diff options
11 files changed, 383 insertions, 34 deletions
diff --git a/aai-schema-service/src/main/docker/docker-entrypoint.sh b/aai-schema-service/src/main/docker/docker-entrypoint.sh index 09f7943..8129acd 100644 --- a/aai-schema-service/src/main/docker/docker-entrypoint.sh +++ b/aai-schema-service/src/main/docker/docker-entrypoint.sh @@ -67,6 +67,12 @@ if [ -f ${APP_HOME}/aai.sh ]; then exit 0; fi; + if [ ! -f "${APP_HOME}/scripts/updatePem.sh" ]; then + echo "Unable to find the updatePem script"; + exit 1; + else + gosu aaiadmin ${APP_HOME}/scripts/updatePem.sh + fi; fi; mkdir -p /opt/app/aai-schema-service/logs/gc @@ -83,8 +89,7 @@ fi; MIN_HEAP_SIZE=${MIN_HEAP_SIZE:-512m}; MAX_HEAP_SIZE=${MAX_HEAP_SIZE:-1024m}; -MAX_PERM_SIZE=${MAX_PERM_SIZE:-512m}; -PERM_SIZE=${PERM_SIZE:-512m}; +MAX_METASPACE_SIZE=${MAX_METASPACE_SIZE:-512m}; JAVA_CMD="exec gosu aaiadmin java"; @@ -95,8 +100,7 @@ JVM_OPTS="${JVM_OPTS} -Xmx${MAX_HEAP_SIZE}"; JVM_OPTS="${JVM_OPTS} -XX:+PrintGCDetails"; JVM_OPTS="${JVM_OPTS} -XX:+PrintGCTimeStamps"; -JVM_OPTS="${JVM_OPTS} -XX:MaxPermSize=${MAX_PERM_SIZE}"; -JVM_OPTS="${JVM_OPTS} -XX:PermSize=${PERM_SIZE}"; +JVM_OPTS="${JVM_OPTS} -XX:MaxMetaspaceSize=${MAX_METASPACE_SIZE}"; JVM_OPTS="${JVM_OPTS} -server"; JVM_OPTS="${JVM_OPTS} -XX:NewSize=512m"; @@ -118,7 +122,7 @@ JVM_OPTS="${JVM_OPTS} -XX:+HeapDumpOnOutOfMemoryError"; JVM_OPTS="${JVM_OPTS} ${POST_JVM_ARGS}"; JAVA_OPTS="${PRE_JAVA_OPTS} -DAJSC_HOME=$APP_HOME"; if [ -f ${INTROSCOPE_LIB}/Agent.jar ] && [ -f ${INTROSCOPE_AGENTPROFILE} ]; then - JAVA_OPTS="${JAVA_OPTS} -javaagent:${INTROSCOPE_LIB}/Agent.jar -noverify -Dcom.wily.introscope.agentProfile=${INTROSCOPE_AGENTPROFILE} -Dintroscope.agent.agentName=resources" + JAVA_OPTS="${JAVA_OPTS} -javaagent:${INTROSCOPE_LIB}/Agent.jar -noverify -Dcom.wily.introscope.agentProfile=${INTROSCOPE_AGENTPROFILE} -Dintroscope.agent.agentName=schema-service" fi JAVA_OPTS="${JAVA_OPTS} -Dserver.port=${SERVER_PORT}"; JAVA_OPTS="${JAVA_OPTS} -DBUNDLECONFIG_DIR=./resources"; @@ -131,6 +135,7 @@ JAVA_OPTS="${JAVA_OPTS} -DAAI_BUILD_VERSION=${AAI_BUILD_VERSION}"; JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"; JAVA_OPTS="${JAVA_OPTS} -Dlogback.configurationFile=./resources/logback.xml"; JAVA_OPTS="${JAVA_OPTS} -Dloader.path=$APP_HOME/resources"; +JAVA_OPTS="${JAVA_OPTS} -Dgroovy.use.classvalue=true"; JAVA_OPTS="${JAVA_OPTS} ${POST_JAVA_OPTS}"; JAVA_MAIN_JAR=$(ls lib/aai-schema-service*.jar); diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java index 8f36ac5..f2e0bd1 100644 --- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/SchemaServiceApp.java @@ -148,6 +148,15 @@ public class SchemaServiceApp { @PreDestroy public void cleanup() { + + LoggingContext.save(); + LoggingContext.component("Stopped"); + LoggingContext.partnerName("NA"); + LoggingContext.targetEntity(APP_NAME); + LoggingContext.requestId(UUID.randomUUID().toString()); + LoggingContext.serviceName(APP_NAME); + LoggingContext.targetServiceName("Stopped"); + LoggingContext.statusCode(StatusCode.COMPLETE); logger.info("SchemaService shutting down"); } } diff --git a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java index 4fd3220..8b03ac2 100644 --- a/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java +++ b/aai-schema-service/src/main/java/org/onap/aai/schemaservice/interceptors/post/InvalidResponseStatus.java @@ -24,10 +24,12 @@ import org.onap.aai.logging.ErrorLogHelper; import org.onap.aai.schemaservice.interceptors.AAIContainerFilter; import javax.annotation.Priority; +import