summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRavi Geda <gravik@amdocs.com>2018-09-17 12:57:44 +0100
committerRavi Geda <gravik@amdocs.com>2018-09-20 12:44:40 +0100
commit6c3031ea90d5b51ae44a599c0cd0d95c057cf633 (patch)
tree430df4d43b04db902d21a80e19e465fa3312951b
parent85f33095c117ba5b361749746d564e6308a33f14 (diff)
Add forward proxy code
Add a maven module called sidecar to cadi. Add forward proxy as a maven module to sidecar. Note that though sidecar is a module of cadi it does not inherit from cadi's pom. Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6 Issue-ID: AAI-1603 Signed-off-by: Ravi Geda <gravik@amdocs.com>
-rw-r--r--pom.xml1
-rw-r--r--sidecar/fproxy/License.txt17
-rw-r--r--sidecar/fproxy/README.md41
-rw-r--r--sidecar/fproxy/config/auth/client-cert.p12bin0 -> 2556 bytes
-rw-r--r--sidecar/fproxy/config/auth/tomcat_keystorebin0 -> 2214 bytes
-rw-r--r--sidecar/fproxy/config/fproxy.properties2
-rw-r--r--sidecar/fproxy/config/logback-spring.xml48
-rw-r--r--sidecar/fproxy/config/readme.txt1
-rw-r--r--sidecar/fproxy/pom.xml190
-rw-r--r--sidecar/fproxy/src/main/bin/start.sh32
-rw-r--r--sidecar/fproxy/src/main/docker/Dockerfile35
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java37
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java74
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java70
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java37
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java116
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java89
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java72
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java100
-rw-r--r--sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java35
-rw-r--r--sidecar/fproxy/src/main/resources/application.properties14
-rw-r--r--sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java49
-rw-r--r--sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java208
-rw-r--r--sidecar/fproxy/version.properties13
-rw-r--r--sidecar/pom.xml80
25 files changed, 1361 insertions, 0 deletions
diff --git a/pom.xml b/pom.xml
index 78d6633..a4ffa90 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,6 +131,7 @@
<modules>
<module>shiro</module>
<module>shiro-osgi-bundle</module>
+ <module>sidecar</module>
</modules>
<!-- ============================================================== -->
diff --git a/sidecar/fproxy/License.txt b/sidecar/fproxy/License.txt
new file mode 100644
index 0000000..05117f8
--- /dev/null
+++ b/sidecar/fproxy/License.txt
@@ -0,0 +1,17 @@
+============LICENSE_START=======================================================
+org.onap.aaf
+================================================================================
+Copyright © 2018 European Software Marketing Ltd.
+================================================================================
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+============LICENSE_END========================================================= \ No newline at end of file
diff --git a/sidecar/fproxy/README.md b/sidecar/fproxy/README.md
new file mode 100644
index 0000000..e1d3667
--- /dev/null
+++ b/sidecar/fproxy/README.md
@@ -0,0 +1,41 @@
+# Introduction
+
+The AAF Forward Proxy is a forward proxy service with credential caching capabilities for incoming REST requests. It is one of two applications (along with Reverse proxy) deployed as a
+Kubernetes sidecar to the main Primary service
+
+## Features
+
+Forward Proxy:
+
+* The service will forward all incoming REST requests on to their original endpoints.
+* Add any cached security credentials to the forwarding request
+
+### Credential Cache:
+The credential cache is a short-lived in-memory cache, keyed on a transaction ID. The following data is cached:
+
+* Transaction ID - this is the key for retrieving cached values
+* CredentialName - this is the name of the credential to be cached.
+ This should correspond to the header name for a header credential, or the cookie name for a cookie credential.
+* CredentialValue - this is the value associated with the credential.
+ This should correspond to the header value of a header credential, or the cookie contents for a cookie credential.
+* CredentialType - this is the type of the credential to be cached. Currently supported values are: HEADER, COOKIE.
+ The cache has a configurable cache expiry period, so that any cache entries older than the expiry period will be automatically removed from the cache.
