From 6d503afd38bdf9823bda3dfe3d307adaeb6f7eee Mon Sep 17 00:00:00 2001
From: PatrikBuhr <patrik.buhr@est.tech>
Date: Thu, 7 May 2020 12:30:21 +0200
Subject: [PATCH] Added upport for trust store when agent acts as web client

Updated Dmaap so it uses http towards the agent NBI instead of https

Change-Id: Ia30ac783683efa478bc8ab56dc4ac8311b03f8f0
Issue-ID: NONRTRIC-195
Signed-off-by: PatrikBuhr <patrik.buhr@est.tech>
---
 policy-agent/config/application.yaml               |   9 ++-
 .../java/org/oransc/policyagent/BeanFactory.java   |  12 +++-
 .../policyagent/clients/A1ClientFactory.java       |   4 +-
 .../policyagent/clients/AsyncRestClient.java       |  71 +++++++++++++++++++--
 .../oransc/policyagent/clients/OscA1Client.java    |   5 +-
 .../policyagent/clients/StdA1ClientVersion1.java   |   5 +-
 .../configuration/ApplicationConfig.java           |  35 ++++++----
 .../policyagent/configuration/WebClientConfig.java |  35 ++++++++++
 .../policyagent/dmaap/DmaapMessageConsumer.java    |   6 +-
 policy-agent/src/main/resources/keystore.jks       | Bin 2611 -> 3587 bytes
 .../org/oransc/policyagent/ApplicationTest.java    |   5 +-
 .../org/oransc/policyagent/MockPolicyAgent.java    |   6 +-
 12 files changed, 158 insertions(+), 35 deletions(-)
 create mode 100644 policy-agent/src/main/java/org/oransc/policyagent/configuration/WebClientConfig.java

diff --git a/policy-agent/config/application.yaml b/policy-agent/config/application.yaml
index 4010219b..55a1d64c 100644
--- a/policy-agent/config/application.yaml
+++ b/policy-agent/config/application.yaml
@@ -21,12 +21,17 @@ logging:
   file: /var/log/policy-agent/application.log
 server:
    port : 8433
+   http-port: 8081
    ssl:
-      key-store-type: PKCS12
+      key-store-type: JKS
       key-store-password: policy_agent
       key-store: classpath:keystore.jks
       key-password: policy_agent
+      key-alias: policy_agent
 app:
   filepath: /opt/app/policy-agent/config/application_configuration.json
-
+  webclient:
+    trust-store-used: false
+    trust-store-password: policy_agent
+    trust-store: classpath:keystore.jks
 
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/BeanFactory.java b/policy-agent/src/main/java/org/oransc/policyagent/BeanFactory.java
index e2874cb7..1e01247a 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/BeanFactory.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/BeanFactory.java
@@ -29,6 +29,7 @@ import org.oransc.policyagent.repository.Policies;
 import org.oransc.policyagent.repository.PolicyTypes;
 import org.oransc.policyagent.repository.Rics;
 import org.oransc.policyagent.repository.Services;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
 import org.springframework.context.annotation.Bean;
@@ -38,6 +39,9 @@ import org.springframework.context.annotation.Configuration;
 class BeanFactory {
     private final ApplicationConfig applicationConfig = new ApplicationConfig();
 
+    @Value("${server.http-port}")
+    private int httpPort = 0;
+
     @Bean
     public Policies getPolicies() {
         return new Policies();
@@ -76,14 +80,16 @@ class BeanFactory {
     @Bean
     public ServletWebServerFactory servletContainer() {
         TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
-        tomcat.addAdditionalTomcatConnectors(getHttpConnector());
+        if (httpPort > 0) {
+            tomcat.addAdditionalTomcatConnectors(getHttpConnector(httpPort));
+        }
         return tomcat;
     }
 
-    private static Connector getHttpConnector() {
+    private static Connector getHttpConnector(int httpPort) {
         Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
         connector.setScheme("http");
-        connector.setPort(8081);
+        connector.setPort(httpPort);
         connector.setSecure(false);
         return connector;
     }
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/clients/A1ClientFactory.java b/policy-agent/src/main/java/org/oransc/policyagent/clients/A1ClientFactory.java
index 57ac9809..322958a6 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/clients/A1ClientFactory.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/clients/A1ClientFactory.java
@@ -69,10 +69,10 @@ public class A1ClientFactory {
     A1Client createClient(Ric ric, A1ProtocolType version) throws ServiceException {
         if (version == A1ProtocolType.STD_V1_1) {
             assertNoControllerConfig(ric, version);
-            return new StdA1ClientVersion1(ric.getConfig());
+            return new StdA1ClientVersion1(ric.getConfig(), this.appConfig.getWebClientConfig());
         } else if (version == A1ProtocolType.OSC_V1) {
             assertNoControllerConfig(ric, version);
-            return new OscA1Client(ric.getConfig());
+            return new OscA1Client(ric.getConfig(), this.appConfig.getWebClientConfig());
         } else if (version == A1ProtocolType.SDNC_OSC_STD_V1_1 || version == A1ProtocolType.SDNC_OSC_OSC_V1) {
             return new SdncOscA1Client(version, ric.getConfig(), getControllerConfig(ric));
         } else if (version == A1ProtocolType.SDNC_ONAP) {
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java b/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java
index 750b074d..cefc7ca8 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/clients/AsyncRestClient.java
@@ -27,17 +27,29 @@ import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.netty.handler.timeout.ReadTimeoutHandler;
 import io.netty.handler.timeout.WriteTimeoutHandler;
 
