.put(ConsumerConfig.ALLOW_AUTO_CREATE_TOPICS_CONFIG, false); props.put(ConsumerConfig.AUTO_OFFSET_RESET_CONFIG, "latest"); - return props; } @@ -70,10 +73,10 @@ public class KafkaCommonConfig { props.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, configuration.getTrustStorePassword()); props.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, configuration.getTrustStorePath()); props.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, configuration.getKeyStorePassword()); + props.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, ""); props.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG, configuration.getKeyStorePath()); props.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, configuration.getKeyStorePassword()); - } - else{ + } else { props.put(SaslConfigs.SASL_JAAS_CONFIG, configuration.getKafkaSaslJaasConfig()); props.put(SaslConfigs.SASL_MECHANISM, configuration.getKafkaSaslMechanism()); } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java index b151b23..e0b51eb 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaProducer.java @@ -20,18 +20,12 @@ package org.onap.sdc.utils.kafka; -import java.util.List; import java.util.Properties; -import java.util.UUID; import java.util.concurrent.Future; -import org.apache.kafka.clients.CommonClientConfigs; import org.apache.kafka.clients.producer.KafkaProducer; -import org.apache.kafka.clients.producer.ProducerConfig; import org.apache.kafka.clients.producer.ProducerRecord; import org.apache.kafka.clients.producer.RecordMetadata; import org.apache.kafka.common.KafkaException; -import org.apache.kafka.common.config.SaslConfigs; -import org.apache.kafka.common.config.SslConfigs; import org.onap.sdc.impl.Configuration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -43,7 +37,7 @@ public class SdcKafkaProducer { private static final Logger log = LoggerFactory.getLogger(SdcKafkaProducer.class); final KafkaProducer producer; - private final List msgBusAddresses; + private final String msgBusAddresses; private final String topicName; /** @@ -89,9 +83,9 @@ public class SdcKafkaProducer { } /** - * @return The list kafka endpoints + * @return The list of kafka endpoints */ - public List getMsgBusAddresses() { + public String getMsgBusAddresses() { return msgBusAddresses; } diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java index 2292fc4..3ee2d02 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpClientFactoryTest.java @@ -41,8 +41,10 @@ class HttpClientFactoryTest { TestConfiguration