+
+### Credential Cache REST API:
+Credentials can be added to the credential cache by performing a REST POST using the following URL:
+
+(Note that the transaction ID is provided as a URL parameter)
+
+https://<host>:<port>/credential-cache/<transactionid>
+The body of the request should contain the cached data (described above) in JSON format as follows:
+
+{ "credentialName":"foo", "credentialValue":"bar", "credentialType":"<HEADER/COOKIE>" }
+
+
+## Configuring the fProxy service
+The fProxy service is configured through the fproxy.properties file that resides under the ${CONFIG_HOME} environment variable.
+
+The file has the following configurable properties:
+
+credential.cache.timeout.ms This is the time in milliseconds that a cache entry will expire after it is added. 180000
+transactionid.header.name This is the name of the header in incoming requests that will contain the transaction ID. X-TransactionId \ No newline at end of file
diff --git a/sidecar/fproxy/config/auth/client-cert.p12 b/sidecar/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/sidecar/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/sidecar/fproxy/config/auth/tomcat_keystore b/sidecar/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..9eec841
--- /dev/null
+++ b/sidecar/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/sidecar/fproxy/config/fproxy.properties b/sidecar/fproxy/config/fproxy.properties
new file mode 100644
index 0000000..f512fb7
--- /dev/null
+++ b/sidecar/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId \ No newline at end of file
diff --git a/sidecar/fproxy/config/logback-spring.xml b/sidecar/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000..75ec26d
--- /dev/null
+++ b/sidecar/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <property name="LOGS" value="./logs/AAF-FPS" />
+ <property name="FILEPREFIX" value="application" />
+
+ <appender name="Console"
+ class="ch.qos.logback.core.ConsoleAppender">
+ <layout class="ch.qos.logback.classic.PatternLayout">
+ <Pattern>
+ %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+ </Pattern>
+ </layout>
+ </appender>
+
+ <appender name="RollingFile"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${LOGS}/${FILEPREFIX}.log</file>
+ <encoder
+ class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+ </encoder>
+
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- rollover daily and when the file reaches 10 MegaBytes -->
+ <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+ </fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>10MB</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ </rollingPolicy>
+ </appender>
+
+ <!-- LOG everything at INFO level -->
+ <root level="info">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </root>
+
+ <!-- LOG "org.onap.aaf.fproxy" at DEBUG level -->
+ <logger name="org.onap.aaf.fproxy" level="debug" additivity="false">
+ <appender-ref ref="RollingFile" />
+ <appender-ref ref="Console" />
+ </logger>
+
+</configuration> \ No newline at end of file
diff --git a/sidecar/fproxy/config/readme.txt b/sidecar/fproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/sidecar/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file
diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml
new file mode 100644
index 0000000..8035e84
--- /dev/null
+++ b/sidecar/fproxy/pom.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aaf
+ ================================================================================
+ Copyright © 2018 European Software Marketing Ltd.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <artifactId>fproxy</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <packaging>jar</packaging>
+
+ <parent>
+ <groupId>org.onap.aaf.cadi</groupId>
+ <artifactId>sidecar</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ </parent>
+
+ <name>aaf-fproxy</name>
+ <description>ONAP AAF Forward Proxy Microservice For Pluggable Security</description>
+
+ <properties>
+ <!-- Spring boot version -->
+ <spring.boot.version>2.0.3.RELEASE</spring.boot.version>
+ <docker.location>${basedir}/target</docker.location>
+ <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
+ </properties>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <!-- Import dependency management from Spring Boot -->
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-dependencies</artifactId>
+ <version>${spring.boot.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-jetty</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-web</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ <groupId>org.springframework.boot</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-actuator</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-lang3</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpclient</artifactId>
+ </dependency>
+
+ <!-- Testing -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+ <build>