+import java.io.FileInputStream;
+import java.io.IOException;
 import java.lang.invoke.MethodHandles;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.List;
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.stream.Collectors;
 
-import javax.net.ssl.SSLException;
-
+import org.oransc.policyagent.configuration.ImmutableWebClientConfig;
+import org.oransc.policyagent.configuration.WebClientConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.reactive.ReactorClientHttpConnector;
 import org.springframework.lang.Nullable;
+import org.springframework.util.ResourceUtils;
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.reactive.function.client.WebClient.RequestHeadersSpec;
 import org.springframework.web.reactive.function.client.WebClientResponseException;
@@ -54,9 +66,16 @@ public class AsyncRestClient {
     private WebClient webClient = null;
     private final String baseUrl;
     private static final AtomicInteger sequenceNumber = new AtomicInteger();
+    private final WebClientConfig clientConfig;
 
     public AsyncRestClient(String baseUrl) {
+        this(baseUrl,
+            ImmutableWebClientConfig.builder().isTrustStoreUsed(false).trustStore("").trustStorePassword("").build());
+    }
+
+    public AsyncRestClient(String baseUrl, WebClientConfig config) {
         this.baseUrl = baseUrl;
+        this.clientConfig = config;
     }
 
     public Mono<ResponseEntity<String>> postForEntity(String uri, @Nullable String body) {
@@ -185,13 +204,53 @@ public class AsyncRestClient {
         }
     }
 
-    private static SslContext createSslContext() throws SSLException {
+    private boolean isCertificateEntry(KeyStore trustStore, String alias) {
+        try {
+            return trustStore.isCertificateEntry(alias);
+        } catch (KeyStoreException e) {
+            logger.error("Error reading truststore {}", e.getMessage());
+            return false;
+        }
+    }
+
+    private Certificate getCertificate(KeyStore trustStore, String alias) {
+        try {
+            return trustStore.getCertificate(alias);
+        } catch (KeyStoreException e) {
+            logger.error("Error reading truststore {}", e.getMessage());
+            return null;
+        }
+    }
+
+    SslContext createSslContextSecure(String trustStorePath, String trustStorePass)
+        throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
+
+        final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        trustStore.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
+
+        List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
+            .filter(alias -> isCertificateEntry(trustStore, alias)) //
+            .map(alias -> getCertificate(trustStore, alias)) //
+            .collect(Collectors.toList());
+        final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
+
         return SslContextBuilder.forClient() //
-            .trustManager(InsecureTrustManagerFactory.INSTANCE) //
+            .trustManager(certificates) //
             .build();
     }
 
-    private static WebClient createWebClient(String baseUrl, SslContext sslContext) {
+    private SslContext createSslContext()
+        throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
+        if (this.clientConfig.isTrustStoreUsed()) {
+            return createSslContextSecure(this.clientConfig.trustStore(), this.clientConfig.trustStorePassword());
+        } else {
+            return SslContextBuilder.forClient() //
+                .trustManager(InsecureTrustManagerFactory.INSTANCE) //
+                .build();
+        }
+    }
+
+    private WebClient createWebClient(String baseUrl, SslContext sslContext) {
         TcpClient tcpClient = TcpClient.create() //
             .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10_000) //
             .secure(c -> c.sslContext(sslContext)) //
@@ -213,7 +272,7 @@ public class AsyncRestClient {
             try {
                 SslContext sslContext = createSslContext();
                 this.webClient = createWebClient(this.baseUrl, sslContext);
-            } catch (SSLException e) {
+            } catch (Exception e) {
                 logger.error("Could not create WebClient {}", e.getMessage());
                 return Mono.error(e);
             }
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/clients/OscA1Client.java b/policy-agent/src/main/java/org/oransc/policyagent/clients/OscA1Client.java
index 99e5bae4..a388267e 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/clients/OscA1Client.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/clients/OscA1Client.java
@@ -25,6 +25,7 @@ import java.util.List;
 
 import org.json.JSONObject;
 import org.oransc.policyagent.configuration.RicConfig;
+import org.oransc.policyagent.configuration.WebClientConfig;
 import org.oransc.policyagent.repository.Policy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -116,8 +117,8 @@ public class OscA1Client implements A1Client {
     private final AsyncRestClient restClient;
     private final UriBuilder uri;
 
