Move certificate processing to new Certificates class

Author: russgold

operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java

@@ -21,8 +21,8 @@
 import oracle.kubernetes.operator.ProcessingConstants;
 import oracle.kubernetes.operator.TuningParameters;
 import oracle.kubernetes.operator.logging.MessageKeys;
-import oracle.kubernetes.operator.rest.RestServer;
 import oracle.kubernetes.operator.steps.DefaultResponseStep;
+import oracle.kubernetes.operator.utils.Certificates;
 import oracle.kubernetes.operator.work.Component;
 import oracle.kubernetes.operator.work.NextAction;
 import oracle.kubernetes.operator.work.Packet;
@@ -96,9 +96,7 @@ V1Pod withNonHashedElements(V1Pod pod) {
     }
 
     private V1EnvVar internalCertEnvValue() {
-      return new V1EnvVar()
-          .name(INTERNAL_OPERATOR_CERT_ENV)
-          .value(getInternalOperatorCertFile(TuningParameters.getInstance()));
+      return new V1EnvVar().name(INTERNAL_OPERATOR_CERT_ENV).value(getInternalOperatorCertFile());
     }
 
     private Optional<V1Container> getContainer(V1Pod v1Pod) {
@@ -131,8 +129,8 @@ protected Map<String, String> getPodAnnotations() {
       return getServerSpec().getPodAnnotations();
     }
 
-    private String getInternalOperatorCertFile(TuningParameters tuningParameters) {
-      return RestServer.getInstance().getInternalCertificateAsBase64PEM();
+    private String getInternalOperatorCertFile() {
+      return Certificates.getOperatorInternalCertificateData();
     }
   }
 
@@ -356,7 +354,7 @@ private Step deletePod(String name, String namespace, Step next) {
     }
   }
 
-  public static List<V1EnvVar> createCopy(List<V1EnvVar> envVars) {
+  static List<V1EnvVar> createCopy(List<V1EnvVar> envVars) {
     ArrayList<V1EnvVar> copy = new ArrayList<>();
     if (envVars != null) {
       for (V1EnvVar envVar : envVars) {

operator/src/main/java/oracle/kubernetes/operator/rest/RestConfigImpl.java

@@ -4,13 +4,11 @@
 
 package oracle.kubernetes.operator.rest;
 
-import java.io.File;
-import java.nio.file.Files;
-import java.nio.file.Paths;
 import java.util.Collection;
 import oracle.kubernetes.operator.logging.LoggingFacade;
 import oracle.kubernetes.operator.logging.LoggingFactory;
 import oracle.kubernetes.operator.rest.backend.RestBackend;
+import oracle.kubernetes.operator.utils.Certificates;
 
 /** RestConfigImpl provides the WebLogic Operator REST api configuration. */
 public class RestConfigImpl implements RestConfig {
@@ -20,17 +18,6 @@ public class RestConfigImpl implements RestConfig {
   private final String principal;
   private final Collection<String> targetNamespaces;
 
-  static final String OPERATOR_DIR = "/operator/";
-  static final String INTERNAL_REST_IDENTITY_DIR = OPERATOR_DIR + "internal-identity/";
-  static final String INTERNAL_CERTIFICATE = INTERNAL_REST_IDENTITY_DIR + "internalOperatorCert";
-  private static final String INTERNAL_CERTIFICATE_KEY =
-      INTERNAL_REST_IDENTITY_DIR + "internalOperatorKey";
-  private static final String EXTERNAL_REST_IDENTITY_DIR = OPERATOR_DIR + "external-identity/";
-  private static final String EXTERNAL_CERTIFICATE =
-      EXTERNAL_REST_IDENTITY_DIR + "externalOperatorCert";
-  private static final String EXTERNAL_CERTIFICATE_KEY =
-      EXTERNAL_REST_IDENTITY_DIR + "externalOperatorKey";
-
   /**
    * Constructs a RestConfigImpl.
    *
@@ -62,12 +49,12 @@ public int getInternalHttpsPort() {
 
   @Override
   public String getOperatorExternalCertificateData() {
-    return getCertificate(EXTERNAL_CERTIFICATE);
+    return Certificates.getOperatorExternalCertificateData();
   }
 
