Support https for callback_reciever

Currently callback_reciever only supports http
This commit makes it support both http/https

Change-Id: I6a8a7001231b113516f8d256b23b2b84d994bbce
Signed-off-by: ecaiyanlinux <martin.c.yan@est.tech>
Issue-ID: NONRTRIC-268
diff --git a/test/cr/Dockerfile b/test/cr/Dockerfile
index d2e69cd..bdc3521 100644
--- a/test/cr/Dockerfile
+++ b/test/cr/Dockerfile
@@ -17,12 +17,17 @@
 
 FROM python:3.8-slim-buster
 
-WORKDIR /usr/src/app
+COPY app/ /usr/src/app/
+COPY cert/ /usr/src/app/cert/
 
-COPY requirements.txt requirements.txt
+WORKDIR /usr/src/app
 
 RUN pip install -r requirements.txt
 
-COPY cr.py cr.py
+RUN chmod +x start.sh
 
-CMD [ "python3", "-u", "./cr.py" ]
\ No newline at end of file
+#install nginx
+RUN apt-get update
+RUN apt-get install -y nginx=1.14.*
+
+CMD [ "./start.sh" ]
diff --git a/test/cr/README.md b/test/cr/README.md
index 31dae4c..251f0b3 100644
--- a/test/cr/README.md
+++ b/test/cr/README.md
@@ -1,22 +1,29 @@
 ## callback receiver - a stub interface to receive callbacks ##
 
-The mrstub is intended for function tests to simulate a message router.
-The mrstub exposes the read and write urls, used by the agent, as configured in consul.
-In addition, request messages can be fed to the mrstub and the response messages can be read by polling.
+The callback receiver is intended for function tests to simulate a RAPP.
+The callback receiver exposes the read and write urls, used by the agent, as configured in service.
+The callback receiver receives notifications from PMS when synchronization happens between PMS and RICs.
 
+# Ports and certificates
+
+The CR normally opens the port 8090 for http. If a certificate and a key are provided the simulator will also open port 8091 for https.
+The certificate and key shall be placed in the same dir and the dir shall be mounted to /usr/src/app/cert in the container.
+
+| Port     | Protocol |
+| -------- | ----- |
+| 8090     | http  |
+| 8091     | https |
+
+The dir cert contains a self-signed cert. Use the script generate_cert_and_key.sh to generate a new certificate and key. The password of the certificate must be set 'test'.
+The same urls are available on both the http port 8090 and the https port 8091. If using curl and https, the flag -k shall be given to make curl ignore checking the certificate.
 
 ### Control interface ###
 
 The control interface can be used by any test script.
 The following REST operations are available:
 
->Send a message to MR<br>
-This method puts a request message in the queue for the agent to pick up. The returned correlationId (auto generated by the mrstub) is used when polling for the reposone message of this particular request.<br>
-```URI and parameter, (GET): /get-event/<id>```<br><br>
-```response: message + 200 or 204```
-
->Receive a message response for MR for the included correlation id<br>
-The method is for polling of messages, returns immediately containing the received response (if any) for the supplied correlationId.<br>
+>Send a message to CR<br>
+This method puts a request message from PMS to notify that sychronization between PMS and certain RIC happens.<br>
 ```URI and payload, (PUT or POST): /callbacks/<id> <json array of response messages>```<br><br>
 ```response: OK 200 or 500 for other errors```
 