-    public OscA1Client(RicConfig ricConfig) {
-        this(ricConfig, new AsyncRestClient(""));
+    public OscA1Client(RicConfig ricConfig, WebClientConfig clientConfig) {
+        this(ricConfig, new AsyncRestClient("", clientConfig));
     }
 
     public OscA1Client(RicConfig ricConfig, AsyncRestClient restClient) {
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/clients/StdA1ClientVersion1.java b/policy-agent/src/main/java/org/oransc/policyagent/clients/StdA1ClientVersion1.java
index f5486a58..4ebc25c6 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/clients/StdA1ClientVersion1.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/clients/StdA1ClientVersion1.java
@@ -24,6 +24,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import org.oransc.policyagent.configuration.RicConfig;
+import org.oransc.policyagent.configuration.WebClientConfig;
 import org.oransc.policyagent.repository.Policy;
 
 import reactor.core.publisher.Flux;
@@ -84,8 +85,8 @@ public class StdA1ClientVersion1 implements A1Client {
     private final AsyncRestClient restClient;
     private final UriBuilder uri;
 
-    public StdA1ClientVersion1(RicConfig ricConfig) {
-        this(new AsyncRestClient(""), ricConfig);
+    public StdA1ClientVersion1(RicConfig ricConfig, WebClientConfig webClientConfig) {
+        this(new AsyncRestClient("", webClientConfig), ricConfig);
     }
 
     public StdA1ClientVersion1(AsyncRestClient restClient, RicConfig ricConfig) {
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/configuration/ApplicationConfig.java b/policy-agent/src/main/java/org/oransc/policyagent/configuration/ApplicationConfig.java
index 052a96ca..6c2c91b2 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/configuration/ApplicationConfig.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/configuration/ApplicationConfig.java
@@ -31,15 +31,27 @@ import javax.validation.constraints.NotEmpty;
 import lombok.Getter;
 
 import org.oransc.policyagent.exceptions.ServiceException;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import reactor.core.publisher.Flux;
 
 @EnableConfigurationProperties
-@ConfigurationProperties("app")
+@ConfigurationProperties()
 public class ApplicationConfig {
     @NotEmpty
-    private String filepath;
+    @Getter
+    @Value("${app.filepath}")
+    private String localConfigurationFilePath;
+
+    @Value("${app.webclient.trust-store-used}")
+    private boolean sslTrustStoreUsed = false;
+
+    @Value("${app.webclient.trust-store-password}")
+    private String sslTrustStorePassword = "";
+
+    @Value("${app.webclient.trust-store}")
+    private String sslTrustStore = "";
 
     private Map<String, RicConfig> ricConfigs = new HashMap<>();
     @Getter
@@ -49,21 +61,18 @@ public class ApplicationConfig {
 
     private Map<String, ControllerConfig> controllerConfigs = new HashMap<>();
 
-    public String getLocalConfigurationFilePath() {
-        return this.filepath;
-    }
-
-    /*
-     * Do not remove, used by framework!
-     */
-    public synchronized void setFilepath(String filepath) {
-        this.filepath = filepath;
-    }
-
     public synchronized Collection<RicConfig> getRicConfigs() {
         return this.ricConfigs.values();
     }
 
