diff options
Diffstat (limited to 'sidecar/fproxy')
23 files changed, 1280 insertions, 0 deletions
diff --git a/sidecar/fproxy/License.txt b/sidecar/fproxy/License.txt new file mode 100644 index 0000000..05117f8 --- /dev/null +++ b/sidecar/fproxy/License.txt @@ -0,0 +1,17 @@ +============LICENSE_START======================================================= +org.onap.aaf +================================================================================ +Copyright © 2018 European Software Marketing Ltd. +================================================================================ +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +============LICENSE_END=========================================================
\ No newline at end of file diff --git a/sidecar/fproxy/README.md b/sidecar/fproxy/README.md new file mode 100644 index 0000000..e1d3667 --- /dev/null +++ b/sidecar/fproxy/README.md @@ -0,0 +1,41 @@ +# Introduction + +The AAF Forward Proxy is a forward proxy service with credential caching capabilities for incoming REST requests. It is one of two applications (along with Reverse proxy) deployed as a +Kubernetes sidecar to the main Primary service + +## Features + +Forward Proxy: + +* The service will forward all incoming REST requests on to their original endpoints. +* Add any cached security credentials to the forwarding request + +### Credential Cache: +The credential cache is a short-lived in-memory cache, keyed on a transaction ID. The following data is cached: + +* Transaction ID - this is the key for retrieving cached values +* CredentialName - this is the name of the credential to be cached. + This should correspond to the header name for a header credential, or the cookie name for a cookie credential. +* CredentialValue - this is the value associated with the credential. + This should correspond to the header value of a header credential, or the cookie contents for a cookie credential. +* CredentialType - this is the type of the credential to be cached. Currently supported values are: HEADER, COOKIE. + The cache has a configurable cache expiry period, so that any cache entries older than the expiry period will be automatically removed from the cache. + +### Credential Cache REST API: +Credentials can be added to the credential cache by performing a REST POST using the following URL: + +(Note that the transaction ID is provided as a URL parameter) + +https://<host>:<port>/credential-cache/<transactionid> +The body of the request should contain the cached data (described above) in JSON format as follows: + +{ "credentialName":"foo", "credentialValue":"bar", "credentialType":"<HEADER/COOKIE>" } + + +## Configuring the fProxy service +The fProxy service is configured through the fproxy.properties file that resides under the ${CONFIG_HOME} environment variable. + +The file has the following configurable properties: + +credential.cache.timeout.ms This is the time in milliseconds that a cache entry will expire after it is added. 180000 +transactionid.header.name This is the name of the header in incoming requests that will contain the transaction ID. X-TransactionId
\ No newline at end of file diff --git a/sidecar/fproxy/config/auth/client-cert.p12 b/sidecar/fproxy/config/auth/client-cert.p12 Binary files differnew file mode 100644 index 0000000..dbf4fca --- /dev/null +++ b/sidecar/fproxy/config/auth/client-cert.p12 diff --git a/sidecar/fproxy/config/auth/tomcat_keystore b/sidecar/fproxy/config/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/sidecar/fproxy/config/auth/tomcat_keystore diff --git a/sidecar/fproxy/config/fproxy.properties b/sidecar/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/sidecar/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId
\ No newline at end of file diff --git a/sidecar/fproxy/config/logback-spring.xml b/sidecar/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..75ec26d --- /dev/null +++ b/sidecar/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <property name="LOGS" value="./logs/AAF-FPS" /> + <property name="FILEPREFIX" value="application" /> + + <appender name="Console" + class="ch.qos.logback.core.ConsoleAppender"> + <layout class="ch.qos.logback.classic.PatternLayout"> + <Pattern> + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + </Pattern> + </layout> + </appender> + + <appender name="RollingFile" + class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${LOGS}/${FILEPREFIX}.log</file> + <encoder + class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <Pattern>%d %p %C{1.} [%t] %m%n</Pattern> + </encoder> + + <rollingPolicy + class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <!-- rollover daily and when the file reaches 10 MegaBytes --> + <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + </fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy + class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>10MB</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + </rollingPolicy> + </appender> + + <!-- LOG everything at INFO level --> + <root level="info"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </root> + + <!-- LOG "org.onap.aaf.fproxy" at DEBUG level --> + <logger name="org.onap.aaf.fproxy" level="debug" additivity="false"> + <appender-ref ref="RollingFile" /> + <appender-ref ref="Console" /> + </logger> + +</configuration>
