From 6c3031ea90d5b51ae44a599c0cd0d95c057cf633 Mon Sep 17 00:00:00 2001 From: Ravi Geda Date: Mon, 17 Sep 2018 12:57:44 +0100 Subject: Add forward proxy code Add a maven module called sidecar to cadi. Add forward proxy as a maven module to sidecar. Note that though sidecar is a module of cadi it does not inherit from cadi's pom. Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6 Issue-ID: AAI-1603 Signed-off-by: Ravi Geda --- sidecar/fproxy/License.txt | 17 ++ sidecar/fproxy/README.md | 41 ++++ sidecar/fproxy/config/auth/client-cert.p12 | Bin 0 -> 2556 bytes sidecar/fproxy/config/auth/tomcat_keystore | Bin 0 -> 2214 bytes sidecar/fproxy/config/fproxy.properties | 2 + sidecar/fproxy/config/logback-spring.xml | 48 +++++ sidecar/fproxy/config/readme.txt | 1 + sidecar/fproxy/pom.xml | 190 +++++++++++++++++++ sidecar/fproxy/src/main/bin/start.sh | 32 ++++ sidecar/fproxy/src/main/docker/Dockerfile | 35 ++++ .../org/onap/aaf/fproxy/CredentialCacheConfig.java | 37 ++++ .../org/onap/aaf/fproxy/FProxyApplication.java | 74 ++++++++ .../org/onap/aaf/fproxy/RestTemplateConfig.java | 70 +++++++ .../org/onap/aaf/fproxy/cache/CredentialCache.java | 37 ++++ .../aaf/fproxy/cache/InMemoryCredentialCache.java | 116 ++++++++++++ .../onap/aaf/fproxy/cache/utils/CacheUtils.java | 89 +++++++++ .../onap/aaf/fproxy/data/CredentialCacheData.java | 72 +++++++ .../aaf/fproxy/service/ForwardingProxyService.java | 100 ++++++++++ .../fproxy/util/RequestValidationException.java | 35 ++++ .../src/main/resources/application.properties | 14 ++ .../test/java/org/onap/aaf/fproxy/FProxyIT.java | 49 +++++ .../org/onap/aaf/fproxy/FProxyServiceTest.java | 208 +++++++++++++++++++++ sidecar/fproxy/version.properties | 13 ++ 23 files changed, 1280 insertions(+) create mode 100644 sidecar/fproxy/License.txt create mode 100644 sidecar/fproxy/README.md create mode 100644 sidecar/fproxy/config/auth/client-cert.p12 create mode 100644 sidecar/fproxy/config/auth/tomcat_keystore create mode 100644 sidecar/fproxy/config/fproxy.properties create mode 100644 sidecar/fproxy/config/logback-spring.xml create mode 100644 sidecar/fproxy/config/readme.txt create mode 100644 sidecar/fproxy/pom.xml create mode 100644 sidecar/fproxy/src/main/bin/start.sh create mode 100644 sidecar/fproxy/src/main/docker/Dockerfile create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java create mode 100644 sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java create mode 100644 sidecar/fproxy/src/main/resources/application.properties create mode 100644 sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java create mode 100644 sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java create mode 100644 sidecar/fproxy/version.properties (limited to 'sidecar/fproxy') diff --git a/sidecar/fproxy/License.txt b/sidecar/fproxy/License.txt new file mode 100644 index 0000000..05117f8 --- /dev/null +++ b/sidecar/fproxy/License.txt @@ -0,0 +1,17 @@ +============LICENSE_START======================================================= +org.onap.aaf +================================================================================ +Copyright © 2018 European Software Marketing Ltd. +================================================================================ +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +============LICENSE_END========================================================= \ No newline at end of file diff --git a/sidecar/fproxy/README.md b/sidecar/fproxy/README.md new file mode 100644 index 0000000..e1d3667 --- /dev/null +++ b/sidecar/fproxy/README.md @@ -0,0 +1,41 @@ +# Introduction + +The AAF Forward Proxy is a forward proxy service with credential caching capabilities for incoming REST requests. It is one of two applications (along with Reverse proxy) deployed as a +Kubernetes sidecar to the main Primary service + +## Features + +Forward Proxy: + +* The service will forward all incoming REST requests on to their original endpoints. +* Add any cached security credentials to the forwarding request + +### Credential Cache: +The credential cache is a short-lived in-memory cache, keyed on a transaction ID. The following data is cached: + +* Transaction ID - this is the key for retrieving cached values +* CredentialName - this is the name of the credential to be cached. + This should correspond to the header name for a header credential, or the cookie name for a cookie credential. +* CredentialValue - this is the value associated with the credential. + This should correspond to the header value of a header credential, or the cookie contents for a cookie credential. +* CredentialType - this is the type of the credential to be cached. Currently supported values are: HEADER, COOKIE. + The cache has a configurable cache expiry period, so that any cache entries older than the expiry period will be automatically removed from the cache. + +### Credential Cache REST API: +Credentials can be added to the credential cache by performing a REST POST using the following URL: + +(Note that the transaction ID is provided as a URL parameter) + +https://:/credential-cache/ +The body of the request should contain the cached data (described above) in JSON format as follows: + +{ "credentialName":"foo", "credentialValue":"bar", "credentialType":"
