Add https support in A1 controller

Add self-signed cert for NBI and SBI
Remove ONAP signed certs

Change-Id: I733cb48bf37cb124a330f9a2734920fda010de57
Issue-ID: NONRTRIC-196
Signed-off-by: RehanRaza <muhammad.rehan.raza@est.tech>

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
index da53f92..02e32e7 100644 (file)
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/pom.xml
@@ -115,6 +115,10 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.onap.ccsdk.sli.core</groupId>
             <artifactId>sli-common</artifactId>

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
index 6580983..d317e56 100644 (file)
--- a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/java/org/o_ran_sc/nonrtric/sdnc_a1/northbound/restadapter/RestAdapterImpl.java
@@ -20,11 +20,33 @@
 
 package org.o_ran_sc.nonrtric.sdnc_a1.northbound.restadapter;
 
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Properties;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.ResourceUtils;
 import org.springframework.web.client.RestTemplate;
 
 /**
@@ -36,10 +58,44 @@ import org.springframework.web.client.RestTemplate;
 
 public class RestAdapterImpl implements RestAdapter {
 
-  private RestTemplate restTemplate;
+  private static final String PROPERTIES_FILE = "nonrt-ric-api-provider.properties";
+  private final Logger log = LoggerFactory.getLogger(RestAdapterImpl.class);
+
+  private RestTemplate restTemplateHttp;
+  private RestTemplate restTemplateHttps;
 
   public RestAdapterImpl() {
-    restTemplate = new RestTemplate();
+      restTemplateHttp = new RestTemplate();
+      try {
+          restTemplateHttps = createRestTemplateForHttps();
+      } catch (IOException | UnrecoverableKeyException | KeyManagementException | CertificateException
+              | NoSuchAlgorithmException | KeyStoreException ex) {
+        log.error("Caught exception when trying to create restTemplateHttps: {}", ex.getMessage());
+      }
+  }
+
+  private RestTemplate createRestTemplateForHttps() throws IOException, UnrecoverableKeyException, CertificateException,
+              NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+      InputStream inputStream = RestAdapterImpl.class.getClassLoader().getResourceAsStream(PROPERTIES_FILE);
+      if (inputStream == null) {
+          throw new FileNotFoundException("properties file not found in classpath");
+      } else {
+          Properties properties = new Properties();
+          properties.load(inputStream);
+          final String keystorePassword = properties.getProperty("key-store-password");
+          SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
+                  SSLContexts.custom()
+                             .loadKeyMaterial(ResourceUtils.getFile(properties.getProperty("key-store")),
+                                     keystorePassword.toCharArray(), keystorePassword.toCharArray())
+                             .loadTrustMaterial(null, new TrustSelfSignedStrategy())
+                             .build(),
+                  NoopHostnameVerifier.INSTANCE);
+          HttpClient client = HttpClients.custom().setSSLSocketFactory(scsf).build();
+          HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+          requestFactory.setHttpClient(client);
+          inputStream.close();
+          return new RestTemplate(requestFactory);
+      }
   }
 
   private HttpEntity<?> getHttpEntity(final Object object) {
@@ -69,6 +125,19 @@ public class RestAdapterImpl implements RestAdapter {
   @SuppressWarnings("unchecked")
   private <T> ResponseEntity<T> invokeHttpRequest(String uri, HttpMethod httpMethod, Class<?> clazz,
       HttpEntity<?> entity) {
-    return (ResponseEntity<T>) restTemplate.exchange(uri, httpMethod, entity, clazz);
+    try {
+        URL url = new URL(uri);
+        if (url.getProtocol().equals("https")) {
+            return (ResponseEntity<T>) restTemplateHttps.exchange(uri, httpMethod, entity, clazz);
+        } else if (url.getProtocol().equals("http")) {
+            return (ResponseEntity<T>) restTemplateHttp.exchange(uri, httpMethod, entity, clazz);
+        } else {
+            log.error("Invalid protocol in URL");
+            return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+        }
+    } catch (MalformedURLException ex) {
+        log.error("URL is not valid, exception: {}", ex.getMessage());
+        return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+    }
   }
-}
+}
\ No newline at end of file

diff --git a/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
new file mode 100644 (file)
index 0000000..6a066a6
--- /dev/null
+++ b/sdnc-a1-controller/northbound/nonrt-ric-api/provider/src/main/resources/nonrt-ric-api-provider.properties
@@ -0,0 +1,20 @@
+# ========================LICENSE_START=================================
+# O-RAN-SC
+# %%
+# Copyright (C) 2020 Nordix Foundation
+# %%
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ========================LICENSE_END===================================
+
+key-store-password = sdnc-a1-controller
+key-store = /etc/ssl/certs/java/keystore.jks
\ No newline at end of file