@@ -32,16 +39,34 @@
 >Build image<br>
 ```docker build -t callback-receiver .```
 
->Start the image<br>
-```docker run -it -p 8090:8090 callback-receiver```
+>Start the image on both http and https<br>
+```docker run -it -p 8090:8090 -p 8091:8091 callback-receiver```
+
+It will listen to http 8090 port and https 8091 port(using default certificates) at the same time.
+
+By default, this image has default certificates under /usr/src/app/cert
+file "cert.crt" is the certificate file
+file "key.crt" is the key file
+file "generate_cert_and_key.sh" is a shell script to generate certificate and key
+file "pass" stores the password when you run the shell script
+
+This certificates/key can be overriden by mounting a volume when using "docker run" or "docker-compose"
+In 'docker run', use field:
+--volume "$PWD/certificate:/usr/src/app/cert" a1test
+```docker run -it -p 8090:8090 -p 8091:8091 -v "/PATH_TO_CERT/cert:/usr/src/app/cert" callback-receiver```
+In 'docker-compose.yml', use field:
+volumes:
+      - ./certificate:/usr/src/app/cert:ro
 
 The script ```crstub-build-start.sh``` do the above two steps in one go. This starts the callback-receiver container in stand-alone mode for basic test.<br>If the callback-receiver should be executed manually with the agent, replace docker run with this command to connect to the docker network with the correct service name (--name shall be aligned with the other components, i.e. the host named given in all callback urls).
-```docker run -it -p 8090:8090 --network nonrtric-docker-net --name callback-receiver callback-receiver```
+```docker run -it -p 8090:8090 -p 8091:8091 --network nonrtric-docker-net --name callback-receiver callback-receiver```
 
+>Start the image on http only<br>
+```docker run -it -p 8090:8090 callback-receiver```
 
 ### Basic test ###
 
-Basic test is made with the script ```basic_test.sh``` which tests all the available urls with a subset of the possible operations. Use the script ```cr-build-start.sh``` to start the callback-receiver in a container first.
+Basic test is made with the script ```basic_test.sh nonsecure|secure``` which tests all the available urls with a subset of the possible operations. Use the script ```cr-build-start.sh``` to start the callback-receiver in a container first.
 
 ## License
 
diff --git a/test/cr/cr.py b/test/cr/app/cr.py
similarity index 99%
rename from test/cr/cr.py
rename to test/cr/app/cr.py
index 105ccc2..bc6e28f 100644
--- a/test/cr/cr.py
+++ b/test/cr/app/cr.py
@@ -32,7 +32,7 @@
 
 # Server info
 HOST_IP = "::"
-HOST_PORT = 8090
+HOST_PORT = 2222
 
 # Metrics vars
 cntr_msg_callbacks=0
diff --git a/test/cr/app/nginx.conf b/test/cr/app/nginx.conf
new file mode 100644
index 0000000..479d896
--- /dev/null
+++ b/test/cr/app/nginx.conf
@@ -0,0 +1,100 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+    worker_connections 768;
+    # multi_accept on;
+}
+
+http {
+
+    ##
+    # Basic Settings
+    ##
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    # server_tokens off;
+
+    # server_names_hash_bucket_size 64;
+    # server_name_in_redirect off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    server { # simple reverse-proxy
+        listen      8090;
+        listen      [::]:8090;
+        listen      8091 ssl;
+        listen      [::]:8091 ssl;
+        server_name  localhost;
+        ssl_certificate     /usr/src/app/cert/cert.crt;