+    public WebClientConfig getWebClientConfig() {
+        return ImmutableWebClientConfig.builder() //
+            .isTrustStoreUsed(this.sslTrustStoreUsed) //
+            .trustStore(this.sslTrustStore) //
+            .trustStorePassword(this.sslTrustStorePassword) //
+            .build();
+    }
+
     public synchronized ControllerConfig getControllerConfig(String name) throws ServiceException {
         ControllerConfig controllerConfig = this.controllerConfigs.get(name);
         if (controllerConfig == null) {
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/configuration/WebClientConfig.java b/policy-agent/src/main/java/org/oransc/policyagent/configuration/WebClientConfig.java
new file mode 100644
index 00000000..5f494983
--- /dev/null
+++ b/policy-agent/src/main/java/org/oransc/policyagent/configuration/WebClientConfig.java
@@ -0,0 +1,35 @@
+/*-
+ * ========================LICENSE_START=================================
+ * O-RAN-SC
+ * %%
+ * Copyright (C) 2020 Nordix Foundation
+ * %%
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.oransc.policyagent.configuration;
+
+import org.immutables.value.Value;
+
+@Value.Immutable
+@Value.Style(redactedMask = "####")
+public interface WebClientConfig {
+    public boolean isTrustStoreUsed();
+
+    @Value.Redacted
+    public String trustStorePassword();
+
+    public String trustStore();
+
+}
diff --git a/policy-agent/src/main/java/org/oransc/policyagent/dmaap/DmaapMessageConsumer.java b/policy-agent/src/main/java/org/oransc/policyagent/dmaap/DmaapMessageConsumer.java
index f13ffebd..011b9779 100644
--- a/policy-agent/src/main/java/org/oransc/policyagent/dmaap/DmaapMessageConsumer.java
+++ b/policy-agent/src/main/java/org/oransc/policyagent/dmaap/DmaapMessageConsumer.java
@@ -64,8 +64,8 @@ public class DmaapMessageConsumer {
     private DmaapMessageHandler dmaapMessageHandler = null;
     private MRConsumer messageRouterConsumer = null;
 
-    @Value("${server.port}")
-    private int localServerPort;
+    @Value("${server.http-port}")
+    private int localServerHttpPort;
 
     @Autowired
     public DmaapMessageConsumer(ApplicationConfig applicationConfig) {
@@ -139,7 +139,7 @@ public class DmaapMessageConsumer {
 