config = spy(new TestConfiguration()); HttpClientFactory httpClientFactory = new HttpClientFactory(config); when(config.activateServerTLSAuth()).thenReturn(true); - when(config.getKeyStorePath()).thenReturn("src/test/resources/sdc-client.jks"); - when(config.getKeyStorePassword()).thenReturn("Aa123456"); + when(config.getKeyStorePath()).thenReturn("src/test/resources/sdc-user-keystore.jks"); + when(config.getKeyStorePassword()).thenReturn("zreRDCnNLsZ7"); + when(config.getTrustStorePath()).thenReturn("src/test/resources/sdc-user-truststore.jks"); + when(config.getTrustStorePassword()).thenReturn("changeit"); Pair client = httpClientFactory.createInstance(); SSLConnectionSocketFactory sslsf = spy(SSLConnectionSocketFactory.getSocketFactory()); CredentialsProvider credsProvider = new BasicCredentialsProvider(); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java index e449c4c..b2c1128 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/SdcConnectorClientTest.java @@ -87,7 +87,10 @@ public class SdcConnectorClientTest { when(conf.getUser()).thenReturn("user"); when(conf.getPassword()).thenReturn("password"); when(conf.isUseHttpsWithSDC()).thenReturn(true); - + when(conf.getKeyStorePath()).thenReturn("src/test/resources/sdc-user-keystore.jks"); + when(conf.getKeyStorePassword()).thenReturn("zreRDCnNLsZ7"); + when(conf.getTrustStorePath()).thenReturn("src/test/resources/sdc-user-truststore.jks"); + when(conf.getTrustStorePassword()).thenReturn("changeit"); when(conf.activateServerTLSAuth()).thenReturn(false); final HttpSdcClient httpClient = new HttpSdcClient(conf); SdcConnectorClient client = new SdcConnectorClient(conf, httpClient); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java index 36730b5..a60a785 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/KafkaCommonConfigTest.java @@ -35,8 +35,7 @@ public class KafkaCommonConfigTest { @Test public void testConsumerPropertiesNoSSL(){ - List msgBusAddress = new ArrayList<>(); - msgBusAddress.add("address1"); + String msgBusAddress = "address1"; testConfigNoSSL.setMsgBusAddress(msgBusAddress); KafkaCommonConfig kafkaCommonConfig = new KafkaCommonConfig(testConfigNoSSL); Properties consumerProperties = kafkaCommonConfig.getConsumerProperties(); @@ -45,8 +44,7 @@ public class KafkaCommonConfigTest { @Test public void testProducerPropertiesWithSSL(){ - List msgBusAddress = new ArrayList<>(); - msgBusAddress.add("address1"); + String msgBusAddress = "address1"; testConfigWithSSL.setMsgBusAddress(msgBusAddress); KafkaCommonConfig