javax.print.attribute.standard.Media; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.UriInfo; import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -39,15 +41,18 @@ public class InvalidResponseStatus extends AAIContainerFilter implements Contain public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { - if (responseContext.getStatus() == 405) { + String contentType = responseContext.getHeaderString("Content-Type"); + ArrayList<String> templateVars = new ArrayList<>(); + List<MediaType> mediaTypeList = new ArrayList<>(); + AAIException e; + String message = ""; - responseContext.setStatus(400); - AAIException e = new AAIException("AAI_3012"); - ArrayList<String> templateVars = new ArrayList<>(); + if (responseContext.getStatus() == 405) { - List<MediaType> mediaTypeList = new ArrayList<>(); + // add the accept type error msg here as well. - String contentType = responseContext.getHeaderString("Content-Type"); + responseContext.setStatus(400); + e = new AAIException("AAI_3012"); if (contentType == null) { mediaTypeList.add(MediaType.APPLICATION_XML_TYPE); @@ -55,11 +60,29 @@ public class InvalidResponseStatus extends AAIContainerFilter implements Contain mediaTypeList.add(MediaType.valueOf(contentType)); } - String message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars); + message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars); responseContext.setEntity(message); } + else if (responseContext.getStatus() == 406) { + responseContext.setStatus(406); + mediaTypeList.add(MediaType.valueOf(contentType)); + if (contentType.equals(MediaType.APPLICATION_XML)) { + e = new AAIException("AAI_3019", MediaType.APPLICATION_XML); + } else if (contentType.equals(MediaType.APPLICATION_JSON)) { + e = new AAIException("AAI_3019", MediaType.APPLICATION_JSON); + } else { + if (contentType == null) { + mediaTypeList.add(MediaType.APPLICATION_XML_TYPE); + e = new AAIException("AAI_3019", "null"); + } else { + mediaTypeList.add(MediaType.valueOf(contentType)); + e = new AAIException("AAI_3019", contentType); + } + } + message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars); + responseContext.setEntity(message); + } } - } diff --git a/aai-schema-service/src/main/resources/etc/appprops/error.properties b/aai-schema-service/src/main/resources/etc/appprops/error.properties index c695774..222c6b3 100644 --- a/aai-schema-service/src/main/resources/etc/appprops/error.properties +++ b/aai-schema-service/src/main/resources/etc/appprops/error.properties @@ -36,6 +36,7 @@ AAI_3015=5:6:INFO:3015:410:3015:The %1 capability is retired, please contact the AAI_3016=5:6:INFO:3007:400:3016:Request uri is not valid, please check the version %1 AAI_3017=5:6:INFO:3007:400:3016:Request uri is not valid, please check the uri %1 AAI_3018=5:6:INFO:3018:400:3018:Request schema version %1 is not valid, please check the schema version +AAI_3019=5:6:WARN:3019:400:3019:Request contains invalid header accept type AAI_3050=5:1:WARN:3002:400:3002:Invalid request, missing or empty query parameter version AAI_3051=5:1:WARN:3002:400:3002:Invalid request, version parameter %1 passed is not conforming to the following pattern v[1-9][0-9]* diff --git a/aai-schema-service/src/main/resources/logback.xml b/aai-schema-service/src/main/resources/logback.xml index 6c518d5..8cc2c27 100644 --- a/aai-schema-service/src/main/resources/logback.xml +++ b/aai-schema-service/src/main/resources/logback.xml @@ -191,7 +191,6 @@ <appender-ref ref="asyncERROR"/> <appender-ref ref="asyncMETRIC"/> <appender-ref ref="asyncSANE"/> - <appender-ref ref="STDOUT"/> </logger> <!