     protected DmaapMessageHandler getDmaapMessageHandler() throws IOException {
         if (this.dmaapMessageHandler == null) {
-            String agentBaseUrl = "https://localhost:" + this.localServerPort;
+            String agentBaseUrl = "http://localhost:" + this.localServerHttpPort;
             AsyncRestClient agentClient = new AsyncRestClient(agentBaseUrl);
             Properties dmaapPublisherProperties = applicationConfig.getDmaapPublisherConfig();
             MRBatchingPublisher producer = MRClientFactory.createBatchingPublisher(dmaapPublisherProperties);
diff --git a/policy-agent/src/main/resources/keystore.jks b/policy-agent/src/main/resources/keystore.jks
index 3cd6bb7977749b1d80c1c65bd5fc3958e0abc911..4df793d588ac421c4f87c2597ad2bc64a0a1e9bd 100644
GIT binary patch
delta 3481
zcmV;K4QBGQ6oVWhFoF&L0s#Xsf(^I^2`Yw2hW8Bt2LYgh4XFfz4W%%G4WW@DMt_?K
z(`#wnRtf2EB-ydB%;bYsELQ>p0K-rOf&|E7ouL~52(TZ$8kwZ}nS<}zliV5|#e@-g
zv0Mu>pHSp<|N8i0hgt8#0O%g5I#9*==cScjaocCX*EdeLm8{qF2yk-uCDL}Tve`11
zmXpF^4h&;Z=W2<eGRp{%;DTR^SAQZm5?CUUpWLAEf}SUOfg*lObjH?Z7zpiJr|L~>
zKm%Y)zD+41rKgHO$)?yQ#k|uIOxBv#rj8D$83bk7?<7VcCF&#?c0|$cJKIJ7Cp^$J
z3bzyPHty|5qFp`lfdRh035-Jck=n>$TMm=l`r-v7Uh*gVWeP;9Wl~T}WPd(09Eot3
zd04|4{m4C-E4dj2g#Mf;f$${<)pf+EF1;4VnzAGUY{C_<n%Iy{C7*wxmxK#q*vyqu
zjDB_#x%0cKjkbR$iYMmdo7!`7a(}>CsvnU?yD1N}bNea$flk^G*d^0Fw*eOvb90|z
zVN{3tsV>+WwJ;fz5}AI(?0@=~5gY(Glzbk2aiD6lr%VXSEgWERucOAL4NGWi9@r=R
zBZc%DDb2^qIelxX#6-~@7dq!K&@xH(y0z`(Sg}Z>VjNBaXk)F#At{rk#{H(i9eQ8d
z?_iR@_9y~=dRI9rAdr?Pl&yO6p;NbL8bNcM6IJGC<kLa8`ef#HEq`6a$!qtzh41aH
z8jo+=*l{FQp~vbVVNMI~My)Krn}TLb5X|ZsAQ^{A<6xu54cOh@KvUuf3fM|HCIDJi
zYPIw5BvGtTt`zov*%RKPcd0UUI#shJP}cde1o%XFY=<^&4XIcMerWRr8Ef!kZF@K|
zD?W6$s#`UekHoze6Ms>qWLXLb+9<;HXuYYH_Gl9H)4vOmvxjxm?YR|CfL3e8t#6j*
zEiqlGekS?E_Q7k_CUuZ#m0s0ZQv{ty+&*#D2(9kDdb(Pe5?61IrXIEKpc~a@!r4_H
zuFOVy%~~$%>GF`rxQAoR6*Zl#(5%qt2@u1((K8csDB0E_27eR5zS;dgdABVpR`>-k
zmpB&;p~7n^u*Hz0_Qv={OzGIxWTh~XOLe5&7eJ{Vs0cu3`66Oe<w+p6MDWOI$cG@%
z1RgdJI&pqZB|$^hdt(oVxHe|k%xFxyBG_rx6)Gk+R1uDD*iHQ>9>hgf%FO+MOvvB7
zW?NT_cgxC`%ztBfpD10PIp89=V01JD5q`i{S!Dm@RikK>fym(Hj!-aJQjsZpz&T&r
z`4TeRQDw&Bu-G&Xf7LNzqBIrXc8M^y&4?vTII$JM>H!UVk+q~hrsxPRv5UQi#W~KI
z{cnNttai_FpcX0YNCw>6cuA0gkQ~mw@%4grLs}|spMOWZ($u9bp0%vC-_O)b60hzn
ztylZPT{0a(5nLP@8M5V<*^$~!1guLu9H~%2XI$(RPPN$hZ`_U3L2uk=oe|GPOl(W-
z#C9(!^kMI}7i7k2@8U{TuO$B18b=FQwp-w}NYj;mHE}Ue<aMhd+<{*poE*P(`seY#
z)RQU<Mt`8!H@TbKpI7}LLOAQ*yW*1BfsGWzu`XAZ3b&N6Md;}as3sS#k``|R3o`fI
z6>s-&{yA~n;Jhx0-?KK;m=!6aPjuX6h^T+6tNVmuS1<nPQw5W#>%LlOaG#~T>Mnje
zenf7_5zQ$6BUMXyF-$Ng1_>&LNQU<f0SOc_8k1fHGblMTH!wCgGcz?eFoFmq1_>&L
zNQU<f0S5-4f(R8bf(Q`;0RS+92nv(A1s#7;j<xQoTSA0tfX~Q>Cecio$}c7Y0|3KN
zfPx3m@};Dn;=eag1NLUun(jjb-@#fRIk-18x1`Gy9Z!T~cH1vaMV@zMe|^SFg5H@t