" } + + +## Configuring the fProxy service +The fProxy service is configured through the fproxy.properties file that resides under the ${CONFIG_HOME} environment variable. + +The file has the following configurable properties: + +credential.cache.timeout.ms This is the time in milliseconds that a cache entry will expire after it is added. 180000 +transactionid.header.name This is the name of the header in incoming requests that will contain the transaction ID. X-TransactionId \ No newline at end of file diff --git a/sidecar/fproxy/config/auth/client-cert.p12 b/sidecar/fproxy/config/auth/client-cert.p12 new file mode 100644 index 0000000..dbf4fca Binary files /dev/null and b/sidecar/fproxy/config/auth/client-cert.p12 differ diff --git a/sidecar/fproxy/config/auth/tomcat_keystore b/sidecar/fproxy/config/auth/tomcat_keystore new file mode 100644 index 0000000..9eec841 Binary files /dev/null and b/sidecar/fproxy/config/auth/tomcat_keystore differ diff --git a/sidecar/fproxy/config/fproxy.properties b/sidecar/fproxy/config/fproxy.properties new file mode 100644 index 0000000..f512fb7 --- /dev/null +++ b/sidecar/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/sidecar/fproxy/config/logback-spring.xml b/sidecar/fproxy/config/logback-spring.xml new file mode 100644 index 0000000..75ec26d --- /dev/null +++ b/sidecar/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/sidecar/fproxy/config/readme.txt b/sidecar/fproxy/config/readme.txt new file mode 100644 index 0000000..79cf29e --- /dev/null +++ b/sidecar/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml new file mode 100644 index 0000000..8035e84 --- /dev/null +++ b/sidecar/fproxy/pom.xml @@ -0,0 +1,190 @@ + + + + 4.0.0 + + fproxy + 1.0.0-SNAPSHOT + jar + + + org.onap.aaf.cadi + sidecar + 1.0.0-SNAPSHOT + + + aaf-fproxy + ONAP AAF Forward Proxy Microservice For Pluggable Security + + + + 2.0.3.RELEASE + ${basedir}/target + true + + + + + + + org.springframework.boot + spring-boot-dependencies + ${spring.boot.version} + pom + import + + + + + + + org.springframework.boot + spring-boot-starter-jetty + + + + org.springframework.boot + spring-boot-starter-web + + + spring-boot-starter-tomcat + org.springframework.boot + + + + + + org.springframework.boot + spring-boot-starter-actuator + + + + org.apache.commons + commons-lang3 + + + + org.apache.httpcomponents + httpclient + + + + + org.springframework.boot + spring-boot-starter-test + test + + + + + + fproxy + + + org.springframework.boot + spring-boot-maven-plugin + ${spring.boot.version} + + + + repackage + + + exec + + + + + + com.mycila + license-maven-plugin + + + org.apache.maven.plugins + maven-surefire-plugin + + false + 1 + + + + org.apache.maven.plugins + maven-resources-plugin + 3.0.2 + + + copy-docker-file + package + + copy-resources + + + target + true + + + ${basedir}/src/main/docker + true + + + ${basedir}/src/main/bin/ + true + + + + + + + + com.spotify + docker-maven-plugin + 0.4.11 + + + com.github.jnr + jnr-unixsocket + 0.13 + + + + true + docker-hub + ${docker.push.registry}/onap/${project.artifactId} + ${docker.location} + + latest + + true + + + + org.apache.maven.plugins + maven-deploy-plugin + + true + + + + + diff --git a/sidecar/fproxy/src/main/bin/start.sh b/sidecar/fproxy/src/main/bin/start.sh new file mode 100644 index 0000000..53662b6 --- /dev/null +++ b/sidecar/fproxy/src/main/bin/start.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# ============LICENSE_START======================================================= +# org.onap.aaf +# ================================================================================ +# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2017-2018 European Software Marketing Ltd. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +BASEDIR="/opt/app/fproxy" + +if [ -z "${KEY_STORE_PASSWORD}" ]; then + echo "KEY_STORE_PASSWORD must be set in order to start up process" + exit 1 +fi + +PROPS="-DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}" +JVM_MAX_HEAP=${MAX_HEAP:-1024} + +exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${BASEDIR}/fproxy-exec.jar diff --git a/sidecar/fproxy/src/main/docker/Dockerfile b/sidecar/fproxy/src/main/docker/Dockerfile new file mode 100644 index 0000000..d91f0e3 --- /dev/null +++ b/sidecar/fproxy/src/main/docker/Dockerfile @@ -0,0 +1,35 @@ +FROM ubuntu:14.04 + +ARG MICRO_HOME=/opt/app/fproxy +ARG BIN_HOME=$MICRO_HOME/bin +ARG JAR_FILE=fproxy-exec.jar + +RUN apt-get update + +# Install and setup java8 +RUN apt-get update && apt-get install -y software-properties-common +## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step +RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk + +RUN sudo dpkg --purge --force-depends ca-certificates-java +RUN sudo apt-get install ca-certificates-java + +## Setup JAVA_HOME, this is useful for docker commandline +ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture) +RUN export JAVA_HOME + +# Build up the deployment folder structure +RUN mkdir -p $MICRO_HOME +COPY ${JAR_FILE} $MICRO_HOME +RUN mkdir -p $BIN_HOME +COPY *.sh $BIN_HOME +RUN chmod 755 $BIN_HOME/* +RUN ln -s /logs $MICRO_HOME/logs +RUN mkdir /logs +# Create the appuser +RUN groupadd -r appgroup && \ + useradd -r -u 1001 -g appgroup appuser && \ + chown -R appuser:appgroup $MICRO_HOME && \ + chmod 777 /logs +USER appuser +CMD ["/opt/app/fproxy/bin/start.sh"] diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java new file mode 100644 index 0000000..f433c65 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java @@ -0,0 +1,37 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import org.onap.aaf.fproxy.cache.CredentialCache; +import org.onap.aaf.fproxy.cache.InMemoryCredentialCache; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Scope; + +@Configuration +public class CredentialCacheConfig { + + @Bean + @Scope("singleton") + public CredentialCache inMemoryCredentialCacheSingleton() { + return new InMemoryCredentialCache(); + } + +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java new file mode 100644 index 0000000..d226dc8 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java @@ -0,0 +1,74 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import java.util.HashMap; +import javax.annotation.PostConstruct; +import org.eclipse.jetty.util.security.Password; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.builder.SpringApplicationBuilder; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.context.annotation.PropertySource; +import org.springframework.core.env.Environment; + +@SpringBootApplication +@PropertySource("file:${CONFIG_HOME}/fproxy.properties") +public class FProxyApplication extends SpringBootServletInitializer { + + @Autowired + private Environment env; + + /** + * Spring Boot Initialization. + * + * @param args main args + */ + public static void main(String[] args) { + String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD"); + if (keyStorePassword == null || keyStorePassword.isEmpty()) { + throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set"); + } + HashMap props = new HashMap<>(); + props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword)); + new FProxyApplication().configure(new SpringApplicationBuilder(FProxyApplication.class).properties(props)) + .run(args); + } + + /** + * Set required trust store system properties using values from application.properties + */ + @PostConstruct + public void setSystemProperties() { + String keyStorePath = env.getProperty("server.ssl.key-store"); + if (keyStorePath != null) { + String keyStorePassword = env.getProperty("server.ssl.key-store-password"); + + if (keyStorePassword != null) { + System.setProperty("javax.net.ssl.keyStore", keyStorePath); + System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword); + System.setProperty("javax.net.ssl.trustStore", keyStorePath); + System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword); + } else { + throw new IllegalArgumentException("Env property server.ssl.key-store-password not set"); + } + } + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java new file mode 100644 index 0000000..a1aef28 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java @@ -0,0 +1,70 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import javax.net.ssl.SSLContext; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.client.RestTemplateBuilder; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.util.ResourceUtils; +import org.springframework.web.client.RestTemplate; + +@Configuration +public class RestTemplateConfig { + + @Value("${server.ssl.client-cert}") + private String clientCertPath; + + @Value("${server.ssl.key-store-password}") + private String clientCertPassword; + + @Profile("secure") + @Bean + public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException { + return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build())); + } + + @Profile("noHostVerification") + @Bean + public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder) + throws GeneralSecurityException, IOException { + return new RestTemplate(new HttpComponentsClientHttpRequestFactory( + getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build())); + } + + private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException { + + SSLContext sslContext = SSLContextBuilder.create() + .