+        ssl_certificate_key /usr/src/app/cert/key.crt;
+        ssl_password_file   /usr/src/app/cert/pass;
+
+        # serve dynamic requests
+        location / {
+        proxy_pass      http://localhost:2222;
+        }
+    }
+    ##
+    # SSL Settings
+    ##
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+    ssl_prefer_server_ciphers on;
+
+    ##
+    # Logging Settings
+    ##
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log;
+
+    ##
+    # Gzip Settings
+    ##
+
+    gzip on;
+
+    # gzip_vary on;
+    # gzip_proxied any;
+    # gzip_comp_level 6;
+    # gzip_buffers 16 8k;
+    # gzip_http_version 1.1;
+    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    ##
+    # Virtual Host Configs
+    ##
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+#
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}
diff --git a/test/cr/requirements.txt b/test/cr/app/requirements.txt
similarity index 100%
rename from test/cr/requirements.txt
rename to test/cr/app/requirements.txt
diff --git a/test/cr/app/start.sh b/test/cr/app/start.sh
new file mode 100755
index 0000000..16ee34d
--- /dev/null
+++ b/test/cr/app/start.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+#  ============LICENSE_START===============================================
+#  Copyright (C) 2020 Nordix Foundation. All rights reserved.
+#  ========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END=================================================
+#
+
+#start nginx
+nginx -c /usr/src/app/nginx.conf
+
+#start mrstub
+python3 -u cr.py
diff --git a/test/cr/basic_test.sh b/test/cr/basic_test.sh
index 8be110a..dbaca4f 100755
--- a/test/cr/basic_test.sh
+++ b/test/cr/basic_test.sh
@@ -20,7 +20,27 @@
 # Automated test script for callback receiver container
 
 # callbackreciver port
-export PORT=8090
+# export PORT=8090
+if [ $# -ne 1 ]; then
+    echo "Usage: ./basic_test.sh nonsecure|secure"
+    exit 1
+fi
+if [ "$1" != "nonsecure" ] && [ "$1" != "secure" ]; then
+    echo "Usage: ./basic_test.sh nonsecure|secure"
+    exit 1
+fi
+
+if [ $1 == "nonsecure" ]; then
+    #Default http port for the simulator
+    PORT=8090
+    # Set http protocol
+    HTTPX="http"
+else
+    #Default https port for the simulator
+    PORT=8091
+    # Set https protocol
+    HTTPX="https"
+fi
 
 # source function to do curl and check result
 . ../common/do_curl_function.sh
diff --git a/test/cr/cert/cert.crt b/test/cr/cert/cert.crt
new file mode 100644
index 0000000..a24dfc4
--- /dev/null
+++ b/test/cr/cert/cert.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICljCCAX4CCQCv7SV/aTc/YjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQGEwJT
+RTAeFw0yMDA1MDMwMDI0MzdaFw00NzA5MTgwMDI0MzdaMA0xCzAJBgNVBAYTAlNF
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsGQcCv+Ce/+AbHx+3Wu
+ujGtWF7uLX+/MahOHPfdXqidwG7OpmYnGkL06cA52P0BcZdc1hPGQbQdFJC8aW6U
+5X9owRz9IRiwpzRhRqmMJfeqrLaqLL9K5MpCv+qsDzXu9ngRLJDk5CyeEfTjosEr
+GWDywWahQKHChamdH701djFGwWGP3gttGvQoMnaSpzeyDKitBZql6bSxKkhWgFop
+yxfU7qjbzOASLWaMx2r+MIJ88+AYDqYBTj649N534AYrIdjlQnvEKzGH0sOgHFYO
+oaTTvmE/vRPlmbSX1U7mo/SvMWNPZkKUPDltyapOpBltfMiRJH4ndLOXJWRgmYha
+SQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAdAwQpntpgUWUxCTk/Pw2+w5v+VxMM
+K6QWhm9JdRn3XKQnKrFexVRso/x8TA8V50EUGwQwbnKApNXvJsV2jvbP/YwDsG2u
+jBxs0DSspjDvbhUTkuWNYufQZIUGYMyccHap+CKD4rD2loMkmwbh5rII3SGEzUFE
+rOY4VhqDjGCcILbChiY/QMA6Uyb6jLGxTARhgblWi9RWr9LuKv7raaUcnAIz1GO8