zD)dZ}#!RAayy_||*^zf!nth87Z7h!Z=7wt&^9(AWVXMc7F`r3U*0nnF16rw=Ry==<
zn9e0Ucr?OHW!EUUt27aPt#@0jE!`LXaG$CANR<jeD@bn!IY-kGs5rbh;Yn(1jWF4>
zaW-vcjSd%|ao#R|eH~DxtpuQQ`crza>f+}l7ox?)f#%Am3HCSsisc**#1&#O#mDY~
z1ei-qN;)YoU;)SKRF4z1{-Q}woV<V71*#M}*exfz_xrZp9)XryR$0RSu=^}`ASL{U
zMYs3yI;HtNIQLM!TfM<cPC7|H>H{M{1zrT62<Wel)(8AMpxDMue!V>CCdwyk{tA|+
zv&*I_%CXMe;MLc9TPv!;c|zfy5EI4!g>7(f=uKq5{i9IBU-z|$SWb7iFsOf;@C<l6
zvfkKCKxE^p8&Q|szEZ54s}sw^?sx<lL7}~rg)vIce1F)6-osW0lRa~-hK;+82}~E{
z822qc%>pcJsu2L8Yn-A~)>E+__hrsNYoHB=$B&CAYQ0UQ>@VzACaKlbbNH^mpylch
z|NBpV>Ks&>Bs=3qumX;s4{d)Np_t{X{Pbl|YUsybftHL2hT#TrF(oumQU5LM-l{Y&
z?!X)kI6hl5h6E1>zbv>JDA<<gc<FzYdUH*2+Igvp@1uV(Zcczji@1fviV_0_Ls?oT
z@Ebq&4-^n42F8DIjivx#qh^}icX3z9mBe&<X10gvsD-DIX5_J2&s=||bs<{Skh!ly
zqhEG?o69)B(kkiQB2a^&E4I01djjlu1OP*Bdd@P~qpeK}G+^jLtnhcJdZx@<1}Y6>
zYk<0`B=iLWbuDJOMHQG~@}3SxEKgMzvXC9C&SkJmMXLw=UgMxia2W5hNlcQC0MMLF
zo<kG_Ko!kBsr>2AF3Nw`qtI^vpom@kyIMW=&j1F*`yr&!3^<BsnO@y&^p~ojonu_v
zZ8{iXW_5O+rv<QB;D&Q+@wf|Pm#gPnK%Il`ipUIg_pZgQEK3?TccX$aqj*Lk7iwXf
z<Wx2s2^K-^!YKBi<f4^5@2fie8L7K+P5GM7Xo*<ADHxy|<b!|POH~_*tH!DQzJSJ;
z!6DC3l)%__nZ9I_HH?QE7_)GI<QAV8%2i>muqL(#>;N-nip^JW%s!k_7K0vYnVe1-
z6=K{1%&C&?38o~!*WAQlKU^qUAtM2;_+ZI5QcLTEFO$HA5FjI|U-Af(FQ8vi^NJnQ
zYq@^e-xGW~E0urax1h2)>RVu;Y;X%c4$bFh^m%uG-6D3QR1uwcAb}s;?NAiVWD!H>
z{s#2Cewa7=wS!GMzqCD-==7u$=2gfR{q71UMV*mp&#RzpHb4_G<4(#HbytI4K}QKk
z(EB(;ZxKr?xQ>Q>sQP!R=}mD;Y>SuO`DuCbZ%^8kOvZmywCShhS4o7FY2OexzOakl
zT)fZ4kZxYRTgE1J`Y!KMtzna+a|1r5C9NCMzbYY)XB2<A*)x}>g-T!Pn=Xm0RqG4j
z3Lg70Dx%>kK7&9>vDY`FVb5@q+IU{kr!Jv|`-v@*?d?wf23HdqdYb)k^%%)gb!0kx
zv>~F~s;GZWUo-s_tk?{$<Y>9r(OIcW3Rb6`3mcc>)L*ijfce+2Ncbd(rUEKA5ro07
zv#Aw*ioWaACsqpv=i!w}Yi+?M`WJttWCIeAD(D?v7E2OT=b^*HVMf`a_v6I4oLB{;
zQ`09mNV~t^mKycQ9~y}%LC9-<Hp!|tt`XE>_>g~%Tx~tql#)?Xj(Ccd(FuLkbJtn)
z)og8M9}sMXaWSTEgnzHMYTGC<eWnzJ+TF#}C~ARrp_qsgKb|_RpfL(|h}V&YZeSA8
z)hIH1UO!#wq49LxTF%DjTKd~d5O+RRZcsL4NN(QRj4&M!(Cs&?4$V7o-fvlE2Fj{o
zMqz)7C?)o-_UBN-haU{aR|to&P%0pV{e;8jpEOHkS9|1CKZ_>p6kH<oJ@XL}igRHW
z>GGQ|>}Q8EIh!%VT#j99#uru2F8F4x+CPcKVmfOfs=fOXj{o#?<3`_*UY?D?mtxvO
zYX_r3XjP3M%J@)i>>F=cJ&RUeU41)|*E)YvxKfnXDBMweL%`>Ddg+&PaD+u~GT4Wr
z{qo|aIi(DY3?MqOFqmdFW6<-@!rH?XJiGM$uOPt+eqM<jiHDrJ1LC^u+#QM+SNVq5
ziF{b<@)g?&Gphx+mTqXQ9wA?#0x}JH{J;h#b5JB^cY>w6QfG)us6*Hc8UcS1tEzwL
zQ8gBvq6|I;S6;8bj&7*S(_n;<a}qc>plFedOBIRL>n<IQKY9+*x(nqbQrAVn@vLgQ
zb5;&q+w<qKJGk0P1_EYIy(R9f_@dlEc^g=+x2WXIHbS?x?j*nIFMdx!MdH{MAk|WC
z6FLlUD}p!U!bG+=@izA7(XG4`Jx6~TC0f@Z&N_(;>h?s=Z|llnR9?-F@tkBe2l?RQ
z2CW6lO3($39F0>HtcUTdp$YJr7Mop;FcMI$7#e4)`YJHv)KzfUQ6*p&rfBz9U(dFr
zV7BP>5T~P&UyH%30(1x0#gge<_LHW~qeW7r7|=f|#m6EwhX!U7PGBrBJ}^BYFbM_)
zD-Ht!8U+9Z6f%t}O!Q0)K7_p9k+$>E?TI2lN(2-$?|Pp2Qa3^auif3$c+{xBvV`*j
H0|ADht`U~D