kafkaCommonConfig = new KafkaCommonConfig(testConfigWithSSL); Properties consumerProperties = kafkaCommonConfig.getProducerProperties(); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java index c0c60a8..a4d348c 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/SdcKafkaTest.java @@ -57,7 +57,7 @@ class SdcKafkaTest { startKafkaService(); KafkaTestUtils utils = new KafkaTestUtils(kafkaTestCluster); utils.createTopic(topicName, 1, (short) 1); - configuration.setMsgBusAddress(Collections.singletonList(kafkaTestCluster.getKafkaConnectString())); + configuration.setMsgBusAddress(kafkaTestCluster.getKafkaConnectString()); } @AfterAll diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java index a132cd0..b75d231 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java @@ -42,6 +42,8 @@ public class TestConfiguration implements IConfiguration { private final int kafkaConsumerSessionTimeout; private String keyStorePath; private String keyStorePassword; + private String trustStorePath; + private String trustStorePassword; private boolean activateServerTLSAuth; private boolean isFilterInEmptyResources; private boolean useHttpsWithSDC; @@ -66,8 +68,10 @@ public class TestConfiguration implements IConfiguration { this.relevantArtifactTypes = new ArrayList<>(); this.relevantArtifactTypes.add(ArtifactTypeEnum.HEAT.name()); this.user = "mso-user"; - this.keyStorePath = "etc/sdc-client.jks"; - this.keyStorePassword = "Aa123456"; + this.keyStorePath = "src/test/resources/etc/sdc-user-keystore.jks"; + this.keyStorePassword = "zreRDCnNLsZ7"; + this.trustStorePath = "src/test/resources/etc/sdc-user-truststore.jks"; + this.trustStorePassword = "changeit"; this.activateServerTLSAuth = true; this.isFilterInEmptyResources = false; this.useHttpsWithSDC = true; @@ -155,6 +159,16 @@ public class TestConfiguration implements IConfiguration { return keyStorePassword; } + @Override + public String getTrustStorePath() { + return trustStorePath; + } + + @Override + public String getTrustStorePassword() { + return trustStorePassword; + } + public String getConsumerID() { return consumerID; } diff --git a/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks b/sdc-distribution-client/src/test/resources/etc/sdc-user-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..7c3c72a781fa7e3c352210b509ede7cac83b959b GIT binary patch literal 2894 zcma);Wmpr87RR?SM$29p0!pX!XmE&h4nzq-x^qZ(j+moMk(i*M!03<==0uSa5F9uO zl~z(|B;<0RdmrC>Ki&J`ob#Ojsc*mMz|nLDARq-CO}h)B5lz-hK41V+0ZY-eOJFqZ z+`0T2j;3t+uM*``Fq-o5xr{rv0tnr|r|4;cpi(rY+PSC#cl$Fz$pE*4EB&3)!