From: ychacon <yennifer.chacon@est.tech>
Date: Wed, 1 Feb 2023 15:42:20 +0000 (+0100)
Subject: Add support for https
X-Git-Tag: 1.1.0~30^2
X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F45%2F10345%2F1;p=nonrtric%2Fplt%2Fsme.git

Add support for https

Issue-ID: NONRTRIC-835
Signed-off-by: ychacon <yennifer.chacon@est.tech>
Change-Id: Iaca97d8efb86d97595469e3436786c2c880ee93b
---

diff --git a/capifcore/README.md b/capifcore/README.md
index faa18a6..1f70c6e 100644
--- a/capifcore/README.md
+++ b/capifcore/README.md
@@ -94,6 +94,6 @@ The application can also be built as a Docker image, by using the following comm
 
 To run the Core Function from the command line, run the following commands from this folder. For the parameter `chartMuseumUrl`, if it is not provided CAPIF Core will not do any Helm integration, i.e. try to start any Halm chart when publishing a service.
 
-    ./capifcore [-port <port (default 8090)>] [-chartMuseumUrl <URL to ChartMuseum>] [-repoName <Helm repo name (default capifcore)>] [-loglevel <log level (default Info)>]
+    ./capifcore [-port <port (default 8090)>] [-secPort <Secure port (default 4433)>] [-chartMuseumUrl <URL to ChartMuseum>] [-repoName <Helm repo name (default capifcore)>] [-loglevel <log level (default Info)>] [-certPath <Path to certificate>] [-keyPath <Path to private key>]
 
 To run CAPIF Core as a K8s pod together with ChartMuseum, start and stop scripts are provided. The pod configurations are provided in the `configs` folder. CAPIF Core is then available on port `31570`.
diff --git a/capifcore/certs/cert.pem b/capifcore/certs/cert.pem
new file mode 100644
index 0000000..e6037cb
--- /dev/null
+++ b/capifcore/certs/cert.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMzCCAZygAwIBAgIRAI4ZifW8kkZA8erUGGlExBIwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEChMHQWNtZSBDbzAgFw03MDAxMDEwMDAwMDBaGA8yMDg0MDEyOTE2
+MDAwMFowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEAvjU9/c+2dpoRRMnJPMh9eGAWA0cfg2h+AVotSVCqgJ+Hlr91BWCE0dDV
+nIlNGVXZSkxI4rRTI3DZi8wdEWNeiPBIQDbUpNDofCZ/AeAMfzhMb3cyMMZcZMG6
+Zx0aXvEdZhAmJjBUAT1+XrIAegLQvhN2g9awcaWVkuxoawG2HF0CAwEAAaOBhjCB
+gzAOBgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUuhJx8jwPJYB3Zg2Aaa4ZsVZ78v8wLAYDVR0RBCUw
+I4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMA0GCSqGSIb3DQEB
+CwUAA4GBAKHALs8ifFaoVQw0GaCmIQt/yS9eWcssGGJHmAMyXTn78wsjnTdySDjv
+ZG7naV3uFs1ffA8eci5p1Hjzt8JFFGfLgHaoqnZW84+giwGI0RJKLz1dwnSsoHBz
+VKxIPMRm2xkQTiOMWX5YlbhiQf5rbx2OEaOqscM2H1DEwXSXFtjd
+-----END CERTIFICATE-----
diff --git a/capifcore/certs/key.pem b/capifcore/certs/key.pem
new file mode 100644
index 0000000..95de966
--- /dev/null
+++ b/capifcore/certs/key.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAL41Pf3PtnaaEUTJ
+yTzIfXhgFgNHH4NofgFaLUlQqoCfh5a/dQVghNHQ1ZyJTRlV2UpMSOK0UyNw2YvM
+HRFjXojwSEA21KTQ6HwmfwHgDH84TG93MjDGXGTBumcdGl7xHWYQJiYwVAE9fl6y
+AHoC0L4TdoPWsHGllZLsaGsBthxdAgMBAAECgYEAklky5mwAT0cBzHSZ4qu8Znc/
+2KvLoncupGm2+HcZiTe1wpZzOnzmFO3ivbui18CHHLSPS+dFJLq6l+an4u4bGFu7
+HrbZPwPqrlPHt/sSrPlhk7J/bLqwdhIGgHZje5XYZUqobhRdRR505Lqz20eEZeax
+zzgIa2v7uiYmh/COQsECQQDr92Refg3w32QEvtmnumcq7Q3Rdy/8ol8kqP/LeaV6
+rYHV23Dj5qV3HXJpL7DOKNOkzYnfZ7tN7Ur0p5xANVwRAkEAzltQl6eCiVWtYO6G
+cTf5LLBYuhu7KJD2LCFwWeNdAF652yczunIc8K8UgVkuPPVMzP/fRxvv7+vfo6Lx
+9p73jQJALRBeFr20I+BF1bItFx8+PLBxByPgAjtwOCweTdm5hKhGN3VlJeESkKEL
+DJOTDIw3fy3RutywpL1Ap2CrMof+QQJAcjqOFET/t3Ib9YpUFZw8bIZ5txvesIf+
+HVOtU7TOKIRHMY8zzUOZzYm9OhTZyZioGNqTCFPor9DMDVMHydMZiQJBAN0Cd3SO
+RyyC7drmNy7oCdZe+WSKUHvgoE/J8y91AK7FREiPMgEEQSeOe7wPVzHuzDfWGRSu
+0CYjIAUsES7Oizc=
+-----END PRIVATE KEY-----
diff --git a/capifcore/main.go b/capifcore/main.go
index 2cd5ccc..1c1890f 100644
--- a/capifcore/main.go
+++ b/capifcore/main.go
@@ -54,9 +54,13 @@ var repoName string
 