delta 2497
zcmV;y2|o6N9J3T6FoFs%0s#Xsf(hsb2`Yw2hW8Bt2LYgh3E2dK3Dq!y3DJ=vMt@MQ
zz#{wI2A-UCO8IyJse_d=nr{LF0K-rOf&|D4r9_u_XMVBep%_KAW>r&#`p~6OtE+oQ
z!wEgKXG<>PD*j3|x!*e>86C3G?ncr`_}lmasDun@@W{!6uW~2|wQOR|z{>K_s1rbH
z0lC&tDa2O)^b#AiQ_*#wXyP=doPQN(%*)bmR3kN|Y4a9_sC0&mA```02|=Q0cXcLQ
z6xC>kei)tup(h?TXk#^>r07B4Q5d-6Nz3}M&sc&%V1?*a{jF*PbIC^=tOG8jC>b6;
z)hUTS(^4Hrr-IMuLhNLDBm<*P9zrhig0DOJX`W3Ppi~F7lLN_cl2iN>PJfo#DSDKb
zaldEpe@KBb=IKg4WMyz>Cf8*M*~`5g%SCi&gq~zcklLixPQlPtP=aITVZtk{e3XdJ
zfO3ekdaoy31bamR^#;!-`Y*wYZ0uv`98vhe9A#>ox%dlfD>MKL_bO)%ufWSPh?})Y
z&{d#ba}4qJ3Bi^NEQ;EP*ndNfIK25MEEJ*kP;<hb{8tOfp7vOwd!vM8N)s-ry6UX!
z<%(cfxn&E(5!W7Df|wB>o(0X)(L|cb0>Xu)j(ACp#~JjAOUmpstW9+;Xw!1R#7Z5v
z)n=cjwy22G5%xUIfp!fwBq4+p3NvB*^0H7;?3nBM?WK0XZj#mTgnvt_L@rg^;{o43
zWvjQ=!_YDyg$<Jv_vPpRL@~W(Og@)XhiF5|w%RhZO*czv5`MBv-sLoIPo@w*ut{L1
zEiHjf85yGk;}C7`>l2Cl6Z8AAc^{jT<^gYtVnuO8HrEO|$7>TkNl)^kxi$;6n%c1B
zwr|lNeBrl)9*{)dVt-UJor~-I7|blK(ix#B?D^$#k2CY<A2u2*B9wQ`VRhAW@P2n5
zh6Yl+oENq3=z7winw!?=08V5O6Wh_LFwD?SoaQ#Mb@`_6BdekWV<DyjFRZoj^SOE=
zN5A^T9uIFNtE!79qU4e2q9H4*nN`DtGLEr0ERqsdGs1>S?SCVt3I<SqhN3?JCN2Ly
z*uu<om%dQ_mOPBN)(wD#xZCj1&;Q08m(*#QdY9o6Hb7mWB5ngKP%vt%s7IH{cG3uR
zFV%5Bzm7Y%p4bXuXtu)|rEIdho{}A1cN$kxBe3^G8SoM(8XKkUkdTDbP#Dd|KH{zg
z611Q>{^`_^vVS#31@rB<9;ao@=dM}O3M=8(9U&ZUrm}~l#!ZY0D>hCWQm_`+93Als
zVbM^>vD<9{NS}+WN(m=Em6+x8SX5X)+uls~{o4%NGNvDAEN+-D6v#;;VO6Ki`-n4B
z<3~4WO~UAJlkm%P?H0~kMziDa42Tu(y*H;w63J$PB!7W1O%&oJ)0{b|f<mvf2oy5}
z0Y!zP`KPv1jO)Fj9c_GsCQDAg7tlg%_h<g^I|@O;3#`5eHkmd}*X6Qo+);ttB(ngJ
zx88&nP%c8j{4u3l`<qyzXmyFHbc%KhpN_5hcleSDN9lb{-Yd<^4v6v9FoOd5qa6w)
zO7G?>?|-V)mMxXh=~elz(M$XxC_g{}bcv+y)bwO&R`vJrfefLSf?3#dI9}^QS3Hig
zq5p;_Do)8EZ%u~C^q;>IQW>!dYX+qE8t+8+!(Cz6l?zbz*e}PKgn`w_0P*)QXut<n
z?eulkbx(dzrwaL+F-$Ng1_>&LNQU<f0SOc_8k1fHGblGRI5aUeHZ?UeFoFbB1_>&L
zNQU<f0S5-4f&@h{f&@VV0RS+91Ui$s1s#9DBi>x#A7$SJRnsTcQKtgp<vAGw0|3KN
zfPw@7ZE!Ruo+%lhTw*W8Aa!ixy2$b7R78pswyNTISLXuVKrm;dX}0>PT)<Jl8q}DM
z1ye41%=Fy4PtCY9(?hh&d3+bz+YXHDQA4ad9R8}5E0^gV`eKOhUlYWnH5RfIF;;&D
z7e<(rfw`WHTLM>)F>J?V0pC0iZL-x}2Nc)KA!*``YGOZ;pWYIn<(148U}}@qXt%N4
z-ZahImNdOOUB1LFZ3CtaavUM6aW>>LsN#iXu77ybse*4V1;dQvP{<Hu6pTG9Z(Bb-
z&;%*2NUd2oQ|lhfhJVE#Gy<lI<G+6q>*`j-Rw4<KB9U+97>4)-w71B~0>QYnR&uNL
z#8($81CO>2KyA@|gMh~m+k21^<(Y`2e!M#D4ozNEcN-1cJnDZa0g_jrA%)F;>Q?H8
zkdyMw|Dp8j1+jU8=8@ixO*}=BWJgR#-w1eTcwtdghU-QK{0JNSZDuQ;S;l`*Fihkm
zY$NBE^L@2N&q5sJ!uka;yrX9?pT^04w^Q5L^-IwCw!hf7WeLWt6lMz2UKZjjZ?MH+
zY>RSBYh$IKJG+Zdg_dk>S2+i9J*my&tJAY^ipO>4WnEJE+pdWCqH}Y*=>&sXVKT>7
zlYL~5O)W1fEee4Fc1XJ{m?3}FSQaQj5>K*6KF}pdGO6gR$&C+QH*Y?a!scHmvxne;
zYX#OC$!SIZSM~NT5IsXg?qUjfRyYIfI6?kIeoHIqn$UYBP`zD~4!2F-e?Jd&TV+bL
z9qR^L>1V{X3!EL?i^a#QpDm(`A?ZM*tbk+;`l$P4mgejXPkLVr4|9J~<a_g5ZHBfU
zx^k?w=W7}no0!8-hw*CkZt9?nVbwIH#jn;ca|OLgF(CroUh~n!0sKPWuveSO;3109
z`EWBHXZcv!sYguUpxOo05yr99F?zmRNQ#+uC^!eMRGt{w8}e)Z=fuJ{6!x`cK+#zS
zOcQ5HemxFYGyw51x1oPTwAY=KC6?7HNnk&Wv-@TFAT<;Kv|VMaVQ;vhF`QRvf6~sd
zdfOTXMqqtD+N+Hlf)*0~JWZS@8YxF_wcuG=;-yujG#b$kB4eVG4F~C>>%??j7nItN
zK!3A$0d$zD|C+<t_0>KJbs*nZ$s@RP7%RrAQ#tKG!!S_?zb1d#M89#lQAf}qYYt!w
ze-5lz_?Ez7+sE9!*(w4H5nLP*oY*4-gje`H9BKFl7}ke{qz=fJ3)pEB;t5(ei9@~1
zTmxbRuFHU0CsJ5!frwt|9JNK3l84oRo7-}O+4PbkefFi)B!fR6pFUMsIeeR63NuJv
zgs9I;G7^mtN_J(mDb$AM-m@elYgfGup2ei@Rzn2tQf=trF#nBkyXAZ4XK2IQFg`FL
zFbM_)D-Ht!8U+9Z6soC&rY7cYWc>;v_sh6I+iMJJ(gYM`b9oWd)J~lo9uL5c;E2Ra
L)!mZ<0|ADhd7Pz&