+ <finalName>fproxy</finalName>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ <version>${spring.boot.version}</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>repackage</goal>
+ </goals>
+ <configuration>
+ <classifier>exec</classifier>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>com.mycila</groupId>
+ <artifactId>license-maven-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <reuseForks>false</reuseForks>
+ <forkCount>1</forkCount>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>3.0.2</version>
+ <executions>
+ <execution>
+ <id>copy-docker-file</id>
+ <phase>package</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>target</outputDirectory>
+ <overwrite>true</overwrite>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/main/docker</directory>
+ <filtering>true</filtering>
+ </resource>
+ <resource>
+ <directory>${basedir}/src/main/bin/</directory>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>com.spotify</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <version>0.4.11</version>
+ <dependencies>
+ <dependency>
+ <groupId>com.github.jnr</groupId>
+ <artifactId>jnr-unixsocket</artifactId>
+ <version>0.13</version>
+ </dependency>
+ </dependencies>
+ <configuration>
+ <verbose>true</verbose>
+ <serverId>docker-hub</serverId>
+ <imageName>${docker.push.registry}/onap/${project.artifactId}</imageName>
+ <dockerDirectory>${docker.location}</dockerDirectory>
+ <imageTags>
+ <imageTag>latest</imageTag>
+ </imageTags>
+ <forceTags>true</forceTags>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-deploy-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
diff --git a/sidecar/fproxy/src/main/bin/start.sh b/sidecar/fproxy/src/main/bin/start.sh
new file mode 100644
index 0000000..53662b6
--- /dev/null
+++ b/sidecar/fproxy/src/main/bin/start.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# ============LICENSE_START=======================================================
+# org.onap.aaf
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 European Software Marketing Ltd.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+BASEDIR="/opt/app/fproxy"
+
+if [ -z "${KEY_STORE_PASSWORD}" ]; then
+ echo "KEY_STORE_PASSWORD must be set in order to start up process"
+ exit 1
+fi
+
+PROPS="-DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}"
+JVM_MAX_HEAP=${MAX_HEAP:-1024}
+
+exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${BASEDIR}/fproxy-exec.jar
diff --git a/sidecar/fproxy/src/main/docker/Dockerfile b/sidecar/fproxy/src/main/docker/Dockerfile
new file mode 100644
index 0000000..d91f0e3
--- /dev/null
+++ b/sidecar/fproxy/src/main/docker/Dockerfile
@@ -0,0 +1,35 @@
+FROM ubuntu:14.04
+
+ARG MICRO_HOME=/opt/app/fproxy
+ARG BIN_HOME=$MICRO_HOME/bin
+ARG JAR_FILE=fproxy-exec.jar
+
+RUN apt-get update
+
+# Install and setup java8
+RUN apt-get update && apt-get install -y software-properties-common
+## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step
+RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk
+
+RUN sudo dpkg --purge --force-depends ca-certificates-java
+RUN sudo apt-get install ca-certificates-java
+
+## Setup JAVA_HOME, this is useful for docker commandline
+ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture)
+RUN export JAVA_HOME
+
+# Build up the deployment folder structure
+RUN mkdir -p $MICRO_HOME
+COPY ${JAR_FILE} $MICRO_HOME
+RUN mkdir -p $BIN_HOME
+COPY *.sh $BIN_HOME
+RUN chmod 755 $BIN_HOME/*
+RUN ln -s /logs $MICRO_HOME/logs
+RUN mkdir /logs
+# Create the appuser
+RUN groupadd -r appgroup && \
+ useradd -r -u 1001 -g appgroup appuser && \
+ chown -R appuser:appgroup $MICRO_HOME && \
+ chmod 777 /logs
+USER appuser
+CMD ["/opt/app/fproxy/bin/start.sh"]
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java
new file mode 100644
index 0000000..f433c65
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java
@@ -0,0 +1,37 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import org.onap.aaf.fproxy.cache.CredentialCache;
+import org.onap.aaf.fproxy.cache.InMemoryCredentialCache;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Scope;
+
+@Configuration
+public class CredentialCacheConfig {
+
+ @Bean
+ @Scope("singleton")
+ public CredentialCache inMemoryCredentialCacheSingleton() {
+ return new InMemoryCredentialCache();
+ }
+
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java
new file mode 100644
index 0000000..d226dc8
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java
@@ -0,0 +1,74 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import java.util.HashMap;
+import javax.annotation.PostConstruct;
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.env.Environment;
+
+@SpringBootApplication
+@PropertySource("file:${CONFIG_HOME}/fproxy.properties")
+public class FProxyApplication extends SpringBootServletInitializer {
+
+ @Autowired
+ private Environment env;
+
+ /**
+ * Spring Boot Initialization.