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(), + clientCertPassword.toCharArray()) + .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build(); + + return HttpClients.custom().setSSLContext(sslContext); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java new file mode 100644 index 0000000..00fe9d4 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java @@ -0,0 +1,37 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache; + +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.springframework.lang.Nullable; + +public interface CredentialCache { + + void add(String key, CredentialCacheData value, long periodInMillis); + + void remove(String key); + + @Nullable + CredentialCacheData get(String key); + + void clear(); + + long size(); +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java new file mode 100644 index 0000000..44ce0cd --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java @@ -0,0 +1,116 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache; + +import java.lang.ref.SoftReference; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.DelayQueue; +import java.util.concurrent.Delayed; +import java.util.concurrent.TimeUnit; +import org.onap.aaf.fproxy.data.CredentialCacheData; + +public class InMemoryCredentialCache implements CredentialCache { + + private final ConcurrentHashMap> cache = new ConcurrentHashMap<>(); + private final DelayQueue cleaningUpQueue = new DelayQueue<>(); + + public InMemoryCredentialCache() { + Thread cleanerThread = new Thread(() -> { + while (!Thread.currentThread().isInterrupted()) { + try { + DelayedCacheObject delayedCacheObject = cleaningUpQueue.take(); + cache.remove(delayedCacheObject.getKey(), delayedCacheObject.getReference()); + } catch (InterruptedException e) { + Thread.currentThread().interrupt(); + } + } + }); + cleanerThread.setDaemon(true); + cleanerThread.start(); + } + + @Override + public void add(String key, CredentialCacheData value, long periodInMillis) { + if (key == null) { + return; + } + if (value == null) { + cache.remove(key); + } else { + long expiryTime = System.currentTimeMillis() + periodInMillis; + SoftReference reference = new SoftReference<>(value); + cache.put(key, reference); + cleaningUpQueue.put(new DelayedCacheObject(key, reference, expiryTime)); + } + } + + @Override + public void remove(String key) { + cache.remove(key); + } + + @Override + public CredentialCacheData get(String key) { + return Optional.ofNullable(cache.get(key)).map(SoftReference::get).orElse(null); + } + + @Override + public void clear() { + cache.clear(); + } + + @Override + public long size() { + return cache.size(); + } + + private static class DelayedCacheObject implements Delayed { + + private final String key; + private final SoftReference reference; + private final long expiryTime; + + public DelayedCacheObject(String key, SoftReference reference, long expiryTime) { + super(); + this.key = key; + this.reference = reference; + this.expiryTime = expiryTime; + } + + @Override + public long getDelay(TimeUnit unit) { + return unit.convert(expiryTime - System.currentTimeMillis(), TimeUnit.MILLISECONDS); + } + + @Override + public int compareTo(Delayed o) { + return Long.compare(expiryTime, ((DelayedCacheObject) o).expiryTime); + } + + public String getKey() { + return key; + } + + public SoftReference getReference() { + return reference; + } + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java new file mode 100644 index 0000000..b80fc32 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java @@ -0,0 +1,89 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.cache.utils; + +import javax.servlet.http.HttpServletRequest; +import org.onap.aaf.fproxy.cache.CredentialCache; +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpHeaders; +import org.springframework.stereotype.Component; +import org.springframework.web.util.WebUtils; + +@Component +public class CacheUtils { + + Logger logger = LoggerFactory.getLogger(CacheUtils.class); + + @Autowired + private CredentialCache credentialCache; + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + public void populateCredentialsFromCache(HttpHeaders headers, HttpServletRequest request) { + String transactionId = headers.getFirst(transactionIdHeaderName); + if (transactionId != null) { + CredentialCacheData cacheData = credentialCache.get(transactionId); + if (cacheData == null) { + logger.info("Transaction ID {} not found in cache, skipping credential population...", transactionId); + } else