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
index bf8bfe3..3e0b468 100644 (file)
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/pom.xml
@@ -42,9 +42,6 @@
         <sdnc.build.timestamp>${maven.build.timestamp}</sdnc.build.timestamp>
         <sdnc.northbound.version>1.7.3-SNAPSHOT</sdnc.northbound.version>
         <ccsdk.docker.version>0.6.3</ccsdk.docker.version>
-        <sdnc.keystore>org.onap.sdnc.p12</sdnc.keystore>
-        <sdnc.keypass><![CDATA[ff^G9D]yf&r}Ktum@BJ0YB?N]]></sdnc.keypass>
-        <sdnc.secureport>8443</sdnc.secureport>
         <docker.push.phase>deploy</docker.push.phase>
     </properties>
 
@@ -194,7 +191,7 @@
                                     <directory>src/main/resources</directory>
                                     <includes>
                                         <include>idmlight.db.mv.db</include>
-                                        <include>truststoreONAPall.jks</include>
+                                        <include>keystore.jks</include>
                                         <include>aaa-app-config.xml</include>
                                     </includes>
                                     <filtering>false</filtering>
@@ -242,27 +239,6 @@
                             </resources>
                         </configuration>
                     </execution>
-                    <execution>
-                        <id>copy-keystores</id>
-                        <goals>
-                            <goal>copy-resources</goal>
-                        </goals><!-- here the phase you need -->
-                        <phase>validate</phase>
-                        <configuration>
-                            <outputDirectory>${basedir}/target/docker-stage/opt/onap/sdnc/data/stores</outputDirectory>
-                            <resources>
-                                <resource>
-                                    <directory>../src/main/stores</directory>
-                                    <includes>
-                                        <include>*.jks</include>
-                                        <include>*.keyfile</include>
-                                        <include>*.p12</include>
-                                    </includes>
-                                    <filtering>false</filtering>
-                                </resource>
-                            </resources>
-                        </configuration>
-                    </execution>
                 </executions>
             </plugin>
             <plugin>

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
index 3077ee5..80262ff 100755 (executable)
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/docker/standalone.Dockerfile
@@ -25,13 +25,11 @@ MAINTAINER O-RAN-SC NONRTRIC Team
 ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk
 ENV ODL_HOME /opt/opendaylight
 ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
-ENV SDNC_STORE_DIR /opt/onap/sdnc/data/stores
-ENV SSL_CERTS_DIR /etc/ssl/certs
-ENV JAVA_SECURITY_DIR $SSL_CERTS_DIR/java
+ENV JAVA_SECURITY_DIR /etc/ssl/certs/java
 ENV SDNC_NORTHBOUND_REPO mvn:org.o-ran-sc.nonrtric.sdnc-a1.northbound/sdnc-a1-northbound-all/${sdnc.northbound.version}/xml/features
-ENV SDNC_KEYSTORE ${sdnc.keystore}
-ENV SDNC_KEYPASS ${sdnc.keypass}
-ENV SDNC_SECUREPORT ${sdnc.secureport}
+ENV SDNC_KEYSTORE keystore.jks
+ENV SDNC_KEYPASS sdnc-a1-controller
+ENV SDNC_SECUREPORT 8443
 
 USER root
 
@@ -43,15 +41,13 @@ RUN sed -i -e "\|featuresRepositories|s|$|,${SDNC_NORTHBOUND_REPO}|"  $ODL_HOME/
 RUN sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,sdnc-a1-northbound-all|"  $ODL_HOME/etc/org.apache.karaf.features.cfg
 RUN sed -i "s/odl-restconf-all/odl-restconf-all,odl-netconf-topology/g"  $ODL_HOME/etc/org.apache.karaf.features.cfg
 