+ *
+ * @param args main args
+ */
+ public static void main(String[] args) {
+ String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD");
+ if (keyStorePassword == null || keyStorePassword.isEmpty()) {
+ throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set");
+ }
+ HashMap<String, Object> props = new HashMap<>();
+ props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
+ new FProxyApplication().configure(new SpringApplicationBuilder(FProxyApplication.class).properties(props))
+ .run(args);
+ }
+
+ /**
+ * Set required trust store system properties using values from application.properties
+ */
+ @PostConstruct
+ public void setSystemProperties() {
+ String keyStorePath = env.getProperty("server.ssl.key-store");
+ if (keyStorePath != null) {
+ String keyStorePassword = env.getProperty("server.ssl.key-store-password");
+
+ if (keyStorePassword != null) {
+ System.setProperty("javax.net.ssl.keyStore", keyStorePath);
+ System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
+ System.setProperty("javax.net.ssl.trustStore", keyStorePath);
+ System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
+ } else {
+ throw new IllegalArgumentException("Env property server.ssl.key-store-password not set");
+ }
+ }
+ }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
new file mode 100644
index 0000000..a1aef28
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
@@ -0,0 +1,70 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.ResourceUtils;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class RestTemplateConfig {
+
+ @Value("${server.ssl.client-cert}")
+ private String clientCertPath;
+
+ @Value("${server.ssl.key-store-password}")
+ private String clientCertPassword;
+
+ @Profile("secure")
+ @Bean
+ public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
+ return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build()));
+ }
+
+ @Profile("noHostVerification")
+ @Bean
+ public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder)
+ throws GeneralSecurityException, IOException {
+ return new RestTemplate(new HttpComponentsClientHttpRequestFactory(
+ getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build()));
+ }
+
+ private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
+
+ SSLContext sslContext = SSLContextBuilder.create()
+ .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(),
+ clientCertPassword.toCharArray())
+ .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build();
+
+ return HttpClients.custom().setSSLContext(sslContext);
+ }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java
new file mode 100644
index 0000000..00fe9d4
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java
@@ -0,0 +1,37 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.cache;
+
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+import org.springframework.lang.Nullable;
+
+public interface CredentialCache {
+
+ void add(String key, CredentialCacheData value, long periodInMillis);
+
+ void remove(String key);
+
+ @Nullable
+ CredentialCacheData get(String key);
+
+ void clear();
+
+ long size();
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java
new file mode 100644
index 0000000..44ce0cd
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java
@@ -0,0 +1,116 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.cache;
+
+import java.lang.ref.SoftReference;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.DelayQueue;
+import java.util.concurrent.Delayed;
+import java.util.concurrent.TimeUnit;
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+
+public class InMemoryCredentialCache implements CredentialCache {
+
+ private final ConcurrentHashMap<String, SoftReference<CredentialCacheData>> cache = new ConcurrentHashMap<>();
+ private final DelayQueue<DelayedCacheObject> cleaningUpQueue = new DelayQueue<>();
+
+ public InMemoryCredentialCache() {
+ Thread cleanerThread = new Thread(() -> {
+ while (!Thread.currentThread().isInterrupted()) {
+ try {
+ DelayedCacheObject delayedCacheObject = cleaningUpQueue.take();
+ cache.remove(delayedCacheObject.getKey(), delayedCacheObject.getReference());
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ }
+ }
+ });
+ cleanerThread.setDaemon(true);
+ cleanerThread.start();
+ }
+
+ @Override
+ public void add(String key, CredentialCacheData value, long periodInMillis) {