   @Override
   public String getOperatorInternalCertificateData() {
-    return getCertificate(INTERNAL_CERTIFICATE);
+    return Certificates.getOperatorInternalCertificateData();
   }
 
   @Override
@@ -92,12 +79,12 @@ public String getOperatorInternalKeyData() {
 
   @Override
   public String getOperatorExternalKeyFile() {
-    return getKey(EXTERNAL_CERTIFICATE_KEY);
+    return Certificates.getOperatorExternalKeyFile();
   }
 
   @Override
   public String getOperatorInternalKeyFile() {
-    return getKey(INTERNAL_CERTIFICATE_KEY);
+    return Certificates.getOperatorInternalKeyFile();
   }
 
   @Override
@@ -107,48 +94,4 @@ public RestBackend getBackend(String accessToken) {
     LOGGER.exiting();
     return result;
   }
-
-  // path - a file containing a base64 encoded string containing the operator's cert in pem format
-  private String getCertificate(String path) {
-    LOGGER.entering(path);
-    // in pem format
-    String result = null;
-    if (checkFileExists(path)) {
-      try {
-        result = new String(Files.readAllBytes(Paths.get(path)));
-      } catch (Throwable t) {
-        LOGGER.warning("Can't read " + path, t);
-      }
-    }
-    // do not include the certificate data in the log message
-    LOGGER.exiting();
-    return result;
-  }
-
-  // path - a file containing the operator's private key in pem format (cleartext)
-  private String getKey(String path) {
-    LOGGER.entering(path);
-    if (!checkFileExists(path)) {
-      path = null;
-    }
-    LOGGER.exiting(path);
-    return path;
-  }
-
-  private boolean checkFileExists(String path) {
-    LOGGER.entering(path);
-    File f = new File(path);
-    boolean result = false;
-    if (f.exists()) {
-      if (f.isFile()) {
-        result = true;
-      } else {
-        LOGGER.warning(path + " is not a file");
-      }
-    } else {
-      LOGGER.warning(path + " does not exist");
-    }
-    LOGGER.exiting(result);
-    return result;
-  }
 }

operator/src/main/java/oracle/kubernetes/operator/rest/RestServer.java

@@ -1,4 +1,4 @@
-// Copyright 2017, 2018, Oracle Corporation and/or its affiliates.  All rights reserved.
+// Copyright 2017, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
 // Licensed under the Universal Permissive License v 1.0 as shown at
 // http://oss.oracle.com/licenses/upl.
 
@@ -19,7 +19,6 @@
 import javax.net.ssl.SSLContext;
 import oracle.kubernetes.operator.logging.LoggingFacade;
 import oracle.kubernetes.operator.logging.LoggingFactory;
-import oracle.kubernetes.operator.logging.MessageKeys;
 import oracle.kubernetes.operator.work.Container;
 import oracle.kubernetes.operator.work.ContainerResolver;
 import org.apache.commons.codec.binary.Base64;
@@ -58,8 +57,8 @@ public class RestServer {
   private String baseExternalHttpsUri;
   private String baseInternalHttpsUri;
 
-  HttpServer externalHttpsServer;
-  HttpServer internalHttpsServer;
+  private HttpServer externalHttpsServer;
+  private HttpServer internalHttpsServer;
 
   private static final String SSL_PROTOCOL = "TLSv1.2";
   private static final String[] SSL_PROTOCOLS = {
@@ -133,7 +132,7 @@ private RestServer(RestConfig config) {
    *
    * @return the uri
    */
-  public String getExternalHttpsUri() {
+  String getExternalHttpsUri() {
     return baseExternalHttpsUri;
   }
 
@@ -142,7 +141,7 @@ public String getExternalHttpsUri() {
    *
    * @return the uri
    */
-  public String getInternalHttpsUri() {
+  String getInternalHttpsUri() {
     return baseInternalHttpsUri;
   }
 