\ No newline at end of file diff --git a/sidecar/fproxy/config/readme.txt b/sidecar/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/sidecar/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml new file mode 100644 index 0000000..8035e84 --- /dev/null +++ b/sidecar/fproxy/pom.xml @@ -0,0 +1,190 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + ============LICENSE_START======================================================= + org.onap.aaf + ================================================================================ + Copyright © 2018 European Software Marketing Ltd. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + + <artifactId>fproxy</artifactId> + <version>1.0.0-SNAPSHOT</version> + <packaging>jar</packaging> + + <parent> + <groupId>org.onap.aaf.cadi</groupId> + <artifactId>sidecar</artifactId> + <version>1.0.0-SNAPSHOT</version> + </parent> + + <name>aaf-fproxy</name> + <description>ONAP AAF Forward Proxy Microservice For Pluggable Security</description> + + <properties> + <!-- Spring boot version --> + <spring.boot.version>2.0.3.RELEASE</spring.boot.version> + <docker.location>${basedir}/target</docker.location> + <skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo> + </properties> + + <dependencyManagement> + <dependencies> + <dependency> + <!-- Import dependency management from Spring Boot --> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-dependencies</artifactId> + <version>${spring.boot.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + </dependencies> + </dependencyManagement> + + <dependencies> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-jetty</artifactId> + </dependency> + + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-web</artifactId> + <exclusions> + <exclusion> + <artifactId>spring-boot-starter-tomcat</artifactId> + <groupId>org.springframework.boot</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-actuator</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + </dependency> + + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + </dependency> + + <!-- Testing --> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-test</artifactId> + <scope>test</scope> + </dependency> + + </dependencies> + + <build> + <finalName>fproxy</finalName> + <plugins> + <plugin> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-maven-plugin</artifactId> + <version>${spring.boot.version}</version> + <executions> + <execution> + <goals> + <goal>repackage</goal> + </goals> + <configuration> + <classifier>exec</classifier> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <groupId>com.mycila</groupId> + <artifactId>license-maven-plugin</artifactId> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <reuseForks>false</reuseForks> + <forkCount>1</forkCount> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-resources-plugin</artifactId> + <version>3.0.2</version> + <executions> + <execution> + <id>copy-docker-file</id> + <phase>package</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <outputDirectory>target</outputDirectory> + <overwrite>true</overwrite> + <resources> + <resource> + <directory>${basedir}/src/main/docker</directory> + <filtering>true</filtering> + </resource> + <resource> + <directory>${basedir}/src/main/bin/</directory> + <filtering>true</filtering> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <groupId>com.spotify</groupId> + <artifactId>docker-maven-plugin</artifactId> + <version>0.4.11</version> + <dependencies> + <dependency> + <groupId>com.github.jnr</groupId> + <artifactId>jnr-unixsocket</artifactId> + <version>0.13</version> + </dependency> + </dependencies> + <configuration> + <verbose>true</verbose> + <serverId>docker-hub</serverId> + <imageName>${docker.push.registry}/onap/${project.artifactId}</imageName> + <dockerDirectory>${docker.location}</dockerDirectory> + <imageTags> + <imageTag>latest</imageTag> + </imageTags> + <forceTags>true</forceTags> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-deploy-plugin</artifactId> + <configuration> + <skip>true</skip> + </configuration> + </plugin> + </plugins> + </build> +</project> diff --git a/sidecar/fproxy/src/main/bin/start.sh b/sidecar/fproxy/src/main/bin/start.sh new file mode 100644 index 0000000..53662b6 --- /dev/null +++ b/sidecar/fproxy/src/main/bin/start.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# ============LICENSE_START======================================================= +# org.onap.aaf +# ================================================================================ +# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2017-2018 European Software Marketing Ltd. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +BASEDIR="/opt/app/fproxy" + +if [ -z "${KEY_STORE_PASSWORD}" ]; then + echo "KEY_STORE_PASSWORD must be set in order to start up process" + exit 1 +fi + +PROPS="-DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}" +JVM_MAX_HEAP=${MAX_HEAP:-1024} + +exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${BASEDIR}/fproxy-exec.jar diff --git a/sidecar/fproxy/src/main/docker/Dockerfile b/sidecar/fproxy/src/main/docker/Dockerfile new file mode 100644 index 0000000..d91f0e3 --- /dev/null +++ b/sidecar/fproxy/src/main/docker/Dockerfile @@ -0,0 +1,35 @@ +FROM ubuntu:14.04 + +ARG MICRO_HOME=/opt/app/fproxy +ARG BIN_HOME=$MICRO_HOME/bin +ARG JAR_FILE=fproxy-exec.jar + +RUN apt-get update + +# Install and setup java8 +RUN apt-get update && apt-get install -y software-properties-common +## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step +RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk + +RUN sudo dpkg --purge --force-depends ca-certificates-java +RUN sudo apt-get install ca-certificates-java + +## Setup