+ if (key == null) {
+ return;
+ }
+ if (value == null) {
+ cache.remove(key);
+ } else {
+ long expiryTime = System.currentTimeMillis() + periodInMillis;
+ SoftReference<CredentialCacheData> reference = new SoftReference<>(value);
+ cache.put(key, reference);
+ cleaningUpQueue.put(new DelayedCacheObject(key, reference, expiryTime));
+ }
+ }
+
+ @Override
+ public void remove(String key) {
+ cache.remove(key);
+ }
+
+ @Override
+ public CredentialCacheData get(String key) {
+ return Optional.ofNullable(cache.get(key)).map(SoftReference::get).orElse(null);
+ }
+
+ @Override
+ public void clear() {
+ cache.clear();
+ }
+
+ @Override
+ public long size() {
+ return cache.size();
+ }
+
+ private static class DelayedCacheObject implements Delayed {
+
+ private final String key;
+ private final SoftReference<CredentialCacheData> reference;
+ private final long expiryTime;
+
+ public DelayedCacheObject(String key, SoftReference<CredentialCacheData> reference, long expiryTime) {
+ super();
+ this.key = key;
+ this.reference = reference;
+ this.expiryTime = expiryTime;
+ }
+
+ @Override
+ public long getDelay(TimeUnit unit) {
+ return unit.convert(expiryTime - System.currentTimeMillis(), TimeUnit.MILLISECONDS);
+ }
+
+ @Override
+ public int compareTo(Delayed o) {
+ return Long.compare(expiryTime, ((DelayedCacheObject) o).expiryTime);
+ }
+
+ public String getKey() {
+ return key;
+ }
+
+ public SoftReference<CredentialCacheData> getReference() {
+ return reference;
+ }
+ }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java
new file mode 100644
index 0000000..b80fc32
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java
@@ -0,0 +1,89 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.cache.utils;
+
+import javax.servlet.http.HttpServletRequest;
+import org.onap.aaf.fproxy.cache.CredentialCache;
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import org.springframework.web.util.WebUtils;
+
+@Component
+public class CacheUtils {
+
+ Logger logger = LoggerFactory.getLogger(CacheUtils.class);
+
+ @Autowired
+ private CredentialCache credentialCache;
+
+ @Value("${transactionid.header.name}")
+ private String transactionIdHeaderName;
+
+ public void populateCredentialsFromCache(HttpHeaders headers, HttpServletRequest request) {
+ String transactionId = headers.getFirst(transactionIdHeaderName);
+ if (transactionId != null) {
+ CredentialCacheData cacheData = credentialCache.get(transactionId);
+ if (cacheData == null) {
+ logger.info("Transaction ID {} not found in cache, skipping credential population...", transactionId);
+ } else if (cacheData.getCredentialType().equals(CredentialType.HEADER)) {
+ logger.info("Populating header credentials from cache for transaction ID: {}", transactionId);
+ applyHeaderCacheData(cacheData, headers);
+ } else if (cacheData.getCredentialType().equals(CredentialType.COOKIE)) {
+ logger.info("Populating cookie credentials from cache for transaction ID: {}", transactionId);
+ applyCookieCacheData(cacheData, headers, request);
+ }
+ } else {
+ logger.info("No transaction ID found in request, skipping credential population...");
+ }
+ }
+
+ private void applyHeaderCacheData(CredentialCacheData cacheData, HttpHeaders headers) {
+ String credentialName = cacheData.getCredentialName();
+ if (!headers.containsKey(credentialName)) {
+ headers.add(credentialName, cacheData.getCredentialValue());
+ logger.info("Header credentials successfully populated.");
+ } else {
+ logger.info("Request already contains header with name: {}, skipping credential population...",
+ credentialName);
+ }
+ }
+
+ private void applyCookieCacheData(CredentialCacheData cacheData, HttpHeaders headers, HttpServletRequest request) {
+ String credentialName = cacheData.getCredentialName();
+ // Check if Cookie with same name is already set then skip
+ if (WebUtils.getCookie(request, credentialName) == null) {
+ headers.add(HttpHeaders.COOKIE, cacheData.getCredentialValue());
+ logger.info("Cookie credentials successfully populated.");
+ } else {
+ logger.info("Request already contains cookie with name: {}, skipping credential population...",
+ credentialName);
+ }
+ }
+
+ public void addCredentialsToCache(String transactionId, CredentialCacheData credentialdata, long cacheExpiryMs) {
+ credentialCache.add(transactionId, credentialdata, cacheExpiryMs);