^Oa` zHzZ^49tSq|I%f|fa5YaPbcL1@1QLdVfIM(|2=%`!VD1w*e< zm~G;*^uv_asuQhgK7n8~c$78aUD|^0sP@xWx*Sf}-zmdCcir;82{>KdQU0;cSd^kr zN~6N}aHKdlT2srkR<;tLJb0_o+e`~Mm3>t)-SqU8ze_><-A}+`seI=14GfWC4+z{%9!Y@^N+a zeB`TU4gK0naOR4IZ8pW8DHoVrw>f^baXlqVVt!{Pa8wZELvgbS0HuC;A6lZT#gz-Y z`BmS)yyn>>jgwF6&zIb-ZB|E@d00!?Jk1s70vXGi+><^-ki;bp7Ri-@KK69y*N87K z`RfCYUJ?hDfwMmMEyws$*TfD7xt>j-Qsdj+Iy4H~L%C-&SRZk&<)IH}b*-+Z=a& zBgf!jq}@1B6k|0>TXpE{qoKFQbQ02b`AQ9$4{_XC&g@@T57@(y_`)m7_h+46S6%hS zv`-$0e66{A)he+%uQIp8=g?pr)3CxB^{dq7WOyZ!97%Sn4DL5X73p_9sB@$XLu@^4mvm~TRuz46P|DpBWNXHk(hNkcpPft zG09=awK`f{u%Vmm^szLy^T}mK1MIi-lOVMflUIFWaW>;?Jf3n_R9gHc)q_NK9#s&s zf83rb8j{`NXNwU+y)&if&WP{NR^z-~E6KY)dg#xn{YI$1=3;#8o9ODgqXDppQ!;C~ zVFXqgPx`RbE-RZ;=1^g+)1vJYqDkn2lel7COHAMUO~~oVrSVCpLxMjOkwf&Fb%e#A z1M9-r;87A~a$uW!(~DiI?Wbqk-f8>k5t19fYu?KCJCjck%n3OGrix;LnRK1u7eZNi zN?$=GRn~LPRr^e_(e;h%^(Fu2|N^9@IR@3f?oL zOJQ0c$^c2>+%Ah)Kd!(oA!jBN7fT{&Xee`O37K1y33sI8;!B*H;-_`;l8G zm9HX>E78A=MRLTxwHhO&du=B^UhkgDq*6%QUco&$&#^1pj9Xi!=<(Waf!-<&joUl2L%emF4B- z6cx@n{P!Lz$T^ys&ZP?=AmBVu{kcE|{9mv(7+EeI>Jt@mg#r5D3UHk}h~lvS2iAfh zy?hKGk(1~%v1y;&nIDG+XKB?LN<3NNF``%)e(3mU6PJcaJWx6cZOMCtuQh28n%UIf z@8TXI#C}k0P8qbD%dV2HbT{L8EHe*=y9fZM0Gg)@p&fz5jDqdTiK~MK#Mc!Ri2kG3g07NhU0yXc8+4?;( zoi-T}hKT`Dg-jDqmitsR;yU7N-TO-X_7=X|A1%jo5Y_}qNLk>XgJt0;&)7iFYd6Ap z@^MqSQqfs8&Y`rZ{>6YvoE}r6tvNRm9l-XD193rId{9vge+PBCRcW>2hR_rarwzv# z8AROf6%fnzdO5@8mA&xwKyBE;ZJ7h75-8vKWAta1ZOOgvMNBBrXHf zif&8-BiTPA{S;Pob{4JpS?u*rHaSME7p>|~BU;USM?-Z5KW909t3Uo^9)h`hDlV7x zfcc>0=Ji^n?KHA=Ulet4tyBhDea5;coVfd8u!NhXexjAXayfsfN>(vT**;J3`nuyh zpCHr_>^#I%zMMmSaY|gZxTZO;qtC^|)}3`R?9GdlJR96@ql1iGA?fqVkXe*(2J@Gh zZg~fX0s8OSLIiuI#l4PXnw{yTE#SD%9pPzp3l9}v9J^tRe*HyFp&N6o)3YI3*-Nb% zYV7-0eVh$%7O()uLVrb>({)VJQmHgQTO$VAF&|QS3qcR7ZedDBp52|ei3o_SAciH0 zy@qrM?QB#1B6o?a$4Ip~nSe`GNuPV&S;MwGA3yW=5@qUT={d8w4Tx&U3g_R4Q3W`r z_*yce)?Ea_H%w54Ic`3IpKS671ee+3A@2($nKCTfTO!5#d*fALk@gvW&YmVe89Al4 z8{=Fl^p`=V{vE#^e%fnYPfOTvBpUQ%Fx1{J(yJtCaqknP+BLT_X>m<|Nw2!P^JU!w zD#yL;j=Ew|TV5Snv2q$SU`la|Xe%Y4$Jb^c(q4|bRN|{JyrLJ6^aM%J`1=G<@!O5Y znO5~p-iDXhz006Jg5krybUye_h|k3faIAB1a?r^Tc#x&7w+ z=)_nAswBjahcTdADH_wJ%rwz~v<>OgrAB4+I&TNFk(LRyy}EUL&wHArqIL_-u`L1# z8Mch#LQ0(m3VqC{PY5L*?fA;D=bwDZ=EcirBtLDwthYrgz@W(8d~n^_aZrzZ3d?d- zX0~)fxnn>}tD&pns1@tiN^%~uYR0RhWo+t#4MUo*nn44ncj3wT~m)vs;(; zAGXcI?pvUa6=c+&-a`$Bn17^2cS?NGz2#C%rK>43veYYuJ?i=JE(C4_mxeR^`7uF2 zN&uLrv-WoXlZHJ2IeWL%V%^tFoFgi0s#Opf(91`2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q352$J$2umM-lKPSwxO0^ERt1)v(S5V1whA*&iW*>8rX1n0aI%L)%(os)9twx2 