JAVA_HOME, this is useful for docker commandline +ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture) +RUN export JAVA_HOME + +# Build up the deployment folder structure +RUN mkdir -p $MICRO_HOME +COPY ${JAR_FILE} $MICRO_HOME +RUN mkdir -p $BIN_HOME +COPY *.sh $BIN_HOME +RUN chmod 755 $BIN_HOME/* +RUN ln -s /logs $MICRO_HOME/logs +RUN mkdir /logs +# Create the appuser +RUN groupadd -r appgroup && \ + useradd -r -u 1001 -g appgroup appuser && \ + chown -R appuser:appgroup $MICRO_HOME && \ + chmod 777 /logs +USER appuser +CMD ["/opt/app/fproxy/bin/start.sh"] diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java new file mode 100644 index 0000000..f433c65 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java @@ -0,0 +1,37 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import org.onap.aaf.fproxy.cache.CredentialCache; +import org.onap.aaf.fproxy.cache.InMemoryCredentialCache; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Scope; + +@Configuration +public class CredentialCacheConfig { + + @Bean + @Scope("singleton") + public CredentialCache inMemoryCredentialCacheSingleton() { + return new InMemoryCredentialCache(); + } + +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java new file mode 100644 index 0000000..d226dc8 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java @@ -0,0 +1,74 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import java.util.HashMap; +import javax.annotation.PostConstruct; +import org.eclipse.jetty.util.security.Password; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.context.annotation.PropertySource; +import org.springframework.core.env.Environment; + +@SpringBootApplication +@PropertySource("file:${CONFIG_HOME}/fproxy.properties") +public class FProxyApplication extends SpringBootServletInitializer { + + @Autowired + private Environment env; + + /** + * Spring Boot Initialization. + * + * @param args main args + */ + public static void main(String[] args) { + String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD"); + if (keyStorePassword == null || keyStorePassword.isEmpty()) { + throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set"); + } + HashMap<String, Object> props = new HashMap<>(); + props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword)); + new FProxyApplication().configure(new SpringApplicationBuilder(FProxyApplication.class).properties(props)) + .run(args); + } + + /** + * Set required trust store system properties using values from application.properties + */ + @PostConstruct + public void setSystemProperties() { + String keyStorePath = env.getProperty("server.ssl.key-store"); + if (keyStorePath != null) { + String keyStorePassword = env.getProperty("server.ssl.key-store-password"); + + if (keyStorePassword != null) { + System.setProperty("javax.net.ssl.keyStore", keyStorePath); + System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); + System.setProperty("javax.net.ssl.trustStore", keyStorePath); + System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword); + } else { + throw new IllegalArgumentException("Env property server.ssl.key-store-password not set"); + } + } + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java new file mode 100644 index 0000000..a1aef28 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java @@ -0,0 +1,70 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.client.RestTemplateBuilder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.util.ResourceUtils; +import org.springframework.web.client.RestTemplate; + +@Configuration +public class RestTemplateConfig { + + @Value("${server.ssl.client-cert}") + private String clientCertPath; + + @Value("${server.ssl.key-store-password}") + private String clientCertPassword; + + @Profile("secure") + @Bean + public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException { + return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build())); + } + + @Profile("noHostVerification") + @Bean + public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder) + throws GeneralSecurityException, IOException { + return new RestTemplate(new HttpComponentsClientHttpRequestFactory( + getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build())); + } + + private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException { + + SSLContext sslContext = SSLContextBuilder.create() + .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(), + clientCertPassword.toCharArray()) + .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build(); + + return HttpClients.custom().setSSLContext(sslContext); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java new file mode 100644 index 0000000..00fe9d4 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java @@ -0,0 +1,37 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache; + +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.springframework.lang.Nullable; + +public interface CredentialCache { + + void add(String key, CredentialCacheData value, long periodInMillis); + + void remove(String key); + + @Nullable + CredentialCacheData get(String key); + + void clear(); + + long size(); +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java new file mode 100644 index 0000000..44ce0cd --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java @@ -0,0 +1,116 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache; + +import java.lang.ref.SoftReference; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.DelayQueue; +import java.util.concurrent.Delayed; +import