+ }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java
new file mode 100644
index 0000000..b72ea08
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java
@@ -0,0 +1,72 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.data;
+
+public class CredentialCacheData {
+
+ public enum CredentialType {
+ HEADER, COOKIE;
+ }
+
+ private String credentialName;
+ private String credentialValue;
+ private CredentialType credentialType;
+
+ public CredentialCacheData() {
+ super();
+ }
+
+ public CredentialCacheData(String credentialName, String credentialValue, CredentialType credentialType) {
+ super();
+ this.credentialName = credentialName;
+ this.credentialValue = credentialValue;
+ this.credentialType = credentialType;
+ }
+
+ public String getCredentialName() {
+ return credentialName;
+ }
+
+ public void setCredentialName(String credentialName) {
+ this.credentialName = credentialName;
+ }
+
+ public String getCredentialValue() {
+ return credentialValue;
+ }
+
+ public void setCredentialValue(String credentialValue) {
+ this.credentialValue = credentialValue;
+ }
+
+ public Enum<CredentialType> getCredentialType() {
+ return credentialType;
+ }
+
+ public void setCredentialType(CredentialType credentialType) {
+ this.credentialType = credentialType;
+ }
+
+ @Override
+ public String toString() {
+ return "CredentialCacheData [credentialName=" + credentialName + ", credentialType=" + credentialType + "]";
+ }
+
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java
new file mode 100644
index 0000000..0d150ba
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java
@@ -0,0 +1,100 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.service;
+
+import java.net.URI;
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.onap.aaf.fproxy.cache.utils.CacheUtils;
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+@RestController
+public class ForwardingProxyService {
+
+ Logger logger = LoggerFactory.getLogger(ForwardingProxyService.class);
+
+ private static final long DEFAULT_CACHE_EXPIRY_MS = 180000; // 3 mins
+
+ @Autowired
+ RestTemplate restTemplate;
+
+ @Autowired
+ CacheUtils cacheUtils;
+
+ @Value("${credential.cache.timeout.ms:" + DEFAULT_CACHE_EXPIRY_MS + "}")
+ long cacheExpiryMs;
+
+ @RequestMapping(value = "/credential-cache/{transactionId}", method = RequestMethod.POST)
+ public ResponseEntity<String> addCredentialToCache(@PathVariable("transactionId") String transactionId,
+ @RequestBody CredentialCacheData credentialdata) {
+ logger.info("Updating credential cache with transaction ID: {}", transactionId);
+
+ // Update credential cache
+ logger.debug("Credential data: {}", credentialdata);
+ cacheUtils.addCredentialsToCache(transactionId, credentialdata, cacheExpiryMs);
+
+ logger.info("Credential cache successfully updated with transaction ID: {}", transactionId);
+ return new ResponseEntity<>(transactionId, HttpStatus.OK);
+ }
+
+ @RequestMapping("/**")
+ public ResponseEntity<String> forwardRest(@RequestBody(required = false) String body, HttpMethod method,
+ HttpServletRequest request, HttpServletResponse response) {
+
+ String requestUrl = request.getRequestURI();
+
+ logger.info("Request received: {}", requestUrl);
+
+ URI uri = UriComponentsBuilder.fromHttpUrl(request.getRequestURL().toString()).query(request.getQueryString())
+ .build(true).toUri();
+
+ HttpHeaders headers = new HttpHeaders();
+ Enumeration<String> headerNames = request.getHeaderNames();
+ while (headerNames.hasMoreElements()) {
+ String headerName = headerNames.nextElement();
+ headers.set(headerName, request.getHeader(headerName));
+ }
+
+ cacheUtils.populateCredentialsFromCache(headers, request);
+
+ HttpEntity<String> httpEntity = new HttpEntity<>(body, headers);
+
+ logger.info("Forwarding request...");
+
+ return restTemplate.exchange(uri, method, httpEntity, String.class);
+ }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java
new file mode 100644
index 0000000..ce6e162
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java
@@ -0,0 +1,35 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.util;
+
+/** This exception is thrown when the request fails validation. */
+public class RequestValidationException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Constructor for an instance of this exception with just a message.
