diff options
author | mark.j.leonard <mark.j.leonard@gmail.com> | 2019-03-29 16:29:44 +0000 |
---|---|---|
committer | mark.j.leonard <mark.j.leonard@gmail.com> | 2019-04-03 10:44:28 +0100 |
commit | 61607b8e66f19aba46d0c0f7cec3a9fe2c6e1e08 (patch) | |
tree | b330dc7b884643a04b38801a92a2400df3850535 | |
parent | 60457e41054465e9fa10c8e6bfdbfa62a45d1f0a (diff) |
Move REQUIRE_CLIENT_AUTH code to start script
Move the conversion from the REQUIRE_CLIENT_AUTH env variable to the
Spring setting server.ssl.client-auth out of the Java code and in to the
start script. This declutters the code and exposes this setting.
Refactor the code for readability: have Jetty deobfuscate the password
string for us rather than manually detecting the "OBF:" prefix.
Also fix a typo (spelling mistake).
Change-Id: Ic670c04f97f59e06e48ca2cf4d7a0188020b3eaa
Issue-ID: AAI-2280
Signed-off-by: mark.j.leonard <mark.j.leonard@gmail.com>
-rw-r--r-- | src/main/bin/start.sh | 4 | ||||
-rw-r--r-- | src/main/java/org/onap/aai/babel/BabelApplication.java | 23 | ||||
-rw-r--r-- | src/main/java/org/onap/aai/babel/request/RequestHeaders.java | 7 | ||||
-rw-r--r-- | src/main/resources/application.properties | 1 | ||||
-rw-r--r-- | src/test/java/org/onap/aai/babel/TestApplication.java | 14 |
5 files changed, 32 insertions, 17 deletions
diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh index 3121c8e..8c4cdf5 100644 --- a/src/main/bin/start.sh +++ b/src/main/bin/start.sh @@ -35,6 +35,10 @@ PROPS="-DAPP_HOME=${APP_HOME}" PROPS="${PROPS} -DCONFIG_HOME=${CONFIG_HOME}" PROPS="${PROPS} -Dtosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json" PROPS="${PROPS} -DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}" +if [ ! -z "$REQUIRE_CLIENT_AUTH" ]; then + PROPS="$PROPS -Dserver.ssl.client-auth=${REQUIRE_CLIENT_AUTH}" +fi + JVM_MAX_HEAP=${MAX_HEAP:-1024} exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${APP_HOME}/babel.jar diff --git a/src/main/java/org/onap/aai/babel/BabelApplication.java b/src/main/java/org/onap/aai/babel/BabelApplication.java index 9eaa0ce..e524e6e 100644 --- a/src/main/java/org/onap/aai/babel/BabelApplication.java +++ b/src/main/java/org/onap/aai/babel/BabelApplication.java @@ -21,7 +21,7 @@ package org.onap.aai.babel; -import java.util.HashMap; +import com.google.common.collect.ImmutableMap; import org.eclipse.jetty.util.security.Password; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @@ -38,26 +38,21 @@ public class BabelApplication extends SpringBootServletInitializer { /** * Spring Boot Initialization. - * + * * @param args - * main args + * main args (expected to be null) */ public static void main(String[] args) { String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD"); if (keyStorePassword == null || keyStorePassword.isEmpty()) { - throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set"); + throw new IllegalArgumentException("Mandatory property KEY_STORE_PASSWORD not set"); } - HashMap<String, Object> props = new HashMap<>(); - String decryptedValue = keyStorePassword.startsWith(Password.__OBFUSCATE) ? // - Password.deobfuscate(keyStorePassword) : keyStorePassword; - props.put("server.ssl.key-store-password", decryptedValue); + ImmutableMap<String, Object> defaults = + ImmutableMap.of("server.ssl.key-store-password", new Password(keyStorePassword).toString()); - String requireClientAuth = System.getenv("REQUIRE_CLIENT_AUTH"); - props.put("server.ssl.client-auth", - Boolean.FALSE.toString().equalsIgnoreCase(requireClientAuth) ? "want" : "need"); - - context = new BabelApplication() - .configure(new SpringApplicationBuilder(BabelApplication.class).properties(props)).run(args); + context = new BabelApplication() // + .configure(new SpringApplicationBuilder(BabelApplication.class).properties(defaults)) // + .run(args); } public static void exit() { diff --git a/src/main/java/org/onap/aai/babel/request/RequestHeaders.java b/src/main/java/org/onap/aai/babel/request/RequestHeaders.java index f0d960c..1850d62 100644 --- a/src/main/java/org/onap/aai/babel/request/RequestHeaders.java +++ b/src/main/java/org/onap/aai/babel/request/RequestHeaders.java @@ -2,8 +2,8 @@ * ============LICENSE_START======================================================= * org.onap.aai * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * Copyright © 2017-2018 European Software Marketing Ltd. + * Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2017-2019 European Software Marketing Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.aai.babel.request; import java.util.Optional; @@ -62,7 +63,7 @@ public class RequestHeaders { * If the correlation ID contains the symbol : then this character and any trailing characters are removed. This * allows for an incrementing numeric sequence where there are multiple HTTP requests for a single transaction. * - * @return the normalsed UUID used for correlating transactions across components, or else null (if no ID is set) + * @return the normalized UUID used for correlating transactions across components, or else null (if no ID is set) */ public String getCorrelationId() { // If the request ID is missing, use the transaction ID (if present) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b845b8f..187826a 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,6 @@ server.port=9516 server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.client-auth=need server.contextPath=/services/babel-service diff --git a/src/test/java/org/onap/aai/babel/TestApplication.java b/src/test/java/org/onap/aai/babel/TestApplication.java index 8c9ca5e..bb43b40 100644 --- a/src/test/java/org/onap/aai/babel/TestApplication.java +++ b/src/test/java/org/onap/aai/babel/TestApplication.java @@ -93,6 +93,20 @@ public class TestApplication { BabelApplication.main(new String[] {}); } + /** + * This test asserts that if the KEY_STORE_PASSWORD System Property is set (and is not empty) then the value is + * passed to Jetty, debobfuscated, and used to open the key store, even if the resulting password value is actually + * an empty string. + */ + @Test + public void testApplicationWithBlankObfuscatedKeyStorePassword() { + // Note that "OBF:" is correctly deobfuscated and results in an empty string. + System.setProperty("KEY_STORE_PASSWORD", "OBF:"); + final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect"); + expectedEx.expectCause(expectedCause); + BabelApplication.main(new String[] {}); + } + private static class CauseMatcher extends TypeSafeMatcher<Throwable> { private final Class<? extends Throwable> type; |