-# Install ssl and java certificates
-COPY truststoreONAPall.jks $JAVA_SECURITY_DIR
-COPY truststoreONAPall.jks $SDNC_STORE_DIR
-RUN keytool -importkeystore -srckeystore $JAVA_SECURITY_DIR/truststoreONAPall.jks -srcstorepass changeit -destkeystore $JAVA_SECURITY_DIR/cacerts  -deststorepass changeit
+# Install java certificate
+COPY $SDNC_KEYSTORE $JAVA_SECURITY_DIR
 
 # Secure with TLS
 RUN echo org.osgi.service.http.secure.enabled=true >> $ODL_HOME/etc/custom.properties
 RUN echo org.osgi.service.http.secure.port=$SDNC_SECUREPORT >> $ODL_HOME/etc/custom.properties
-RUN echo org.ops4j.pax.web.ssl.keystore=$SDNC_STORE_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
+RUN echo org.ops4j.pax.web.ssl.keystore=$JAVA_SECURITY_DIR/$SDNC_KEYSTORE >> $ODL_HOME/etc/custom.properties
 RUN echo org.ops4j.pax.web.ssl.password=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
 RUN echo org.ops4j.pax.web.ssl.keypassword=$SDNC_KEYPASS >> $ODL_HOME/etc/custom.properties
 
@@ -60,4 +56,4 @@ RUN chown -R odl:odl /opt
 USER odl
 
 ENTRYPOINT /opt/onap/sdnc/bin/startODL.sh
-EXPOSE 8181
+EXPOSE 8181 $SDNC_SECUREPORT

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks
new file mode 100644 (file)
index 0000000..705b284
Binary files /dev/null and b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/keystore.jks differ

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks
deleted file mode 100755 (executable)
index ff844b1..0000000
Binary files a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources/truststoreONAPall.jks and /dev/null differ

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh
deleted file mode 100755 (executable)
index c6f0e5a..0000000
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/addSdncKeyStore.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
-
-keyStoreFile=${SDNC_HOME}/data/stores/sdnc.p12
-
-if [ ! -f ${keyStoreFile} ]
-then
-  keytool -genkeypair -dname "CN=SDNC, OU=ONAP, O=ONAP, L=, S=, C=" -alias sdncKey -keyalg RSA -keysize 1024 -keystore $keyStoreFile -storepass adminadmin -storetype pkcs12
-fi
-

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py
new file mode 100644 (file)
index 0000000..35a1d4b
--- /dev/null
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/healthcheck.py
@@ -0,0 +1,68 @@
+# ============LICENSE_START=======================================================
+#  Copyright (C) 2019 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+
+# coding=utf-8
+import os
+import httplib
+import base64
+import time
+
+username = os.environ['ODL_ADMIN_USERNAME']
+password = os.environ['ODL_ADMIN_PASSWORD']
+TIMEOUT=1000
+INTERVAL=30
+timePassed=0
+
+headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password),
+           'X-FromAppId': 'csit-sdnc',
+           'X-TransactionId': 'csit-sdnc',
+           'Accept':"application/json",
+           'Content-type':"application/json"}
+
+def makeHealthcheckCall(headers, timePassed):
+    connected = False
+    # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200
+    while timePassed < TIMEOUT:
+        try:
+            conn = httplib.HTTPConnection("localhost",8181)
+            req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers)
+            res = conn.getresponse()
+            res.read()
+            if res.status == 200:
+                print ("Healthcheck Passed in %d seconds." %timePassed)
+                connected = True
+                break
+            else:
+                print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
+        except:
+            print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
+        timePassed = timeIncrement(timePassed)
+
+    if timePassed > TIMEOUT:
+        print ("TIME OUT: Healthcheck not passed in  %d seconds... Could cause problems for testing activities..." %TIMEOUT)
+    return connected
+
+
+def timeIncrement(timePassed):
+    time.sleep(INTERVAL)
+    timePassed = timePassed + INTERVAL
+    return timePassed
+
+makeHealthcheckCall(headers, timePassed)

