diff options
| author |   Tian Lee <TianL@amdocs.com> | 2019-04-03 10:34:37 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2019-04-03 10:34:37 +0000 |
| commit | 6b52f93a1965dfadd55410a4231446c9fb374633 (patch) | |
| tree | f3d18ecc852626f917ce3a9d5c318f804812177a | |
| parent | a7601b88fcb8abb0a40d26d16948b29ae45d370d (diff) | |
| parent | 61607b8e66f19aba46d0c0f7cec3a9fe2c6e1e08 (diff) | |
Merge "Move REQUIRE_CLIENT_AUTH code to start script"
| -rw-r--r-- | src/main/bin/start.sh | 4 | ||||
| -rw-r--r-- | src/main/java/org/onap/aai/babel/BabelApplication.java | 23 | ||||
| -rw-r--r-- | src/main/java/org/onap/aai/babel/request/RequestHeaders.java | 7 | ||||
| -rw-r--r-- | src/main/resources/application.properties | 1 | ||||
| -rw-r--r-- | src/test/java/org/onap/aai/babel/TestApplication.java | 14 |
5 files changed, 32 insertions, 17 deletions
diff --git a/src/main/bin/start.sh b/src/main/bin/start.sh index 3121c8e..8c4cdf5 100644 --- a/src/main/bin/start.sh +++ b/src/main/bin/start.sh @@ -35,6 +35,10 @@ PROPS="-DAPP_HOME=${APP_HOME}" PROPS="${PROPS} -DCONFIG_HOME=${CONFIG_HOME}" PROPS="${PROPS} -Dtosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json" PROPS="${PROPS} -DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}" +if [ ! -z "$REQUIRE_CLIENT_AUTH" ]; then + PROPS="$PROPS -Dserver.ssl.client-auth=${REQUIRE_CLIENT_AUTH}" +fi + JVM_MAX_HEAP=${MAX_HEAP:-1024} exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${APP_HOME}/babel.jar diff --git a/src/main/java/org/onap/aai/babel/BabelApplication.java b/src/main/java/org/onap/aai/babel/BabelApplication.java index 9eaa0ce..e524e6e 100644 --- a/src/main/java/org/onap/aai/babel/BabelApplication.java +++ b/src/main/java/org/onap/aai/babel/BabelApplication.java @@ -21,7 +21,7 @@ package org.onap.aai.babel; -import java.util.HashMap; +import com.google.common.collect.ImmutableMap; import org.eclipse.jetty.util.security.Password; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @@ -38,26 +38,21 @@ public class BabelApplication extends SpringBootServletInitializer { /** * Spring Boot Initialization. - * + * * @param args - * main args + * main args (expected to be null) */ public static void main(String[] args) { String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD"); if (keyStorePassword == null || keyStorePassword.isEmpty()) { - throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set"); + throw new IllegalArgumentException("Mandatory property KEY_STORE_PASSWORD not set"); } - HashMap<String, Object> props = new HashMap<>(); - String decryptedValue = keyStorePassword.startsWith(Password.__OBFUSCATE) ? // - Password.deobfuscate(keyStorePassword) : keyStorePassword; - props.put("server.ssl.key-store-password", decryptedValue); + ImmutableMap<String, Object> defaults = + ImmutableMap.of("server.ssl.key-store-password", new Password(keyStorePassword).toString()); - String requireClientAuth = System.getenv("REQUIRE_CLIENT_AUTH"); - props.put("server.ssl.client-auth", - Boolean.FALSE.toString().equalsIgnoreCase(requireClientAuth) ? "want" : "need"); - - context = new BabelApplication() - .configure(new SpringApplicationBuilder(BabelApplication.class).properties(props)).run(args); + context = new BabelApplication() // + .configure(new SpringApplicationBuilder(BabelApplication.class).properties(defaults)) // + .run(args); } public static void exit() { diff --git a/src/main/java/org/onap/aai/babel/request/RequestHeaders.java b/src/main/java/org/onap/aai/babel/request/RequestHeaders.java index f0d960c..1850d62 100644 --- a/src/main/java/org/onap/aai/babel/request/RequestHeaders.java +++ b/src/main/java/org/onap/aai/babel/request/RequestHeaders.java @@ -2,8 +2,8 @@ * ============LICENSE_START======================================================= * org.onap.aai * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * Copyright © 2017-2018 European Software Marketing Ltd. + * Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (c) 2017-2019 European Software Marketing Ltd. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -18,6 +18,7 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.aai.babel.request; import java.util.Optional; @@ -62,7 +63,7 @@ public class RequestHeaders { * If the correlation ID contains the symbol : then this character and any trailing characters are removed. This * allows for an incrementing numeric sequence where there are multiple HTTP requests for a single transaction. * - * @return the normalsed UUID used for correlating transactions across components, or else null (if no ID is set) + * @return the normalized UUID used for correlating transactions across components, or else null (if no ID is set) */ public String getCorrelationId() { // If the request ID is missing, use the transaction ID (if present) diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index b845b8f..187826a 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,5 +1,6 @@ server.port=9516 server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +server.ssl.client-auth=need server.contextPath=/services/babel-service diff --git a/src/test/java/org/onap/aai/babel/TestApplication.java b/src/test/java/org/onap/aai/babel/TestApplication.java index 8c9ca5e..bb43b40 100644 --- a/src/test/java/org/onap/aai/babel/TestApplication.java +++ b/src/test/java/org/onap/aai/babel/TestApplication.java @@ -93,6 +93,20 @@ public class TestApplication { BabelApplication.main(new String[] {}); } + /** + * This test asserts that if the KEY_STORE_PASSWORD System Property is set (and is not empty) then the value is + * passed to Jetty, debobfuscated, and used to open the key store, even if the resulting password value is actually + * an empty string. + */ + @Test + public void testApplicationWithBlankObfuscatedKeyStorePassword() { + // Note that "OBF:" is correctly deobfuscated and results in an empty string. + System.setProperty("KEY_STORE_PASSWORD", "OBF:"); + final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect"); + expectedEx.expectCause(expectedCause); + BabelApplication.main(new String[] {}); + } + private static class CauseMatcher extends TypeSafeMatcher<Throwable> { private final Class<? extends Throwable> type; |