z(uE8x*Z&ron&u7EyZuQP`N_!iqaGS{Y0QShJpR5c#yv^5qL#m3MM$@fA~aJMB9IwC zz`Ho$$oc-*%A@2RLVT-c7~$BgZDV%eas+>3pu57D{pFhAQ}4j$!7ZvF@7}>FElTZR z$K4tQS|BZ*L7*g>duQud;^>BOiv_n^)*8ewXt$VbRnkt|VYKK}MnMte*YP9iUhgHB zn!PM*@WE+n{S~LNg;cKyS}HY0qJGVdz;m ztzQSsQtXaUoG&P-U)_tb)Zf1+V64anX79V$XJy(BV-bhvPK7RGOqYGL^NKF5Up`rY@N)ar`Yt0t@S^Ie{eOEzIjaSYaOEE4j1A-J?mBb@};fYM5 zKefHM1<`c9p?x6Z+h|C!EqLZ;#9kq}PRG)- z&QBMqJ9Zyd+9D|x!a60DtRP3Jc&_r`d!VDzHb5cbW&KipDx2(k5Kg>7d7Br;D8Fl& zQlVHqELfLw+=E;$QlTLN^f2~X06GmSxT zj*%);x_2->l?A*lw67+KJt-ej!%)j8EJ~W4r z0olKNrn#!*Ky0z&G#QJb(n;C_pdj1r#v)B=y<`;o%N>YRKIvWu z=*v=(jlzLzYg#$0wP>=SOj<=QKVJhuXHAHQr8j}I+#it-7)XaphJ#pQu@<`DW}K0-R9? z(ZH{yO|I;`3G<2(aFd7?*vMzJi&2lDW|hjQ>U!DLRQw|eySot2ua+A2(fZG7Gg)dd zb0o4A^#hE}P}l|0tBE-A87xicrtgicE)}%)hMd4A>{N39%9&GyfdB>VVhh1~d7dJ2 z&M#iYZo=6GNdj&^17yY!Y|VWK`!nDyhNgF5x*6O3J{PuwF4+(2>7bQ3pk9Xsz2f?C z$)L$E1phs;WZ)MQDK0~slG|GeFdjB_ZLKBJfIo!mDmwmqQIC#&##Y<%YO&-&JiR#* zNC9O71OfpC00bcK=lzP|oNwy~<_+qO w<3^#j$rMH8F0#v-CnM7+zkI3$6z!ZwC5;|_^5DgA#uoZ}Mb(C17y<$(5H1NUY5)KL literal 0 HcmV?d00001 diff --git a/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks b/sdc-distribution-client/src/test/resources/sdc-user-keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..7c3c72a781fa7e3c352210b509ede7cac83b959b GIT binary patch literal 2894 zcma);Wmpr87RR?SM$29p0!pX!XmE&h4nzq-x^qZ(j+moMk(i*M!03<==0uSa5F9uO zl~z(|B;<0RdmrC>Ki&J`ob#Ojsc*mMz|nLDARq-CO}h)B5lz-hK41V+0ZY-eOJFqZ z+`0T2j;3t+uM*``Fq-o5xr{rv0tnr|r|4;cpi(rY+PSC#cl$Fz$pE*4EB&3)!^Oa` zHzZ^49tSq|I%f|fa5YaPbcL1@1QLdVfIM(|2=%`!VD1w*e< zm~G;*^uv_asuQhgK7n8~c$78aUD|^0sP@xWx*Sf}-zmdCcir;82{>KdQU0;cSd^kr zN~6N}aHKdlT2srkR<;tLJb0_o+e`~Mm3>t)-SqU8ze_><-A}+`seI=14GfWC4+z{%9!Y@^N+a zeB`TU4gK0naOR4IZ8pW8DHoVrw>f^baXlqVVt!{Pa8wZELvgbS0HuC;A6lZT#gz-Y z`BmS)yyn>>jgwF6&zIb-ZB|E@d00!?Jk1s70vXGi+><^-ki;bp7Ri-@KK69y*N87K z`RfCYUJ?hDfwMmMEyws$*TfD7xt>j-Qsdj+Iy4H~L%C-&SRZk&<)IH}b*-+Z=a& zBgf!jq}@1B6k|0>TXpE{qoKFQbQ02b`AQ9$4{_XC&g@@T57@(y_`)m7_h+46S6%hS zv`-$0e66{A)he+%uQIp8=g?pr)3CxB^{dq7WOyZ!97%Sn4DL5X73p_9sB@$XLu@^4mvm~TRuz46P|DpBWNXHk(hNkcpPft zG09=awK`f{u%Vmm^szLy^T}mK1MIi-lOVMflUIFWaW>;?Jf3n_R9gHc)q_NK9#s&s zf83rb8j{`NXNwU+y)&if&WP{NR^z-~E6KY)dg#xn{YI$1=3;#8o9ODgqXDppQ!;C~ zVFXqgPx`RbE-RZ;=1^g+)1vJYqDkn2lel7COHAMUO~~oVrSVCpLxMjOkwf&Fb%e#A z1M9-r;87A~a$uW!(~DiI?Wbqk-f8>k5t19fYu?KCJCjck%n3OGrix;LnRK1u7eZNi zN?$=GRn~LPRr^e_(e;h%^(Fu2|N^9@IR@3f?oL zOJQ0c$^c2>+%Ah)Kd!(oA!jBN7fT{&Xee`O37K1y33sI8;!B*H;-_`;l8G zm9HX>E78A=MRLTxwHhO&du=B^UhkgDq*6%QUco&$&#^1pj9Xi!=<(Waf!