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py
deleted file mode 100644 (file)
index 17ada4c..0000000
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/installCerts.py
+++ /dev/null
@@ -1,202 +0,0 @@
-# ============LICENSE_START=======================================================
-#  Copyright (C) 2019 Nordix Foundation.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-#
-
-
-# coding=utf-8
-import os
-import httplib
-import base64
-import time
-import zipfile
-import shutil
-
-Path = "/tmp"
-
-zipFileList = []
-
-username = os.environ['ODL_ADMIN_USERNAME']
-password = os.environ['ODL_ADMIN_PASSWORD']
-TIMEOUT=1000
-INTERVAL=30
-timePassed=0
-
-postKeystore= "/restconf/operations/netconf-keystore:add-keystore-entry"
-postPrivateKey= "/restconf/operations/netconf-keystore:add-private-key"
-postTrustedCertificate= "/restconf/operations/netconf-keystore:add-trusted-certificate"
-
-
-headers = {'Authorization':'Basic %s' % base64.b64encode(username + ":" + password),
-           'X-FromAppId': 'csit-sdnc',
-           'X-TransactionId': 'csit-sdnc',
-           'Accept':"application/json",
-           'Content-type':"application/json"}
-
-def readFile(folder, file):
-    key = open(Path + "/" + folder + "/" + file, "r")
-    fileRead = key.read()
-    key.close()
-    fileRead = "\n".join(fileRead.splitlines()[1:-1])
-    return fileRead
-
-def readTrustedCertificate(folder, file):
-    listCert = list()
-    caPem = ""
-    startCa = False
-    key = open(Path + "/" + folder + "/" + file, "r")
-    lines = key.readlines()
-    for line in lines:
-        if not "BEGIN CERTIFICATE" in line and not "END CERTIFICATE" in line and startCa:
-            caPem += line
-        elif "BEGIN CERTIFICATE" in line:
-            startCa = True
-        elif "END CERTIFICATE" in line:
-            startCa = False
-            listCert.append(caPem)
-            caPem = ""
-    return listCert
-
-def makeKeystoreKey(clientKey, count):
-    odl_private_key="ODL_private_key_%d" %count
-
-    json_keystore_key='{{\"input\": {{ \"key-credential\": {{\"key-id\": \"{odl_private_key}\", \"private-key\" : ' \
-                      '\"{clientKey}\",\"passphrase\" : \"\"}}}}}}'.format(
-        odl_private_key=odl_private_key,
-        clientKey=clientKey)
-
-    return json_keystore_key
-
-
-
-def makePrivateKey(clientKey, clientCrt, certList, count):
-    caPem = ""
-    for cert in certList:
-        caPem += '\"%s\",' % cert
-
-    caPem = caPem.rsplit(',', 1)[0]
-    odl_private_key="ODL_private_key_%d" %count
-
-    json_private_key='{{\"input\": {{ \"private-key\":{{\"name\": \"{odl_private_key}\", \"data\" : ' \
-                     '\"{clientKey}\",\"certificate-chain\":[\"{clientCrt}\",{caPem}]}}}}}}'.format(
-        odl_private_key=odl_private_key,
-        clientKey=clientKey,
-        clientCrt=clientCrt,
-        caPem=caPem)
-
-    return json_private_key
-
-def makeTrustedCertificate(certList, count):
-    number = 0
-    json_cert_format = ""
-    for cert in certList:
-        cert_name = "xNF_CA_certificate_%d_%d" %(count, number)
-        json_cert_format += '{{\"name\": \"{trusted_name}\",\"certificate\":\"{cert}\"}},\n'.format(
-            trusted_name=cert_name,
-            cert=cert.strip())
-        number += 1
-
-    json_cert_format = json_cert_format.rsplit(',', 1)[0]
-    json_trusted_cert='{{\"input\": {{ \"trusted-certificate\": [{certificates}]}}}}'.format(
-        certificates=json_cert_format)
-    return json_trusted_cert
-
-