+z559kUnOKbsB46RZKRa0uIumz9qqXqxnVLWnIwT3DinpXsnzcPqNyyhTk6XR+W5o
+0AuUCyT1WKlejrfMmmV6hRNHbT4x7cQrx4EjNf5hM00mN++F+QdGMa/G
+-----END CERTIFICATE-----
diff --git a/test/cr/cert/generate_cert_and_key.sh b/test/cr/cert/generate_cert_and_key.sh
new file mode 100755
index 0000000..0f79bbf
--- /dev/null
+++ b/test/cr/cert/generate_cert_and_key.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+#  ============LICENSE_START===============================================
+#  Copyright (C) 2020 Nordix Foundation. All rights reserved.
+#  ========================================================================
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+#  ============LICENSE_END=================================================
+#
+
+# This will generate a self-signed certificate with password 'test'
+openssl req -x509 -passout pass:"test" -newkey rsa:2048 -keyout key.crt -out cert.crt -days 9999
diff --git a/test/cr/cert/key.crt b/test/cr/cert/key.crt
new file mode 100644
index 0000000..105ee75
--- /dev/null
+++ b/test/cr/cert/key.crt
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIpz2Uxhl1+ZwCAggA
+MB0GCWCGSAFlAwQBKgQQu1or54X1Bk5IMPGoDrdxkASCBNCBKcePejHXlG0fb2qt
+TtQrpEr8UR60iFOaeUQ2Lc1zK0wzFCXAIXEWEcaozv75mJ5ReemkBMCyuzPJnoiM
+LTeKuoUw8l48S9arB9l+/vVgUnMY0fm+QDsnPffkXKxC2kNwwFgGCT7tIGezuo/e
+a9a5JJY707YEnkhUKWAQI2Oz/I95tbeYu64d/WtSN2OLu5JVLsCGAhV4cqcShjEb
+pFlfgOHrT0z+qK7YXVR9P74qAZtGsH2ydUrtPtdvddKRpOAm4LzDNmox4Bs6e9nr
+jY56sVRiHGhqeeqW04qRks5ReZF7zuwEgUSzGNlAcbbHn6FNJPOZKuN0e8KYexEM
+y0G04rSNW8qppMsvez6txsou62CeIZ5LyAumwaJJYzwkob0nCmWYcZl5tSpkXZly
+HsQKI2UlO3tiRKd057a46/kxcK85Pwav3Il+FaRXJkzl2rkU3DSy9SjaGL0ROD0U
+1EaZCjeDdzN2GmqRQ1WhN5ivowQyWVf6H/mrxtkWZ3qLKmpa1JmvUgOybPcbqqQr
+tqjj3Oj0zvLFZDqBjfIlTAAimXPgh6qLHH+qUGrI62pMpaldNZNy/swnpPuTX2sF
+TUxFZvnGOmG3qHyvPm91+PypbdVSMb0PeB75XQFqWmajwnua7xfWrH8PLSijp5xQ
+aLyiJ1jjFqXWE9D2v7JhB2BNCYlHxP98UI8kHxh7Fw5y0EKT5pCcbrg2nuLzMrCz
+D4QaxZRuiIiPgy21kowk3WbHLYAjG7f9cIcbbX6Khc/3ulbB8xJ24WNRuzv4EHeh
+TATHqk8nIgpkn1zmvPsKILdWzqZh70IlSctSzoIGzI6C2J76ycSZmcKtar2BZya9
+f1coUlFgXMvdmrf4bt4j2u/biA48OJaVlWBYVfIXUbliFTAQ8biRZFC2n3Xg+W8t
+U2xqW14lZWBOIQFJp27foG6Z4JzyL2WZgQ0PWe0m0+tDaKA/LSWB2Qpwt4o2n0cb
+RCs++c0eFCeOgErEfmmeburMhzQsfkUqpsL+J/ZMaRSiuTCpYM8qbz+KKT/Z6zbl
+2cHWxSFRIqRKAMsj2a61IANjNIdwi2uBHZrWH1HMVVXAbGUJQFKZhxdpn5PBrXqg
+vHRa9u0MQFCjs9NcQAGnBQDS6u+pUVO02WT4MvTker+hbu+f6NPU9FMLu+QbQUEP
+SUdEZL4W9ZuBTdS3n/fTHEL8wKRB5yEW/CS5JuD+8YinZZXrsd3n3Oky05fdk6Bk
+QH9cjMXdsd0Sb0Epw3CWGtXZ6YTHlVWqjdTNlOQdzQ7qfzktgcKujGwvQK0Mgd8x
+nmG+f/HWMOss0JEL3ZR+K9Rr50u8/R+W5+e4VE57yw1fg9Jpq2/sVe2Pt8S7isFK
+qDLoFZtF5RXi1O9KcA9BpnQX1ihPSC1RoY1pGXoF2D4KkV9U4/4j2qM6MGxjQ6lw
+MN0qJ/N70Lti3YWqvYiTymLwVJr8FqoMQsV19MB8012Xd51Bvy6igddhrO83wuuV
+b8PlUzl3Tl7yOviYqxiJ0xd8qw+Hs4+FkHbZIFJcUzTHVbb4SlPUE3wn6nrrIcfK
+rT4wsYhK3afrlvK3ILi6kzzazS1dK+Hv9+mNozNf5u5nNBFQ+7MhtttzLWIaiV6D
+ilLpOwcoO0X0qrzXKR7a+rQ/Dw==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/test/cr/cert/pass b/test/cr/cert/pass
new file mode 100644
index 0000000..30d74d2
--- /dev/null
+++ b/test/cr/cert/pass
@@ -0,0 +1 @@
+test
\ No newline at end of file
diff --git a/test/cr/cr-build-start.sh b/test/cr/cr-build-start.sh
index 1954eb7..a971d68 100755
--- a/test/cr/cr-build-start.sh
+++ b/test/cr/cr-build-start.sh
@@ -21,4 +21,4 @@
 
 docker build -t callback-receiver .
 
-docker run -it -p 8090:8090 callback-receiver
+docker run -it -p 8090:8090 -p 8091:8091 callback-receiver