-<&joUl2L%emF4B- z6cx@n{P!Lz$T^ys&ZP?=AmBVu{kcE|{9mv(7+EeI>Jt@mg#r5D3UHk}h~lvS2iAfh zy?hKGk(1~%v1y;&nIDG+XKB?LN<3NNF``%)e(3mU6PJcaJWx6cZOMCtuQh28n%UIf z@8TXI#C}k0P8qbD%dV2HbT{L8EHe*=y9fZM0Gg)@p&fz5jDqdTiK~MK#Mc!Ri2kG3g07NhU0yXc8+4?;( zoi-T}hKT`Dg-jDqmitsR;yU7N-TO-X_7=X|A1%jo5Y_}qNLk>XgJt0;&)7iFYd6Ap z@^MqSQqfs8&Y`rZ{>6YvoE}r6tvNRm9l-XD193rId{9vge+PBCRcW>2hR_rarwzv# z8AROf6%fnzdO5@8mA&xwKyBE;ZJ7h75-8vKWAta1ZOOgvMNBBrXHf zif&8-BiTPA{S;Pob{4JpS?u*rHaSME7p>|~BU;USM?-Z5KW909t3Uo^9)h`hDlV7x zfcc>0=Ji^n?KHA=Ulet4tyBhDea5;coVfd8u!NhXexjAXayfsfN>(vT**;J3`nuyh zpCHr_>^#I%zMMmSaY|gZxTZO;qtC^|)}3`R?9GdlJR96@ql1iGA?fqVkXe*(2J@Gh zZg~fX0s8OSLIiuI#l4PXnw{yTE#SD%9pPzp3l9}v9J^tRe*HyFp&N6o)3YI3*-Nb% zYV7-0eVh$%7O()uLVrb>({)VJQmHgQTO$VAF&|QS3qcR7ZedDBp52|ei3o_SAciH0 zy@qrM?QB#1B6o?a$4Ip~nSe`GNuPV&S;MwGA3yW=5@qUT={d8w4Tx&U3g_R4Q3W`r z_*yce)?Ea_H%w54Ic`3IpKS671ee+3A@2($nKCTfTO!5#d*fALk@gvW&YmVe89Al4 z8{=Fl^p`=V{vE#^e%fnYPfOTvBpUQ%Fx1{J(yJtCaqknP+BLT_X>m<|Nw2!P^JU!w zD#yL;j=Ew|TV5Snv2q$SU`la|Xe%Y4$Jb^c(q4|bRN|{JyrLJ6^aM%J`1=G<@!O5Y znO5~p-iDXhz006Jg5krybUye_h|k3faIAB1a?r^Tc#x&7w+ z=)_nAswBjahcTdADH_wJ%rwz~v<>OgrAB4+I&TNFk(LRyy}EUL&wHArqIL_-u`L1# z8Mch#LQ0(m3VqC{PY5L*?fA;D=bwDZ=EcirBtLDwthYrgz@W(8d~n^_aZrzZ3d?d- zX0~)fxnn>}tD&pns1@tiN^%~uYR0RhWo+t#4MUo*nn44ncj3wT~m)vs;(; zAGXcI?pvUa6=c+&-a`$Bn17^2cS?NGz2#C%rK>43veYYuJ?i=JE(C4_mxeR^`7uF2 zN&uLrv-WoXlZHJ2IeWL%V%^tFoFgi0s#Opf(91`2`Yw2hW8Bt2LUi<1_>&LNQU+thDZTr0|Wso1Q352$J$2umM-lKPSwxO0^ERt1)v(S5V1whA*&iW*>8rX1n0aI%L)%(os)9twx2 z(uE8x*Z&ron&u7EyZuQP`N_!iqaGS{Y0QShJpR5c#yv^5qL#m3MM$@fA~aJMB9IwC zz`Ho$$oc-*%A@2RLVT-c7~$BgZDV%eas+>3pu57D{pFhAQ}4j$!7ZvF@7}>FElTZR z$K4tQS|BZ*L7*g>duQud;^>BOiv_n^)*8ewXt$VbRnkt|VYKK}MnMte*YP9iUhgHB zn!PM*@WE+n{S~LNg;cKyS}HY0qJGVdz;m ztzQSsQtXaUoG&P-U)_tb)Zf1+V64anX79V$XJy(BV-bhvPK7RGOqYGL^NKF5Up`rY@N)ar`Yt0t@S^Ie{eOEzIjaSYaOEE4j1A-J?mBb@};fYM5 zKefHM1<`c9p?x6Z+h|C!EqLZ;#9kq}PRG)- z&QBMqJ9Zyd+9D|x!a60DtRP3Jc&_r`d!VDzHb5cbW&KipDx2(k5Kg>7d7Br;D8Fl& zQlVHqELfLw+=E;$QlTLN^f2~X06GmSxT zj*%);x_2->l?A*lw67+KJt-ej!%)j8EJ~W4r z0olKNrn#!*Ky0z&G#QJb(n;C_pdj1r#v)B=y<`;o%N>YRKIvWu z=*v=(jlzLzYg#$0wP>=SOj<=QKVJhuXHAHQr8j}I+#it-7)XaphJ#pQu@<`DW}K0-R9? z(ZH{yO|I;`3G<2(aFd7?*vMzJi&2lDW|hjQ>U!DLRQw|eySot2ua+A2(fZG7Gg)dd zb0o4A^#hE}P}l|0tBE-A87xicrtgicE)}%)hMd4A>{N39%9&GyfdB>VVhh1~d7dJ2 z&M#iYZo=6GNdj&^17yY!Y|VWK`!nDyhNgF5x*6O3J{PuwF4+(2>7bQ3pk9Xsz2f?C z$)L$E1phs;WZ)MQDK0~slG|GeFdjB_ZLKBJfIo!mDmwmqQIC#&##Y<%YO&-&JiR#* zNC9O71OfpC00bcK=lzP|oNwy~<_+qO w<3^#j$rMH8F0#v-CnM7+zkI3$6z!ZwC5;|_^5DgA#uoZ}Mb(C17y<$(5H1NUY5)KL literal 0 HcmV?d00001 -- 2.16.6