if (cacheData.getCredentialType().equals(CredentialType.HEADER)) { + logger.info("Populating header credentials from cache for transaction ID: {}", transactionId); + applyHeaderCacheData(cacheData, headers); + } else if (cacheData.getCredentialType().equals(CredentialType.COOKIE)) { + logger.info("Populating cookie credentials from cache for transaction ID: {}", transactionId); + applyCookieCacheData(cacheData, headers, request); + } + } else { + logger.info("No transaction ID found in request, skipping credential population..."); + } + } + + private void applyHeaderCacheData(CredentialCacheData cacheData, HttpHeaders headers) { + String credentialName = cacheData.getCredentialName(); + if (!headers.containsKey(credentialName)) { + headers.add(credentialName, cacheData.getCredentialValue()); + logger.info("Header credentials successfully populated."); + } else { + logger.info("Request already contains header with name: {}, skipping credential population...", + credentialName); + } + } + + private void applyCookieCacheData(CredentialCacheData cacheData, HttpHeaders headers, HttpServletRequest request) { + String credentialName = cacheData.getCredentialName(); + // Check if Cookie with same name is already set then skip + if (WebUtils.getCookie(request, credentialName) == null) { + headers.add(HttpHeaders.COOKIE, cacheData.getCredentialValue()); + logger.info("Cookie credentials successfully populated."); + } else { + logger.info("Request already contains cookie with name: {}, skipping credential population...", + credentialName); + } + } + + public void addCredentialsToCache(String transactionId, CredentialCacheData credentialdata, long cacheExpiryMs) { + credentialCache.add(transactionId, credentialdata, cacheExpiryMs); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java new file mode 100644 index 0000000..b72ea08 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java @@ -0,0 +1,72 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.data; + +public class CredentialCacheData { + + public enum CredentialType { + HEADER, COOKIE; + } + + private String credentialName; + private String credentialValue; + private CredentialType credentialType; + + public CredentialCacheData() { + super(); + } + + public CredentialCacheData(String credentialName, String credentialValue, CredentialType credentialType) { + super(); + this.credentialName = credentialName; + this.credentialValue = credentialValue; + this.credentialType = credentialType; + } + + public String getCredentialName() { + return credentialName; + } + + public void setCredentialName(String credentialName) { + this.credentialName = credentialName; + } + + public String getCredentialValue() { + return credentialValue; + } + + public void setCredentialValue(String credentialValue) { + this.credentialValue = credentialValue; + } + + public Enum getCredentialType() { + return credentialType; + } + + public void setCredentialType(CredentialType credentialType) { + this.credentialType = credentialType; + } + + @Override + public String toString() { + return "CredentialCacheData [credentialName=" + credentialName + ", credentialType=" + credentialType + "]"; + } + +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java new file mode 100644 index 0000000..0d150ba --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java @@ -0,0 +1,100 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.service; + +import java.net.URI; +import java.util.Enumeration; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.fproxy.cache.utils.CacheUtils; +import org.onap.aaf.fproxy.data.CredentialCacheData; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.UriComponentsBuilder; + +@RestController +public class ForwardingProxyService { + + Logger logger = LoggerFactory.getLogger(ForwardingProxyService.class); + + private static final long DEFAULT_CACHE_EXPIRY_MS = 180000; // 3 mins + + @Autowired + RestTemplate restTemplate; + + @Autowired + CacheUtils cacheUtils; + + @Value("${credential.cache.timeout.ms:" + DEFAULT_CACHE_EXPIRY_MS + "}") + long cacheExpiryMs; + + @RequestMapping(value = "/credential-cache/{transactionId}", method = RequestMethod.POST) + public ResponseEntity addCredentialToCache(@PathVariable("transactionId") String transactionId, + @RequestBody CredentialCacheData credentialdata) { + logger.info("Updating credential cache with transaction ID: {}", transactionId); + + // Update credential cache + logger.debug("Credential data: {}", credentialdata); + cacheUtils.addCredentialsToCache(transactionId, credentialdata, cacheExpiryMs); + + logger.info("Credential cache successfully updated with transaction ID: {}", transactionId); + return new ResponseEntity<>(transactionId, HttpStatus.OK); + } + + @RequestMapping("/**") + public