-def makeRestconfPost(conn, json_file, apiCall):
-    req = conn.request("POST", apiCall, json_file, headers=headers)
-    res = conn.getresponse()
-    res.read()
-    if res.status != 200:
-        print "Error here, response back wasnt 200: Response was : %d , %s" % (res.status, res.reason)
-    else:
-        print res.status, res.reason
-
-def extractZipFiles(zipFileList, count):
-    for zipFolder in zipFileList:
-        with zipfile.ZipFile(Path + "/" + zipFolder.strip(),"r") as zip_ref:
-            zip_ref.extractall(Path)
-        folder = zipFolder.rsplit(".")[0]
-        processFiles(folder, count)
-
-def processFiles(folder, count):
-    conn = httplib.HTTPConnection("localhost",8181)
-    for file in os.listdir(Path + "/" + folder):
-        if os.path.isfile(Path + "/" + folder + "/" + file.strip()):
-            if ".key" in file:
-                clientKey = readFile(folder, file.strip())
-            elif "trustedCertificate" in file:
-                certList = readTrustedCertificate(folder, file.strip())
-            elif ".crt" in file:
-                clientCrt = readFile(folder, file.strip())
-        else:
-            print "Could not find file %s" % file.strip()
-    shutil.rmtree(Path + "/" + folder)
-    json_keystore_key = makeKeystoreKey(clientKey, count)
-    json_private_key = makePrivateKey(clientKey, clientCrt, certList, count)
-    json_trusted_cert = makeTrustedCertificate(certList, count)
-
-    makeRestconfPost(conn, json_keystore_key, postKeystore)
-    makeRestconfPost(conn, json_private_key, postPrivateKey)
-    makeRestconfPost(conn, json_trusted_cert, postTrustedCertificate)
-
-def makeHealthcheckCall(headers, timePassed):
-    connected = False
-    # WAIT 10 minutes maximum and test every 30 seconds if HealthCheck API is returning 200
-    while timePassed < TIMEOUT:
-        try:
-            conn = httplib.HTTPConnection("localhost",8181)
-            req = conn.request("POST", "/restconf/operations/SLI-API:healthcheck",headers=headers)
-            res = conn.getresponse()
-            res.read()
-            if res.status == 200:
-                print ("Healthcheck Passed in %d seconds." %timePassed)
-                connected = True
-                break
-            else:
-                print ("Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
-        except:
-            print ("Cannot execute REST call. Sleep: %d seconds before testing if Healthcheck worked. Total wait time up now is: %d seconds. Timeout is: %d seconds" %(INTERVAL, timePassed, TIMEOUT))
-        timePassed = timeIncrement(timePassed)
-
-    if timePassed > TIMEOUT:
-        print ("TIME OUT: Healthcheck not passed in  %d seconds... Could cause problems for testing activities..." %TIMEOUT)
-    return connected
-
-
-def timeIncrement(timePassed):
-    time.sleep(INTERVAL)
-    timePassed = timePassed + INTERVAL
-    return timePassed
-
-def readCertProperties():
-    connected = makeHealthcheckCall(headers, timePassed)
-
-    if connected:
-        count = 0
-        if os.path.isfile(Path + "/certs.properties"):
-            with open(Path + "/certs.properties", "r") as f:
-                for line in f:
-                    if not "*****" in line:
-                        zipFileList.append(line)
-                    else:
-                        extractZipFiles(zipFileList, count)
-                        count += 1
-                        del zipFileList[:]
-        else:
-            print "Error: File not found in path entered"
-
-readCertProperties()