java.util.concurrent.TimeUnit; +import org.onap.aaf.fproxy.data.CredentialCacheData; + +public class InMemoryCredentialCache implements CredentialCache { + + private final ConcurrentHashMap<String, SoftReference<CredentialCacheData>> cache = new ConcurrentHashMap<>(); + private final DelayQueue<DelayedCacheObject> cleaningUpQueue = new DelayQueue<>(); + + public InMemoryCredentialCache() { + Thread cleanerThread = new Thread(() -> { + while (!Thread.currentThread().isInterrupted()) { + try { + DelayedCacheObject delayedCacheObject = cleaningUpQueue.take(); + cache.remove(delayedCacheObject.getKey(), delayedCacheObject.getReference()); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + } + } + }); + cleanerThread.setDaemon(true); + cleanerThread.start(); + } + + @Override + public void add(String key, CredentialCacheData value, long periodInMillis) { + if (key == null) { + return; + } + if (value == null) { + cache.remove(key); + } else { + long expiryTime = System.currentTimeMillis() + periodInMillis; + SoftReference<CredentialCacheData> reference = new SoftReference<>(value); + cache.put(key, reference); + cleaningUpQueue.put(new DelayedCacheObject(key, reference, expiryTime)); + } + } + + @Override + public void remove(String key) { + cache.remove(key); + } + + @Override + public CredentialCacheData get(String key) { + return Optional.ofNullable(cache.get(key)).map(SoftReference::get).orElse(null); + } + + @Override + public void clear() { + cache.clear(); + } + + @Override + public long size() { + return cache.size(); + } + + private static class DelayedCacheObject implements Delayed { + + private final String key; + private final SoftReference<CredentialCacheData> reference; + private final long expiryTime; + + public DelayedCacheObject(String key, SoftReference<CredentialCacheData> reference, long expiryTime) { + super(); + this.key = key; + this.reference = reference; + this.expiryTime = expiryTime; + } + + @Override + public long getDelay(TimeUnit unit) { + return unit.convert(expiryTime - System.currentTimeMillis(), TimeUnit.MILLISECONDS); + } + + @Override + public int compareTo(Delayed o) { + return Long.compare(expiryTime, ((DelayedCacheObject) o).expiryTime); + } + + public String getKey() { + return key; + } + + public SoftReference<CredentialCacheData> getReference() { + return reference; + } + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java new file mode 100644 index 0000000..b80fc32 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java @@ -0,0 +1,89 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache.utils; + +import javax.servlet.http.HttpServletRequest; +import org.onap.aaf.fproxy.cache.CredentialCache; +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpHeaders; +import org.springframework.stereotype.Component; +import org.springframework.web.util.WebUtils; + +@Component +public class CacheUtils { + + Logger logger = LoggerFactory.getLogger(CacheUtils.class); + + @Autowired + private CredentialCache credentialCache; + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + public void populateCredentialsFromCache(HttpHeaders headers, HttpServletRequest request) { + String transactionId = headers.getFirst(transactionIdHeaderName); + if (transactionId != null) { + CredentialCacheData cacheData = credentialCache.get(transactionId); + if (cacheData == null) { + logger.info("Transaction ID {} not found in cache, skipping credential population...", transactionId); + } else if (cacheData.getCredentialType().equals(CredentialType.HEADER)) { + logger.info("Populating header credentials from cache for transaction ID: {}", transactionId); + applyHeaderCacheData(cacheData, headers); + } else if (cacheData.getCredentialType().equals(CredentialType.COOKIE)) { + logger.info("Populating cookie credentials from cache for transaction ID: {}", transactionId); + applyCookieCacheData(cacheData, headers, request); + } + } else { + logger.info("No transaction ID found in request, skipping credential population..."); + } + } + + private void applyHeaderCacheData(CredentialCacheData cacheData, HttpHeaders headers) { + String credentialName = cacheData.getCredentialName(); + if (!headers.containsKey(credentialName)) { + headers.add(credentialName, cacheData.getCredentialValue()); + logger.info("Header credentials successfully populated."); + } else { + logger.info("Request already contains header with name: {}, skipping credential population...", + credentialName); + } + } + + private void applyCookieCacheData(CredentialCacheData cacheData, HttpHeaders headers, HttpServletRequest request) { + String credentialName = cacheData.getCredentialName(); + // Check if Cookie with same name is already set then skip + if (WebUtils.getCookie(request, credentialName) == null) { + headers.add(HttpHeaders.COOKIE, cacheData.getCredentialValue()); + logger.info("Cookie credentials successfully populated."); + } else { + logger.info("Request already contains cookie with name: {}, skipping credential population...", + credentialName); + } + } + + public void addCredentialsToCache(String transactionId, CredentialCacheData credentialdata, long cacheExpiryMs) { + credentialCache.add(transactionId, credentialdata, cacheExpiryMs); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java new file mode 100644 index 0000000..b72ea08 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java @@ -0,0 +1,72 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.data; + +public class CredentialCacheData { + + public enum CredentialType { + HEADER, COOKIE; + } + + private String credentialName; + private String credentialValue; + private CredentialType credentialType; + + public CredentialCacheData() { + super(); + } + + public CredentialCacheData(String credentialName, String credentialValue, CredentialType credentialType) { + super(); + this.credentialName = credentialName; + this.credentialValue = credentialValue; + this.credentialType = credentialType; + } + + public String getCredentialName() { + return credentialName; + } + + public void setCredentialName(String credentialName) { + this.credentialName = credentialName; + } + + public String getCredentialValue() { + return credentialValue; + } + + public void setCredentialValue(String credentialValue) { + this.credentialValue = credentialValue; + } + + public Enum<CredentialType> getCredentialType() { + return credentialType; + } + + public void setCredentialType(CredentialType credentialType) { + this.credentialType = credentialType; + } + + @Override + public String toString() { + return "CredentialCacheData [credentialName=" + credentialName + ", credentialType=" + credentialType + "]"; + } + +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java new file mode 100644 index 0000000..0d150ba --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java @@ -0,0 +1,100 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.service; + +import java.net.URI; +import java.util.Enumeration; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.fproxy.cache.utils.CacheUtils; +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.UriComponentsBuilder; + +@RestController +public class ForwardingProxyService { + + Logger logger = LoggerFactory.getLogger(ForwardingProxyService.class); + + private static final long DEFAULT_CACHE_EXPIRY_MS = 180000; // 3 mins + + @Autowired + RestTemplate restTemplate; + + @Autowired + CacheUtils cacheUtils; + + @Value("${credential.cache.timeout.ms:" + DEFAULT_CACHE_EXPIRY_MS + "}") + long cacheExpiryMs; + + @RequestMapping(value = "/credential-cache/{transactionId}", method = RequestMethod.POST) + public ResponseEntity<String> addCredentialToCache(@PathVariable("transactionId") String transactionId, + @RequestBody CredentialCacheData credentialdata) { + logger.info("Updating credential cache with transaction ID: {}", transactionId); + + // Update credential cache + logger.debug("Credential data: {}", credentialdata); + cacheUtils.addCredentialsToCache(transactionId, credentialdata, cacheExpiryMs); + + logger.info("Credential cache successfully updated with transaction ID: {}", transactionId); + return new ResponseEntity<>(transactionId, HttpStatus.OK); + } + + @RequestMapping("/**") + public ResponseEntity<String> forwardRest(@RequestBody(required = false) String body, HttpMethod method, + HttpServletRequest request, HttpServletResponse response) { + + String requestUrl = request.getRequestURI(); + + logger.info("Request received: {}", requestUrl); + + URI uri = UriComponentsBuilder.fromHttpUrl(request.getRequestURL().toString()).query(request.getQueryString()) + .build(true).toUri(); + + HttpHeaders headers = new HttpHeaders(); + Enumeration<String> headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String headerName = headerNames.nextElement(); + headers.set(headerName, request.getHeader(headerName)); + } + + cacheUtils.populateCredentialsFromCache(headers, request); + + HttpEntity<String> httpEntity = new HttpEntity<>(body, headers); + + logger.info("Forwarding request..."); + + return restTemplate.exchange(uri, method, httpEntity, String.class); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java new file mode 100644 index 0000000..ce6e162 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java @@ -0,0 +1,35 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.util; + +/** This exception is thrown when the request fails validation. */ +public class RequestValidationException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Constructor for an instance of this exception with just a message. + * + * @param message information about the exception + */ + public RequestValidationException(String message) { + super(message); + } +} diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties new file mode 100644 index 0000000..d269c54 --- /dev/null +++ b/sidecar/fproxy/src/main/resources/application.properties @@ -0,0 +1,14 @@ +CONFIG_HOME=config + +server.port=10680 +server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12 +server.ssl.client-auth=need + +server.contextPath=/ + +logging.config=${CONFIG_HOME}/logback-spring.xml + +spring.profiles.active=secure + +management.endpoints.web.base-path=/fproxy
\ No newline at end of file diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java new file mode 100644 index 0000000..ba876e0 --- /dev/null +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java @@ -0,0 +1,49 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.eclipse.jetty.util.security.Password; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.fproxy.service.ForwardingProxyService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class FProxyIT { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Autowired + private ForwardingProxyService fProxyService; + + @Test + public void contexLoads() throws Exception { + assertThat(fProxyService).isNotNull(); + } +} diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java new file mode 100644 index 0000000..ccf13e9 --- /dev/null +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java @@ -0,0 +1,208 