ResponseEntity forwardRest(@RequestBody(required = false) String body, HttpMethod method, + HttpServletRequest request, HttpServletResponse response) { + + String requestUrl = request.getRequestURI(); + + logger.info("Request received: {}", requestUrl); + + URI uri = UriComponentsBuilder.fromHttpUrl(request.getRequestURL().toString()).query(request.getQueryString()) + .build(true).toUri(); + + HttpHeaders headers = new HttpHeaders(); + Enumeration headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String headerName = headerNames.nextElement(); + headers.set(headerName, request.getHeader(headerName)); + } + + cacheUtils.populateCredentialsFromCache(headers, request); + + HttpEntity httpEntity = new HttpEntity<>(body, headers); + + logger.info("Forwarding request..."); + + return restTemplate.exchange(uri, method, httpEntity, String.class); + } +} diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java new file mode 100644 index 0000000..ce6e162 --- /dev/null +++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java @@ -0,0 +1,35 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy.util; + +/** This exception is thrown when the request fails validation. */ +public class RequestValidationException extends Exception { + + private static final long serialVersionUID = 1L; + + /** + * Constructor for an instance of this exception with just a message. + * + * @param message information about the exception + */ + public RequestValidationException(String message) { + super(message); + } +} diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties new file mode 100644 index 0000000..d269c54 --- /dev/null +++ b/sidecar/fproxy/src/main/resources/application.properties @@ -0,0 +1,14 @@ +CONFIG_HOME=config + +server.port=10680 +server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12 +server.ssl.client-auth=need + +server.contextPath=/ + +logging.config=${CONFIG_HOME}/logback-spring.xml + +spring.profiles.active=secure + +management.endpoints.web.base-path=/fproxy \ No newline at end of file diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java new file mode 100644 index 0000000..ba876e0 --- /dev/null +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java @@ -0,0 +1,49 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import static org.assertj.core.api.Assertions.assertThat; + +import org.eclipse.jetty.util.security.Password; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.fproxy.service.ForwardingProxyService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; +import org.springframework.test.context.junit4.SpringRunner; + +@RunWith(SpringRunner.class) +@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) +public class FProxyIT { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Autowired + private ForwardingProxyService fProxyService; + + @Test + public void contexLoads() throws Exception { + assertThat(fProxyService).isNotNull(); + } +} diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java new file mode 100644 index 0000000..ccf13e9 --- /dev/null +++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java @@ -0,0 +1,208 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aaf + * ================================================================================ + * Copyright © 2018 European Software Marketing Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aaf.fproxy; + +import static org.hamcrest.Matchers.equalTo; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.header; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.method; +import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; +import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import javax.servlet.http.Cookie; +import org.eclipse.jetty.util.security.Password; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.test.context.junit4.SpringRunner; +import org.springframework.test.web.client.MockRestServiceServer; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; +import org.springframework.web.client.RestTemplate; + +@RunWith(SpringRunner.class) +@SpringBootTest +@AutoConfigureMockMvc +public class FProxyServiceTest { + + static { + System.setProperty("server.ssl.key-store-password", + Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10")); + } + + @Value("${transactionid.header.name}") + private String transactionIdHeaderName; + + @Autowired + private MockMvc mvc; + + @Autowired + private RestTemplate restTemplate; + + private MockRestServiceServer mockServer; + + @Before + public void setUp() { + mockServer = MockRestServiceServer.createServer(restTemplate); + } + + @Test + public void testRequestFrowarding() throws Exception { + String testUrl = "https://localhost:80/testurl"; + String testResponse = "Response from