+ *
+ * @param message information about the exception
+ */
+ public RequestValidationException(String message) {
+ super(message);
+ }
+}
diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties
new file mode 100644
index 0000000..d269c54
--- /dev/null
+++ b/sidecar/fproxy/src/main/resources/application.properties
@@ -0,0 +1,14 @@
+CONFIG_HOME=config
+
+server.port=10680
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12
+server.ssl.client-auth=need
+
+server.contextPath=/
+
+logging.config=${CONFIG_HOME}/logback-spring.xml
+
+spring.profiles.active=secure
+
+management.endpoints.web.base-path=/fproxy \ No newline at end of file
diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java
new file mode 100644
index 0000000..ba876e0
--- /dev/null
+++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java
@@ -0,0 +1,49 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.eclipse.jetty.util.security.Password;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.onap.aaf.fproxy.service.ForwardingProxyService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+public class FProxyIT {
+
+ static {
+ System.setProperty("server.ssl.key-store-password",
+ Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
+ }
+
+ @Autowired
+ private ForwardingProxyService fProxyService;
+
+ @Test
+ public void contexLoads() throws Exception {
+ assertThat(fProxyService).isNotNull();
+ }
+}
diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java
new file mode 100644
index 0000000..ccf13e9
--- /dev/null
+++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java
@@ -0,0 +1,208 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.header;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
+import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import javax.servlet.http.Cookie;
+import org.eclipse.jetty.util.security.Password;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.client.MockRestServiceServer;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.web.client.RestTemplate;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+@AutoConfigureMockMvc
+public class FProxyServiceTest {
+
+ static {
+ System.setProperty("server.ssl.key-store-password",
+ Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
+ }
+
+ @Value("${transactionid.header.name}")
+ private String transactionIdHeaderName;
+
+ @Autowired
+ private MockMvc mvc;
+
+ @Autowired
+ private RestTemplate restTemplate;
+
+ private MockRestServiceServer mockServer;
+
+ @Before
+ public void setUp() {
+ mockServer = MockRestServiceServer.createServer(restTemplate);
+ }
+
+ @Test
+ public void testRequestFrowarding() throws Exception {
+ String testUrl = "https://localhost:80/testurl";
+ String testResponse = "Response from MockRestService";
+
+ mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+ .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+ mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk())
+ .andExpect(content().string(equalTo(testResponse)));
+
+ mockServer.verify();
+ }
+
+ @Test
+ public void testCredentialCacheEndpoint() throws Exception {
+ populateCredentialCache("tx1", "headername", "headervalue", CredentialType.HEADER.toString());
+ }
+
+ @Test
+ public void testPopulateHeaderFromCache() throws Exception {
+ String testTransactionId = "tx1";
+ String testUrl = "https://localhost:80/testurl";
+ String headerName = "headername";
+ String headerValue = "headervalue";
+
+ String testResponse = "Response from MockRestService";
+
+ // Populate the cache with header credentials
+ populateCredentialCache(testTransactionId, headerName, headerValue, CredentialType.HEADER.toString());
+
+ // Expect mock server to be called with request containing cached header
+ mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+ .andExpect(header(headerName, headerValue))
+ .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+ // Send request to mock server with transaction Id
+ mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+ .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk())
+ .andExpect(content().string(equalTo(testResponse)));
+
+ mockServer.verify();
+ }
+
+ @Test
+ public void testHeaderAlreadyExists() throws Exception {
+ String testTransactionId = "tx1";
+ String testUrl = "https://localhost:80/testurl";
+ String headerName = "headername";
+ String headerValue = "headervalue";
+ String newHeaderValue = "newheadervalue";
+
+ String testResponse = "Response from MockRestService";
+
+ // Populate the cache with header credentials using a new value
+ populateCredentialCache(testTransactionId, headerName, newHeaderValue, CredentialType.HEADER.toString());
+
+ // Expect mock server to be called with request containing the original header credential value, not the cached
+ // new header value
+ mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+ .andExpect(header(headerName, headerValue))
+ .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+ // Send request to mock server that already contains a header with same name as the one that has been cached
+ mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+ .header(transactionIdHeaderName, testTransactionId).header(headerName, headerValue))