@@ -218,29 +217,6 @@ public void stop() {
     LOGGER.exiting();
   }
 
-  /**
-   * Gets the internal https port's certificate as a base64 encoded PEM.
-   *
-   * @return base64 encoded PEM containing the certificate, or null if unable to read the
-   *     certificate data.
-   */
-  public String getInternalCertificateAsBase64PEM() {
-    LOGGER.entering();
-    String internalCert = null;
-    try {
-      internalCert =
-          Base64.encodeBase64String(
-              readFromDataOrFile(
-                  this.config.getOperatorInternalCertificateData(),
-                  this.config.getOperatorInternalCertificateFile()));
-    } catch (IOException e) {
-      LOGGER.warning(MessageKeys.EXCEPTION, e);
-    }
-
-    LOGGER.exiting(internalCert);
-    return internalCert;
-  }
-
   private HttpServer createExternalHttpsServer(Container container) throws Exception {
     LOGGER.entering();
     HttpServer result =

operator/src/main/java/oracle/kubernetes/operator/utils/Certificates.java

@@ -0,0 +1,61 @@
+// Copyright 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
+// Licensed under the Universal Permissive License v 1.0 as shown at
+// http://oss.oracle.com/licenses/upl.
+
+package oracle.kubernetes.operator.utils;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.function.Function;
+import oracle.kubernetes.operator.logging.LoggingFacade;
+import oracle.kubernetes.operator.logging.LoggingFactory;
+
+public class Certificates {
+  private static LoggingFacade LOGGER = LoggingFactory.getLogger("Operator", "Operator");
+
+  private static final String OPERATOR_DIR = "/operator/";
+  private static final String EXTERNAL_ID_DIR = OPERATOR_DIR + "external-identity/";
+  private static final String INTERNAL_ID_DIR = OPERATOR_DIR + "internal-identity/";
+
+  static final String EXTERNAL_CERTIFICATE_KEY = EXTERNAL_ID_DIR + "externalOperatorKey";
+  static final String EXTERNAL_CERTIFICATE = EXTERNAL_ID_DIR + "externalOperatorCert";
+  static final String INTERNAL_CERTIFICATE_KEY = INTERNAL_ID_DIR + "internalOperatorKey";
+  static final String INTERNAL_CERTIFICATE = INTERNAL_ID_DIR + "internalOperatorCert";
+
+  private static Function<String, Path> GET_PATH = p -> Paths.get(p);
+
+  public static String getOperatorExternalKeyFile() {
+    return getKeyOrNull(Certificates.EXTERNAL_CERTIFICATE_KEY);
+  }
+
+  public static String getOperatorInternalKeyFile() {
+    return getKeyOrNull(Certificates.INTERNAL_CERTIFICATE_KEY);
+  }
+
+  private static String getKeyOrNull(String path) {
+    return isFileExists(GET_PATH.apply(path)) ? path : null;
+  }
+
+  public static String getOperatorExternalCertificateData() {
+    return getCertificate(Certificates.EXTERNAL_CERTIFICATE);
+  }
+
+  public static String getOperatorInternalCertificateData() {
+    return getCertificate(Certificates.INTERNAL_CERTIFICATE);
+  }
+
+  private static String getCertificate(String path) {
+    try {
+      return new String(Files.readAllBytes(GET_PATH.apply(path)));
+    } catch (IOException e) {
+      LOGGER.warning("Can't read certificate at " + path, e);
+      return null;
+    }
+  }
+
+  private static boolean isFileExists(Path path) {
+    return Files.isRegularFile(path);
+  }
+}

operator/src/test/java/oracle/kubernetes/operator/DomainUpPlanTest.java

@@ -28,9 +28,8 @@
 import oracle.kubernetes.operator.helpers.KubernetesTestSupport;
 import oracle.kubernetes.operator.helpers.TuningParametersStub;
 import oracle.kubernetes.operator.helpers.UnitTestHash;
-import oracle.kubernetes.operator.rest.RestServer;
-import oracle.kubernetes.operator.rest.RestTest;
 import oracle.kubernetes.operator.steps.DomainPresenceStep;
+import oracle.kubernetes.operator.utils.InMemoryCertificates;
 import oracle.kubernetes.operator.utils.WlsDomainConfigSupport;
 import oracle.kubernetes.operator.work.Step;
 import oracle.kubernetes.operator.work.TerminalStep;
@@ -66,19 +65,16 @@ private DomainPresenceStep getDomainPresenceStep() {
   public void setUp() throws NoSuchFieldException {
     mementos.add(TestUtils.silenceOperatorLogger());
     mementos.add(testSupport.install());
+    mementos.add(InMemoryCertificates.install());
 
     testSupport.addDomainPresenceInfo(domainPresenceInfo);
-
-    RestServer.create(new RestTest.TestRestConfigImpl());
   }
 