diff --git a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
index 1b8f519..78d3ea3 100755 (executable)
--- a/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
+++ b/sdnc-a1-controller/oam/installation/sdnc-a1/src/main/scripts/startODL.sh
@@ -53,8 +53,6 @@ if [ ! -f ${INSTALLED_DIR}/.installed ]
 then
        echo "Installing SDNC-A1 database"
        ${SDNC_HOME}/bin/installSdncDb.sh
-       echo "Installing SDNC-A1 keyStore"
-       ${SDNC_HOME}/bin/addSdncKeyStore.sh
 
        if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ]
        then
@@ -63,8 +61,6 @@ then
        fi
 fi
 
-cp /opt/opendaylight/current/certs/* /tmp
-
-nohup python ${SDNC_BIN}/installCerts.py &
+nohup python ${SDNC_BIN}/healthcheck.py &
 
 exec ${ODL_HOME}/bin/karaf server

diff --git a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props b/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props
deleted file mode 100644 (file)
index 8898383..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.cred.props
+++ /dev/null
@@ -1,17 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-#   by ubuntu
-#   on 2019-04-26T17:48:02.614+0000
-# @copyright 2019, AT&T
-############################################################
-Challenge=enc:YLFZL0xwmf-22zzHjNwMDus4xQhhjOO_HERh0LisPjGFMODJtM77jjh7EctH-Pme
-cadi_alias=sdnc@sdnc.onap.org
-cadi_key_password=enc:fbgVR_kMh7wuaEfm16VlW84HJR_yiob_CUf3oDXSE0K2yPlp0t55xT335GMh8ZSv
-cadi_keyfile=/opt/sdnc/data/stores/org.onap.sdnc.keyfile
-cadi_keystore=/opt/sdnc/data/stores/org.onap.sdnc.p12
-cadi_keystore_password=enc:xAl_o-JBdI86B4pDUNyrY9IauP54ecsXLUZYl_9p9R4Roybcnppqwwkdp_wJq1Ir
-cadi_keystore_password_jks=enc:Qf5-2ZRKRMYBwvO14qENypmu4A1HNjkdu_KkM0N5i7v7QjC_GmshNrYmmeWLQWIr
-cadi_keystore_password_p12=enc:xAl_o-JBdI86B4pDUNyrY9IauP54ecsXLUZYl_9p9R4Roybcnppqwwkdp_wJq1Ir
-cadi_truststore=/opt/sdnc/data/stores/org.onap.sdnc.trust.jks
-cadi_truststore_password=enc:U-tuJC67-g5WkC4o8aYf-zqxfB-u2ep3NcB9CZt3VfGCP_NhTWFYVx8mCL3S-jhU
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US

diff --git a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props b/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props
deleted file mode 100644 (file)
index 5b96b90..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/properties/org.onap.sdnc.props
+++ /dev/null
@@ -1,15 +0,0 @@
-############################################################
-# Properties Generated by AT&T Certificate Manager
-#   by root
-#   on 2019-02-15T20:08:07.125+0000
-# @copyright 2016, AT&T
-############################################################
-aaf_id=sdnc@sdnc.onap.org
-aaf_locate_url=https://aaf-onap-test.osaaf.org:8095
-aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1
-cadi_etc_dir=/opt/sdnc/data/stores
-cadi_latitude=38.432899
-cadi_longitude=-90.43248
-cadi_prop_files=/opt/sdnc/data/properties/org.onap.sdnc.cred.props
-cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1
-cadi_bath_convert=/opt/sdnc/data/properties/bath_config.csv

diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12 b/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12
deleted file mode 100644 (file)
index 8fb4e2c..0000000
Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/keystore.sdnc.p12 and /dev/null differ

diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile
deleted file mode 100644 (file)
index 4bbb0ab..0000000
--- a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.keyfile
+++ /dev/null
@@ -1,27 +0,0 @@
-ssTXV3XxGHmaZ_tDK60bUUwJMidA6-cMQbn8EVO1HWhwTS3vhftirZkfE-Ymv0xkhB82LT05cTjv
-MnM6E_OU8ZzQtNCb0XTTsOU-xTExWuIJzgfTKDanH14OB83r-pM0Q1z3iOjgIZyKNn7Qtl-7FyJu
-Fr6bmPKFMMSDROwH347eYBpunVPIa1X0NNqJcHDQsWFhW0bgsfRMnP3XZNltqbuAFZocYsY3Tk5N
-Iz52WXz6-nSWYBO0sPuBUZmkck1zKZ9PMn2SAPYx1V3i1-kOBLE6AHj-ad7e_dnJjdSTrjhG5z81
-QtmwAevh2ROCdNXTeyurrGXaLrMluE9csSVIp0YCCuhUCX02oDQBqIY5IDIQtAIXS8_i2bJWwmMv
-tZOTavGZH1_nwyQQ60lWF8w0GtL1m-s1SVH5v8VunYrjdnwFsrwUkKWfmz70OWFy6RwRis4IL434
-ln0RY48K-E_93jw3pbV4vZFTo8-RO59DGr_0pZf7ZhDSNrdy8sMpaSeHjjrVMfD5TI-JWDdzaKhi
-edKGZN_MZLfgPKwXTfXLDQKxowLUoDpEKfAj_KSOAdTCB2piala6Ht3FM5zfXFY7PnYgDho1fe2j
-nSWQhN6BqMr4LVKCLVonIiiAgyEetseUnW5_FCcFJALhfEKG4CHI0TvbRZ9IG7SwEFBovrk3RkBv
--UHxqqUAi9W3Zdm6wmYtSsUaT-lmMomJxHigWn9vCJ6fO0r_KSoGo-u8idP8P989hNdLqKx6sVWa
-en-Kyf0YUvYUk6TblucGVG0UYpjqMAr64tA2_a595QWriVRsxFWTZXBiXWUrOtbXxYZ6vn4jLomF
-KWAOu7ot-SQa9zAAAgIme5VB3I2h9s0mUOsQd-T1fJq_CdAGzyqXmBwt8TO4G8iQCMUtOptxJ220
-dq_unPUWJylDuU_9fTY95PLSIGfTCwOedOJb5A9IvyN_mahSPZqYH3a0P6gOgHPxQfTrUid31u7a
-BqsQdKKMoWCT7ZdX-ja95f3Z3PzHxhlI2dr1nCRBkN89GLyIK70dVN2QTVVWV5B4hLoyrON6QVwy
-1csZ1X6UGO-4YOX3_GUacJSnCenZzJFbn3moCkZ-QfpwU7Cqq2I7DEa8bDKz1sdeNtycOxiQnmnA
-AnVdXfOavctGcpA6tWyj-WAkZvV6yedt6Kb4BPL5_qDsCNa0r1wYNaQqzH1bYQnJu0aVjspTzlj4
-2ik_2i9t36Avoqj_g3e8fvwmF0r__yPpF2oULa4LcIQ8Cs3U9Oq3BmxlNXlEj7dyNOTIlJLcvrzX
-Js_5iv5rA_rIWY7YpOc-UCVrZw3yb8Ih-XI4tNuUn3qE7tHHQclWrrYRVM2Jt_u-73WYqL-iCvwQ
-BU5soWkSK5TwgR1BHfDs5-yNh1MRnr9RbNd8x_p3ohQrFtepgBHodTl98er9XANCy-HycLZhDP3D
-TUQdWVKxAwDFVBB-p6itYB9oVvkQtSosLQUYcAjbMTrFz4zqOj0CHMvquE-Wbznkayo5ZdvKoPXk
-loNtiG4qPx3UXpvfHElps-vPi8y1TlcmwqWEOn2vxKd5IIk2fglHXM9tv2m86XRgvTjppSs1V7NS
-Uoz_C_bW8zH5D-Twmq2DGHxuKbpUpqe0FDFXxoQezGCVhN6bzp-44CBkz9I9QeNVkm3XFu8s2fDn
-PeP2B_hGxkLhJHAJ28_3zZex818zqvFW-flWY43w6Cke8qWns3gxdyvXLUTluoidkFdTEvMBPIos
-itOB1MsLxsZNdAZtn3vxANPm7dTf8YIAJdMYH6yL9G83PxgKZ8uhoIZIsbrV2UWOJMLH8agctEZI
-pFqCipM8RZwuZwq7JmTYPyIjUDVTvAmiLJbG127T9eAfrZa2TYDWaE469v9f-7MdTD4_PK2JSogD
-8dg30EruD1VwQq03M98hL9EQsRNwAZ4MAshE2Kp3jQje2A-ZxGtMKNiw6DV0j3BM42FBitpV-Ley
-UaqWwELwDh7-BFmUeCu_RSP4XwrTUcOV725yIYcGkk06wLahMf2UvFzYS3PAmZLrs4fvLMK5
\ No newline at end of file

diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12 b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12
deleted file mode 100644 (file)
index 079ee67..0000000
Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.p12 and /dev/null differ

diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks b/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks
deleted file mode 100644 (file)
index e1f2e57..0000000
Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/org.onap.sdnc.trust.jks and /dev/null differ

diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks b/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks
deleted file mode 100755 (executable)
index 28afd8f..0000000
Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.onap.client.jks and /dev/null differ

diff --git a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks b/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks
deleted file mode 100644 (file)
index 6c854b4..0000000
Binary files a/sdnc-a1-controller/oam/installation/src/main/stores/truststore.openecomp.client.jks and /dev/null differ

diff --git a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
index acf15a1..7051351 100644 (file)
--- a/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
+++ b/sdnc-a1-controller/oam/installation/src/main/yaml/docker-compose.yml
@@ -47,6 +47,7 @@ services:
     entrypoint: ["/opt/onap/sdnc/bin/startODL.sh"]
     ports:
       - "8282:8181"
+      - "8383:8443"
     links:
       - db:dbhost
       - db:sdnctldb01