+ .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse)));
+
+ mockServer.verify();
+ }
+
+ @Test
+ public void testPopulateCookieFromCache() throws Exception {
+ String testTransactionId = "tx1";
+ String testUrl = "https://localhost:80/testurl";
+ String cookieName = "testcookie";
+ String cookieValue = "testcookie=testvalue";
+ String testResponse = "Response from MockRestService";
+
+ // Populate the cache with cookie credentials
+ populateCredentialCache(testTransactionId, cookieName, cookieValue, CredentialType.COOKIE.toString());
+
+ // Expect mock server to be called with request containing cached header
+ mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+ .andExpect(header(HttpHeaders.COOKIE, cookieValue))
+ .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+ // Send request to mock server with transaction Id
+ mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+ .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk())
+ .andExpect(content().string(equalTo(testResponse)));
+
+ mockServer.verify();
+ }
+
+ @Test
+ public void testCookieAlreadyExists() throws Exception {
+ String testTransactionId = "tx1";
+ String testUrl = "https://localhost:80/testurl";
+ String cookieName = "testcookie";
+ String cookieValue = "testvalue";
+ String newCookieValue = "newtestvalue";
+
+ String testResponse = "Response from MockRestService";
+
+ // Populate the cache with cookie credentials using a new value
+ populateCredentialCache(testTransactionId, cookieName, newCookieValue, CredentialType.COOKIE.toString());
+
+ // Expect mock server to be called with request containing the original cookie credential value, not the cached
+ // new cookie value
+ mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+ .andExpect(header(HttpHeaders.COOKIE, cookieName + "=" + cookieValue))
+ .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+ // Send request to mock server that already contains a cookie with same name as the one that has been cached
+ mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+ .header(transactionIdHeaderName, testTransactionId).cookie(new Cookie(cookieName, cookieValue)))
+ .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse)));
+
+ mockServer.verify();
+ }
+
+ private void populateCredentialCache(String transactionId, String credentialName, String credentialValue,
+ String credentialType) throws Exception {
+ String cacheUrl = "https://localhost:80/credential-cache/" + transactionId;
+ String requestBody = "{ \"credentialName\":\"" + credentialName + "\", \"credentialValue\":\"" + credentialValue
+ + "\", \"credentialType\":\"" + credentialType + "\" }";
+
+ // Populate the cache with credentials
+ mvc.perform(MockMvcRequestBuilders.post(cacheUrl).content(requestBody).contentType(MediaType.APPLICATION_JSON)
+ .accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk())
+ .andExpect(content().string(equalTo(transactionId)));
+ }
+}
diff --git a/sidecar/fproxy/version.properties b/sidecar/fproxy/version.properties
new file mode 100644
index 0000000..5128787
--- /dev/null
+++ b/sidecar/fproxy/version.properties
@@ -0,0 +1,13 @@
+# Versioning variables
+# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
+# because they are used in Jenkins, whose plug-in doesn't support
+
+major=1
+minor=0
+patch=0
+
+base_version=${major}.${minor}.${patch}
+
+# Release must be completed with git revision # in Jenkins
+release_version=${base_version}
+snapshot_version=${base_version}-SNAPSHOT
diff --git a/sidecar/pom.xml b/sidecar/pom.xml
new file mode 100644
index 0000000..d33816c
--- /dev/null
+++ b/sidecar/pom.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ ============LICENSE_START=======================================================
+ org.onap.aaf
+ ================================================================================
+ Copyright © 2018 European Software Marketing Ltd.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.onap.aaf.cadi</groupId>
+ <artifactId>sidecar</artifactId>
+ <version>1.0.0-SNAPSHOT</version>
+ <name>aaf-cadi-sidecar</name>
+ <packaging>pom</packaging>
+
+ <parent>
+ <groupId>org.onap.oparent</groupId>
+ <artifactId>oparent</artifactId>
+ <version>1.2.0</version>
+ <relativePath />
+ </parent>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ <java.version>1.8</java.version>
+ </properties>
+
+ <!-- ============================================================== -->
+ <!-- Define sub-projects (modules) -->
+ <!-- ============================================================== -->
+ <modules>
+ <module>fproxy</module>
+ </modules>
+
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>com.mycila</groupId>
+ <artifactId>license-maven-plugin</artifactId>
+ <version>3.0</version>
+ <configuration>
+ <header>License.txt</header>
+ <includes>
+ <include>src/main/java/**</include>
+ <include>src/test/java/**</include>
+ <include>pom.xml</include>
+ </includes>
+ <skipExistingHeaders>true</skipExistingHeaders>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <!-- Set goal from "check" to "format" to auto update license headers -->
+ <goal>check</goal>
+ </goals>
+ <phase>validate</phase>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+</project>