MockRestService"; + + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testCredentialCacheEndpoint() throws Exception { + populateCredentialCache("tx1", "headername", "headervalue", CredentialType.HEADER.toString()); + } + + @Test + public void testPopulateHeaderFromCache() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String headerName = "headername"; + String headerValue = "headervalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with header credentials + populateCredentialCache(testTransactionId, headerName, headerValue, CredentialType.HEADER.toString()); + + // Expect mock server to be called with request containing cached header + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(headerName, headerValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testHeaderAlreadyExists() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String headerName = "headername"; + String headerValue = "headervalue"; + String newHeaderValue = "newheadervalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with header credentials using a new value + populateCredentialCache(testTransactionId, headerName, newHeaderValue, CredentialType.HEADER.toString()); + + // Expect mock server to be called with request containing the original header credential value, not the cached + // new header value + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(headerName, headerValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server that already contains a header with same name as the one that has been cached + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId).header(headerName, headerValue)) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testPopulateCookieFromCache() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String cookieName = "testcookie"; + String cookieValue = "testcookie=testvalue"; + String testResponse = "Response from MockRestService"; + + // Populate the cache with cookie credentials + populateCredentialCache(testTransactionId, cookieName, cookieValue, CredentialType.COOKIE.toString()); + + // Expect mock server to be called with request containing cached header + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(HttpHeaders.COOKIE, cookieValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server with transaction Id + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + @Test + public void testCookieAlreadyExists() throws Exception { + String testTransactionId = "tx1"; + String testUrl = "https://localhost:80/testurl"; + String cookieName = "testcookie"; + String cookieValue = "testvalue"; + String newCookieValue = "newtestvalue"; + + String testResponse = "Response from MockRestService"; + + // Populate the cache with cookie credentials using a new value + populateCredentialCache(testTransactionId, cookieName, newCookieValue, CredentialType.COOKIE.toString()); + + // Expect mock server to be called with request containing the original cookie credential value, not the cached + // new cookie value + mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET)) + .andExpect(header(HttpHeaders.COOKIE, cookieName + "=" + cookieValue)) + .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON)); + + // Send request to mock server that already contains a cookie with same name as the one that has been cached + mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON) + .header(transactionIdHeaderName, testTransactionId).cookie(new Cookie(cookieName, cookieValue))) + .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse))); + + mockServer.verify(); + } + + private void populateCredentialCache(String transactionId, String credentialName, String credentialValue, + String credentialType) throws Exception { + String cacheUrl = "https://localhost:80/credential-cache/" + transactionId; + String requestBody = "{ \"credentialName\":\"" + credentialName + "\", \"credentialValue\":\"" + credentialValue + + "\", \"credentialType\":\"" + credentialType + "\" }"; + + // Populate the cache with credentials + mvc.perform(MockMvcRequestBuilders.post(cacheUrl).content(requestBody).contentType(MediaType.APPLICATION_JSON) + .accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk()) + .andExpect(content().string(equalTo(transactionId))); + } +} diff --git a/sidecar/fproxy/version.properties b/sidecar/fproxy/version.properties new file mode 100644 index 0000000..5128787 --- /dev/null +++ b/sidecar/fproxy/version.properties @@ -0,0 +1,13 @@ +# Versioning variables +# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) +# because they are used in Jenkins, whose plug-in doesn't support + +major=1 +minor=0 +patch=0 + +base_version=${major}.${minor}.${patch} + +# Release must be completed with git revision # in Jenkins +release_version=${base_version} +snapshot_version=${base_version}-SNAPSHOT -- cgit 1.2.3-korg