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import static org.hamcrest.Matchers.equalTo; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.header; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.method; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; +import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import javax.servlet.http.Cookie; +import org.eclipse.jetty.util.security.Password; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.client.MockRestServiceServer; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.web.client.RestTemplate; + +@RunWith(SpringRunner.class) +@SpringBootTest +@AutoConfigureMockMvc +public class FProxyServiceTest { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + @Autowired + private MockMvc mvc; + + @Autowired + private RestTemplate restTemplate; + + private MockRestServiceServer mockServer; + + @Before + public void setUp() { + mockServer = MockRestServiceServer.createServer(restTemplate); + } + + @Test + public void testRequestFrowarding() throws Exception { + String testUrl = "https://localhost:80/testurl"; + String testResponse = "Response from MockRestService"; + + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testCredentialCacheEndpoint() throws Exception { + populateCredentialCache("tx1", "headername", "headervalue", CredentialType.HEADER.toString()); + } + + @Test + public void testPopulateHeaderFromCache() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String headerName = "headername"; + String headerValue = "headervalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with header credentials + populateCredentialCache(testTransactionId, headerName, headerValue, CredentialType.HEADER.toString()); + + // Expect mock server to be called with request containing cached header + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(headerName, headerValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testHeaderAlreadyExists() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String headerName = "headername"; + String headerValue = "headervalue"; + String newHeaderValue = "newheadervalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with header credentials using a new value + populateCredentialCache(testTransactionId, headerName, newHeaderValue, CredentialType.HEADER.toString()); + + // Expect mock server to be called with request containing the original header credential value, not the cached + // new header value + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(headerName, headerValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server that already contains a header with same name as the one that has been cached + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId).header(headerName, headerValue)) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testPopulateCookieFromCache() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String cookieName = "testcookie"; + String cookieValue = "testcookie=testvalue"; + String testResponse = "Response from MockRestService"; + + // Populate the cache with cookie credentials + populateCredentialCache(testTransactionId, cookieName, cookieValue, CredentialType.COOKIE.toString()); + + // Expect mock server to be called with request containing cached header + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(HttpHeaders.COOKIE, cookieValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testCookieAlreadyExists() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String cookieName = "testcookie"; + String cookieValue = "testvalue"; + String newCookieValue = "newtestvalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with cookie credentials using a new value + populateCredentialCache(testTransactionId, cookieName, newCookieValue, CredentialType.COOKIE.toString()); + + // Expect mock server to be called with request containing the original cookie credential value, not the cached + // new cookie value + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(HttpHeaders.COOKIE, cookieName + "=" + cookieValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server that already contains a cookie with same name as the one that has been cached + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId).cookie(new Cookie(cookieName, cookieValue))) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + private void populateCredentialCache(String transactionId, String credentialName, String credentialValue, + String credentialType) throws Exception { + String cacheUrl = "https://localhost:80/credential-cache/" + transactionId; + String requestBody = "{ \"credentialName\":\"" + credentialName + "\", \"credentialValue\":\"" + credentialValue + + "\", \"credentialType\":\"" + credentialType + "\" }"; + + // Populate the cache with credentials + mvc.perform(MockMvcRequestBuilders.post(cacheUrl).content(requestBody).contentType(MediaType.APPLICATION_JSON) + .accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(transactionId))); + } +} diff --git a/sidecar/fproxy/version.properties b/sidecar/fproxy/version.properties new file mode 100644 index 0000000..5128787 --- /dev/null +++ b/sidecar/fproxy/version.properties @@ -0,0 +1,13 @@ +# Versioning variables +# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) +# because they are used in Jenkins, whose plug-in doesn't support + +major=1 +minor=0 +patch=0 + +base_version=${major}.${minor}.${patch} + +# Release must be completed with git revision # in Jenkins +release_version=${base_version} +snapshot_version=${base_version}-SNAPSHOT |