diff options
Diffstat (limited to 'sidecar/fproxy')
8 files changed, 81 insertions, 63 deletions
diff --git a/sidecar/fproxy/config/auth/fproxy_truststore b/sidecar/fproxy/config/auth/fproxy_truststore Binary files differnew file mode 100644 index 0000000..9eec841 --- /dev/null +++ b/sidecar/fproxy/config/auth/fproxy_truststore diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index e79bd3e..68e6a86 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -1,21 +1,21 @@ <?xml version="1.0" encoding="UTF-8"?> -<!--* ============LICENSE_START==================================================== - * =========================================================================== - * org.onap.aaf - * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== +<!--* ============LICENSE_START==================================================== + * =========================================================================== + * org.onap.aaf + * Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== * --> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> @@ -33,21 +33,25 @@ <name>Sidecar fproxy</name> <description>ONAP AAF Forward Proxy Microservice For Pluggable Security</description> + <dependencyManagement> + <dependencies> + <dependency> + <!-- Import dependency management from Spring Boot --> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-dependencies</artifactId> + <version>${spring.boot.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> + </dependencies> + </dependencyManagement> + <dependencies> <dependency> - <!-- Import dependency management from Spring Boot --> - <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-dependencies</artifactId> - <version>${spring.boot.version}</version> - <type>pom</type> - <scope>import</scope> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> </dependency> - - <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient</artifactId> - </dependency> - + <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-jetty</artifactId> diff --git a/sidecar/fproxy/src/main/bin/start.sh b/sidecar/fproxy/src/main/bin/start.sh index 53662b6..624f784 100644 --- a/sidecar/fproxy/src/main/bin/start.sh +++ b/sidecar/fproxy/src/main/bin/start.sh @@ -26,7 +26,14 @@ if [ -z "${KEY_STORE_PASSWORD}" ]; then exit 1 fi +if [ -z "${TRUST_STORE_PASSWORD}" ]; then + echo "TRUST_STORE_PASSWORD must be set in order to start up process" + exit 1 +fi + PROPS="-DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}" +PROPS="$PROPS -DTRUST_STORE_PASSWORD=${TRUST_STORE_PASSWORD}" + JVM_MAX_HEAP=${MAX_HEAP:-1024} exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${BASEDIR}/fproxy-exec.jar diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/FProxyApplication.java b/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/FProxyApplication.java index 7e3ffe4..9ca301a 100644 --- a/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/FProxyApplication.java +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/FProxyApplication.java @@ -20,6 +20,7 @@ package org.onap.aaf.cadi.sidecar.fproxy; import java.util.HashMap; +import java.util.Optional; import javax.annotation.PostConstruct; import org.eclipse.jetty.util.security.Password; import org.springframework.beans.factory.annotation.Autowired; @@ -35,40 +36,40 @@ public class FProxyApplication extends SpringBootServletInitializer { @Autowired private Environment env; - + + @FunctionalInterface + public interface AppProperty { + String getProperty(String p); + } + /** - * Spring Boot Initialization. - * + * Spring Boot initialization. + * * @param args main args */ public static void main(String[] args) { - String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD"); - if (keyStorePassword == null || keyStorePassword.isEmpty()) { - throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set"); - } + AppProperty appProp = (String propertyName) -> Optional.ofNullable(System.getProperty(propertyName)) + .orElseThrow(() -> new IllegalArgumentException("Env property " + propertyName + " not set")); + HashMap<String, Object> props = new HashMap<>(); - props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword)); + props.put("server.ssl.key-store-password", Password.deobfuscate(appProp.getProperty("KEY_STORE_PASSWORD"))); + props.put("server.ssl.trust-store-password", Password.deobfuscate(appProp.getProperty("TRUST_STORE_PASSWORD"))); new FProxyApplication().configure(new SpringApplicationBuilder(FProxyApplication.class).properties(props)) .run(args); } - + /** - * Set required trust store system properties using values from application.properties + * Set required trust and key store system properties using values from application.properties */ @PostConstruct public void setSystemProperties() { - String keyStorePath = env.getProperty("server.ssl.key-store"); - if (keyStorePath != null) { - String keyStorePassword = env.getProperty("server.ssl.key-store-password"); + AppProperty appProp = (String propertyName) -> Optional.ofNullable(env.getProperty(propertyName)) + .orElseThrow(() -> new IllegalArgumentException("Env property " + propertyName + " not set")); - if (keyStorePassword != null) { - System.setProperty("javax.net.ssl.keyStore", keyStorePath); - System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); - System.setProperty("javax.net.ssl.trustStore", keyStorePath); - System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword); - } else { - throw new IllegalArgumentException("Env property server.ssl.key-store-password not set"); - } - } + System.setProperty("javax.net.ssl.keyStore", appProp.getProperty("server.ssl.key-store")); + System.setProperty("javax.net.ssl.keyStorePassword", appProp.getProperty("server.ssl.key-store-password")); + System.setProperty("javax.net.ssl.trustStore", appProp.getProperty("server.ssl.trust-store")); + System.setProperty("javax.net.ssl.trustStorePassword", appProp.getProperty("server.ssl.trust-store-password")); } + } diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java index 23f3471..33ecb7e 100644 --- a/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/cadi/sidecar/fproxy/RestTemplateConfig.java @@ -45,11 +45,11 @@ public class RestTemplateConfig { @Value("${server.ssl.client-cert-password}") private String clientCertPassword; - @Value("${server.ssl.key-store}") - private String keystorePath; + @Value("${server.ssl.trust-store}") + private String trustStorePath; - @Value("${server.ssl.key-store-password}") - private String keystorePassword; + @Value("${server.ssl.trust-store-password}") + private String trustStorePassword; @Profile("secure") @Bean @@ -66,11 +66,11 @@ public class RestTemplateConfig { } private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException { + char[] clientPassword = Password.deobfuscate(clientCertPassword).toCharArray(); SSLContext sslContext = SSLContextBuilder.create() - .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), Password.deobfuscate(clientCertPassword).toCharArray(), - keystorePassword.toCharArray()) - .loadTrustMaterial(ResourceUtils.getFile(keystorePath), keystorePassword.toCharArray()).build(); + .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientPassword, clientPassword) + .loadTrustMaterial(ResourceUtils.getFile(trustStorePath), trustStorePassword.toCharArray()).build(); return HttpClients.custom().setSSLContext(sslContext); } diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties index 2fb9396..47717b7 100644 --- a/sidecar/fproxy/src/main/resources/application.properties +++ b/sidecar/fproxy/src/main/resources/application.properties @@ -2,6 +2,8 @@ CONFIG_HOME=config server.port=10680 server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.trust-store=${CONFIG_HOME}/auth/fproxy_truststore + server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12 server.ssl.client-cert-password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 server.ssl.client-auth=want @@ -10,4 +12,4 @@ server.servlet.context-path=/ logging.config=${CONFIG_HOME}/logback-spring.xml -spring.profiles.active=secure
\ No newline at end of file +spring.profiles.active=secure diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyIT.java b/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyIT.java index 308eb26..dae0e55 100644 --- a/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyIT.java +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyIT.java @@ -20,23 +20,26 @@ package org.onap.aaf.cadi.sidecar.fproxy.test; import static org.assertj.core.api.Assertions.assertThat; - import org.eclipse.jetty.util.security.Password; import org.junit.Test; import org.junit.runner.RunWith; import org.onap.aaf.cadi.sidecar.fproxy.service.ForwardingProxyService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; @RunWith(SpringRunner.class) -@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +@SpringBootTest +@TestPropertySource(properties = {"TRUST_STORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10", + "KEY_STORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"}) public class FProxyIT { static { System.setProperty("server.ssl.key-store-password", Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + System.setProperty("server.ssl.trust-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); } @Autowired diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyServiceTest.java b/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyServiceTest.java index 8943a09..651fa06 100644 --- a/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyServiceTest.java +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/cadi/sidecar/fproxy/test/FProxyServiceTest.java @@ -26,7 +26,6 @@ import static org.springframework.test.web.client.match.MockRestRequestMatchers. import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; - import javax.servlet.http.Cookie; import org.eclipse.jetty.util.security.Password; import org.junit.Before; @@ -54,6 +53,8 @@ public class FProxyServiceTest { static { System.setProperty("server.ssl.key-store-password", Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + System.setProperty("server.ssl.trust-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); } @Value("${transactionid.header.name}") |