 func main() {
 	var port = flag.Int("port", 8090, "Port for CAPIF Core Function HTTP server")
+	var secPort = flag.Int("secPort", 4433, "Port for CAPIF Core Function HTTPS server")
 	flag.StringVar(&url, "chartMuseumUrl", "", "ChartMuseum URL")
 	flag.StringVar(&repoName, "repoName", "capifcore", "Repository name")
 	var logLevelStr = flag.String("loglevel", "Info", "Log level")
+	var certPath = flag.String("certPath", "certs/cert.pem", "Path for server certificate")
+	var keyPath = flag.String("keyPath", "certs/key.pem", "Path for server private key")
+
 	flag.Parse()
 
 	if loglevel, err := log.ParseLevel(*logLevelStr); err == nil {
@@ -71,6 +75,7 @@ func main() {
 	}
 
 	go startWebServer(getEcho(), *port)
+	go startHttpsWebServer(getEcho(), *secPort, *certPath, *keyPath)
 
 	log.Info("Server started and listening on port: ", *port)
 
@@ -162,13 +167,17 @@ func startWebServer(e *echo.Echo, port int) {
 	e.Logger.Fatal(e.Start(fmt.Sprintf("0.0.0.0:%d", port)))
 }
 
+func startHttpsWebServer(e *echo.Echo, port int, certPath string, keyPath string) {
+	e.Logger.Fatal(e.StartTLS(fmt.Sprintf("0.0.0.0:%d", port), certPath, keyPath))
+}
+
 func keepServerAlive() {
 	forever := make(chan int)
 	<-forever
 }
 
 func hello(c echo.Context) error {
-	return c.String(http.StatusOK, "Hello, World!\n")
+	return c.String(http.StatusOK, "Hello, World!")
 }
 
 func getSwagger(c echo.Context) error {
diff --git a/capifcore/main_test.go b/capifcore/main_test.go
index f3a5f15..7d77b92 100644
--- a/capifcore/main_test.go
+++ b/capifcore/main_test.go
@@ -21,8 +21,12 @@
 package main
 
 import (
+	"crypto/tls"
+	"fmt"
+	"io"
 	"net/http"
 	"testing"
+	"time"
 
 	"github.com/deepmap/oapi-codegen/pkg/testutil"
 	"github.com/getkin/kin-openapi/openapi3"
@@ -189,3 +193,32 @@ func TestGetSwagger(t *testing.T) {
 	assert.Contains(t, *errorResponse.Cause, "Invalid API")
 	assert.Contains(t, *errorResponse.Cause, invalidApi)
 }
+
+func TestHTTPSServer(t *testing.T) {
+	e = getEcho()
+	var port = 44333
+	go startHttpsWebServer(e, 44333, "certs/cert.pem", "certs/key.pem") //"certs/test/cert.pem", "certs/test/key.pem"
+
+	time.Sleep(100 * time.Millisecond)
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+
+	client := &http.Client{Transport: tr}
+	res, err := client.Get(fmt.Sprintf("https://localhost:%d", port))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	defer res.Body.Close()
+	assert.Equal(t, res.StatusCode, res.StatusCode)
+
+	body, err := io.ReadAll(res.Body)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	expected := []byte("Hello, World!")
+	assert.Equal(t, expected, body)
+}