   @After
   public void tearDown() throws Exception {
     for (Memento memento : mementos) memento.revert();
 
     testSupport.throwOnCompletionFailure();
-
-    RestServer.destroy();
   }
 
   @Test

operator/src/test/java/oracle/kubernetes/operator/helpers/AdminPodHelperTest.java

@@ -32,7 +32,7 @@
 import oracle.kubernetes.operator.PodAwaiterStepFactory;
 import oracle.kubernetes.operator.ProcessingConstants;
 import oracle.kubernetes.operator.VersionConstants;
-import oracle.kubernetes.operator.rest.RestTest;
+import oracle.kubernetes.operator.utils.InMemoryCertificates;
 import oracle.kubernetes.operator.work.FiberTestSupport;
 import oracle.kubernetes.operator.work.Packet;
 import oracle.kubernetes.operator.work.Step;
@@ -117,11 +117,7 @@ protected void verifyPodNotReplacedWhen(PodMutator mutator) {
         PodAwaiterStepFactory.class,
         (pod, next) -> terminalStep);
 
-    /**/
     V1Pod existingPod = createPod(testSupport.getPacket());
-    /*/
-    V1Pod existingPod = createPodModel();
-    /**/
     mutator.mutate(existingPod);
     initializeExistingPod(existingPod);
 
@@ -210,7 +206,7 @@ public void whenAdminPodCreated_containerHasStartServerCommand() {
   public void whenAdminPodCreated_hasOperatorCertEnvVariable() {
     assertThat(
         getCreatedPodSpecContainer().getEnv(),
-        hasEnvVar(INTERNAL_OPERATOR_CERT_ENV_NAME, RestTest.OP_CERT_DATA));
+        hasEnvVar(INTERNAL_OPERATOR_CERT_ENV_NAME, InMemoryCertificates.INTERNAL_CERT_DATA));
   }
 
   @Test

operator/src/test/java/oracle/kubernetes/operator/helpers/FileGroupReaderTest.java

@@ -1,4 +1,4 @@
-// Copyright 2018, Oracle Corporation and/or its affiliates.  All rights reserved.
+// Copyright 2018, 2019, Oracle Corporation and/or its affiliates.  All rights reserved.
 // Licensed under the Universal Permissive License v 1.0 as shown at
 // http://oss.oracle.com/licenses/upl.
 
@@ -10,7 +10,6 @@
 import static org.hamcrest.junit.MatcherAssert.assertThat;
 
 import java.io.IOException;
-import java.nio.file.FileSystem;
 import java.nio.file.Path;
 import java.util.Map;
 import oracle.kubernetes.operator.utils.InMemoryFileSystem;
@@ -19,7 +18,7 @@
 public class FileGroupReaderTest {
 
   private final FileGroupReader scriptReader = ConfigMapHelper.getScriptReader();
-  private static FileSystem fileSystem = InMemoryFileSystem.getInstance();
+  private static InMemoryFileSystem fileSystem = InMemoryFileSystem.createInstance();
 
   @Test
   public void afterLoadScriptsFromClasspath_haveScriptNamesAsKeys() {
@@ -29,8 +28,8 @@ public void afterLoadScriptsFromClasspath_haveScriptNamesAsKeys() {
 
   @Test
   public void loadFilesFromMemory() throws IOException {
-    InMemoryFileSystem.defineFile("group/a.b", "1234");
-    InMemoryFileSystem.defineFile("group/x/c.d", "5678");
+    fileSystem.defineFile("group/a.b", "1234");
+    fileSystem.defineFile("group/x/c.d", "5678");
 
     Path p = fileSystem.getPath("group");
     Map<String, String> map = FileGroupReader.loadContents(p);