diff --git a/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java b/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java
index 0fd4a335..09662575 100644
--- a/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java
+++ b/policy-agent/src/test/java/org/oransc/policyagent/ApplicationTest.java
@@ -109,6 +109,9 @@ public class ApplicationTest {
     @Autowired
     RicSupervision supervision;
 
+    @Autowired
+    ApplicationConfig applicationConfig;
+
     @Autowired
     Services services;
 
@@ -723,7 +726,7 @@ public class ApplicationTest {
     }
 
     private AsyncRestClient restClient() {
-        return new AsyncRestClient(baseUrl());
+        return new AsyncRestClient(baseUrl(), this.applicationConfig.getWebClientConfig());
     }
 
     private void testErrorCode(Mono<?> request, HttpStatus expStatus) {
diff --git a/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java b/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java
index 16364181..7f57ceb2 100644
--- a/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java
+++ b/policy-agent/src/test/java/org/oransc/policyagent/MockPolicyAgent.java
@@ -67,6 +67,9 @@ public class MockPolicyAgent {
     @Autowired
     PolicyTypes policyTypes;
 
+    @Autowired
+    ApplicationConfig applicationConfig;
+
     static class MockApplicationConfig extends ApplicationConfig {
         @Override
         public String getLocalConfigurationFilePath() {
@@ -195,7 +198,8 @@ public class MockPolicyAgent {
     }
 
     @Test
-    @SuppressWarnings("squid:S2699") // Tests should include assertions. This test is only for keeping the server alive,
+    @SuppressWarnings("squid:S2699") // Tests should include assertions. This test is only for keeping the server
+                                     // alive,
                                      // so it will only be confusing to add an assertion.
     public void runMock() throws Exception {
         keepServerAlive();
-- 
2.16.6