-- Spring related loggers --> @@ -264,6 +263,5 @@ <root level="DEBUG"> <appender-ref ref="external"/> - <appender-ref ref="STDOUT"/> </root> </configuration> diff --git a/aai-schema-service/src/main/scripts/common_functions.sh b/aai-schema-service/src/main/scripts/common_functions.sh new file mode 100644 index 0000000..7dfda25 --- /dev/null +++ b/aai-schema-service/src/main/scripts/common_functions.sh @@ -0,0 +1,100 @@ +#!/bin/ksh +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + + +# Common functions that can be used throughout multiple scripts +# In order to call these functions, this file needs to be sourced + +# Checks if the user that is currently running is aaiadmin +check_user(){ + + userid=$( id | cut -f2 -d"(" | cut -f1 -d")" ) + + if [ "${userid}" != "aaiadmin" ]; then + echo "You must be aaiadmin to run $0. The id used $userid." + exit 1 + fi +} + +# Sources the profile and sets the project home +source_profile(){ + . /etc/profile.d/aai.sh + PROJECT_HOME=/opt/app/aai-schema-service +} + +# Runs the spring boot jar based on which main class +# to execute and which logback file to use for that class +execute_spring_jar(){ + + className=$1; + logbackFile=$2; + + shift 2; + + EXECUTABLE_JAR=$(ls ${PROJECT_HOME}/lib/*.jar); + + JAVA_OPTS="${JAVA_PRE_OPTS} -DAJSC_HOME=$PROJECT_HOME"; + JAVA_OPTS="$JAVA_OPTS -DBUNDLECONFIG_DIR=resources"; + JAVA_OPTS="$JAVA_OPTS -Daai.home=$PROJECT_HOME "; + JAVA_OPTS="$JAVA_OPTS -Dhttps.protocols=TLSv1.1,TLSv1.2"; + JAVA_OPTS="$JAVA_OPTS -Dloader.main=${className}"; + JAVA_OPTS="$JAVA_OPTS -Dloader.path=${PROJECT_HOME}/resources"; + JAVA_OPTS="$JAVA_OPTS -Dlogback.configurationFile=${logbackFile}"; + + export SOURCE_NAME=$(grep '^schema.source.name=' ${PROJECT_HOME}/resources/application.properties | cut -d"=" -f2-); + # Needed for the schema ingest library beans + eval $(grep '^schema\.' ${PROJECT_HOME}/resources/application.properties | \ + sed 's/^\(.*\)$/JAVA_OPTS="$JAVA_OPTS -D\1"/g' | \ + sed 's/${server.local.startpath}/${PROJECT_HOME}\/resources/g'| \ + sed 's/${schema.source.name}/'${SOURCE_NAME}'/g'\ + ) + + JAVA_OPTS="${JAVA_OPTS} ${JAVA_POST_OPTS}"; + + ${JAVA_HOME}/bin/java ${JVM_OPTS} ${JAVA_OPTS} -jar ${EXECUTABLE_JAR} "$@" +} + +# Prints the start date and the script that the user called +start_date(){ + echo + echo `date` " Starting $0" +} + +# Prints the end date and the script that the user called +end_date(){ + echo + echo `date` " Done $0" +} + +# Inserts GEN_DB_WITH_NO_SCHEMA as a paranmter if it isn't there already +force_GEN_DB_WITH_NO_SCHEMA () { + for p in "$@" + do + if [ "$p" == "GEN_DB_WITH_NO_SCHEMA" ] + then + echo "$@" + return + fi + done + echo "GEN_DB_WITH_NO_SCHEMA $@" + return +} + diff --git a/aai-schema-service/src/main/scripts/getTool.sh b/aai-schema-service/src/main/scripts/getTool.sh new file mode 100644 index 0000000..9b8b26e --- /dev/null +++ b/aai-schema-service/src/main/scripts/getTool.sh @@ -0,0 +1,110 @@ +#!/bin/ksh + +### +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +# +# The script is called with a resource. +# It invokes a GET on the resource using curl +# Uses aaiconfig.properties for authorization type and url. + +display_usage() { + cat <<EOF + Usage: $0 [options] + + 1. Usage: getTool.sh <resource-path> + 2. This script needs only one argument and the argument should be resource-path. + 3. for example: resource-path for a particular customer is /aai/schema-service/v1/versions +EOF +} +if [ $# -eq 0 ]; then + display_usage + exit 1 +fi + +# remove leading slash when present +RESOURCE=$(echo $1 | sed "s,^/,,") + +if [ -z $RESOURCE ]; then + echo "resource parameter is missing" + echo "usage: $0 resource file [expected-failure-codes]" + exit 1 +fi +echo `date` " Starting $0 for resource $RESOURCE" + +XFROMAPPID="AAI-TOOLS" +XTRANSID=`uuidgen` + +userid=$( id | cut -f2 -d"(" | cut -f1 -d")" ) +if [ "${userid}" != "aaiadmin" ]; then + echo "You must be aaiadmin to run $0. The id used $userid." + exit 1 +fi + +. /etc/profile.d/aai.sh +PROJECT_HOME=/opt/app/aai-schema-service +prop_file=$PROJECT_HOME/resources/etc/appprops/aaiconfig.properties +log_dir=$PROJECT_HOME/logs/misc +today=$(date +\%Y-\%m-\%d) + + +MISSING_PROP=false +RESTURL=$(grep ^aai.server.url= $prop_file |cut -d'=' -f2 |tr -d "\015") +if [ -z $RESTURL ]; then + echo "Property [aai.server.url] not found in file $prop_file" + MISSING_PROP=true +fi +USEBASICAUTH=false +BASICENABLE=$(grep ^aai.tools.enableBasicAuth $prop_file |cut -d'=' -f2 |tr -d "\015") +if [ -z $BASICENABLE ]; then + USEBASICAUTH=false +else + USEBASICAUTH=true + CURLUSER=$(grep ^aai.tools.username $prop_file |cut -d'=' -f2 |tr -d "\015") + if [ -z $CURLUSER ]; then + echo "Property [aai.tools.username] not found in file $prop_file" + MISSING_PROP=true + fi + CURLPASSWORD=$(grep ^aai.tools.password $prop_file |cut -d'=' -f2 |tr -d "\015") + if [ -z $CURLPASSWORD ]; then + echo "Property [aai.tools.password] not found in file $prop_file" + MISSING_PROP=true + fi +fi + +if [ $MISSING_PROP = false ]; then + if [ $USEBASICAUTH = false ]; then + AUTHSTRING="--cert $PROJECT_HOME/resources/etc/auth/aaiClientPublicCert.pem --key $PROJECT_HOME/resources/etc/auth/aaiClientPrivateKey.pem" + else + AUTHSTRING="-u $CURLUSER:$CURLPASSWORD" + fi + if [[ $RESOURCE == *"nodes"* ]]; then + curl --request GET -sL -k $AUTHSTRING -H "X-FromAppId: $XFROMAPPID" -H "X-TransactionId: $XTRANSID" -H "Accept: application/xml" $RESTURL$RESOURCE -d sed 's/\r//g' + else + curl --request GET -sL -k $AUTHSTRING -H "X-FromAppId: $XFROMAPPID" -H "X-TransactionId: $XTRANSID" -H "Accept: application/json" $RESTURL$RESOURCE | jq -M '.' | sed 's/\r//g' + fi + RC=$?; +else + echo "usage: $0 resource" + RC=-1 +fi + +echo `date` " Done $0, returning $RC" +exit $RC diff --git a/aai-schema-service/src/main/scripts/updatePem.sh b/aai-schema-service/src/main/scripts/updatePem.sh new file mode 100644 index 0000000..6e6ac6f --- /dev/null +++ b/aai-schema-service/src/main/scripts/updatePem.sh @@ -0,0 +1,38 @@ +#!/bin/ksh + +### +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +COMMON_ENV_PATH=$( cd "$(dirname "$0")" ; pwd -P ) +. ${COMMON_ENV_PATH}/common_functions.sh + +start_date; +check_user; +source_profile; + +CERTPATH=$PROJECT_HOME/resources/etc/auth/ +KEYNAME=aaiClientPrivateKey.pem +CERTNAME=aaiClientPublicCert.pem + +pw=$(execute_spring_jar org.onap.aai.util.AAIConfigCommandLinePropGetter "" "aai.keystore.passwd" 2> /dev/null | tail -1) +openssl pkcs12 -in ${CERTPATH}/aai-client-cert.p12 -out $CERTPATH$CERTNAME -clcerts -nokeys -passin pass:$pw +openssl pkcs12 -in ${CERTPATH}/aai-client-cert.p12 -out $CERTPATH$KEYNAME -nocerts -nodes -passin pass:$pw +end_date; +exit 0 diff --git a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java index 53a3e14..231fecc 100644 --- a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java +++ b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTest.java @@ -47,6 +47,7 @@ import static org.junit.Assert.assertThat; @TestPropertySource(locations = "classpath:application-test.properties") @ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @Import(SchemaServiceTestConfiguration.class) + @RunWith(SpringRunner.class) public class SchemaServiceTest { @@ -86,7 +87,7 @@ public class SchemaServiceTest { headers.add("X-TransactionId", "JUNIT"); headers.add("Authorization", "Basic " + authorization); httpEntity = new HttpEntity(headers); - baseUrl = "https://localhost:" + randomPort; + baseUrl = "http://localhost:" + randomPort; } @Test @@ -126,6 +127,59 @@ public class SchemaServiceTest { } @Test + public void testInvalidSchemaAndEdges(){ + + headers = new HttpHeaders(); + headers.setAccept(Collections.singletonList(MediaType.APPLICATION_XML)); + headers.setContentType(MediaType.APPLICATION_XML); + headers.add("Real-Time", "true"); + headers.add("X-FromAppId", "JUNIT"); + headers.add("X-TransactionId", "JUNIT"); + headers.add("Authorization", "Basic " + authorization); + httpEntity = new HttpEntity(headers); + + ResponseEntity responseEntity; + + responseEntity = restTemplate.exchange( + baseUrl + "/aai/schema-service/v1/nodes?version=blah", + HttpMethod.GET, + httpEntity, + String.class + ); + System.out.println(" "+responseEntity.getBody()); + assertThat(responseEntity.getStatusCodeValue(), is(400)); + + headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); + headers.setContentType(MediaType.APPLICATION_JSON); + httpEntity = new HttpEntity(headers); + + responseEntity = restTemplate.exchange( + baseUrl + "/aai/schema-service/v1/edgerules?version=blah", + HttpMethod.GET, + httpEntity, + String.class + ); + + assertThat(responseEntity.getStatusCodeValue(), is(400)); + } + + @Test + public void testVersions(){ + + ResponseEntity responseEntity; + + responseEntity = restTemplate.exchange( + baseUrl + "/aai/schema-service/v1/versions", + HttpMethod.GET, + httpEntity, + String.class + ); + assertThat(responseEntity.getStatusCodeValue(), is(200)); + + + } + + @Test public void testGetStoredQueriesSuccess(){ ResponseEntity responseEntity; diff --git a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java index 5d4c187..1e2de5e 100644 --- a/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java +++ b/aai-schema-service/src/test/java/org/onap/aai/schemaservice/SchemaServiceTestConfiguration.java @@ -58,30 +58,38 @@ public class SchemaServiceTestConfiguration { @Bean RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception { - char[] trustStorePassword = env.getProperty("server.ssl.trust-store-password").toCharArray(); - char[] keyStorePassword = env.getProperty("server.ssl.key-store-password").toCharArray(); - String keyStore = env.getProperty("server.ssl.key-store"); - String trustStore = env.getProperty("server.ssl.trust-store"); - SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); + RestTemplate restTemplate = null; - if(env.acceptsProfiles("two-way-ssl")){ - sslContextBuilder = sslContextBuilder.loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword); - } + if(env.acceptsProfiles("one-way-ssl", "two-way-ssl")) { + char[] trustStorePassword = env.getProperty("server.ssl.trust-store-password").toCharArray(); + char[] keyStorePassword = env.getProperty("server.ssl.key-store-password").toCharArray(); + + String keyStore = env.getProperty("server.ssl.key-store"); + String trustStore = env.getProperty("server.ssl.trust-store"); + SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); + + if (env.acceptsProfiles("two-way-ssl")) { + sslContextBuilder = sslContextBuilder.loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword); + } - SSLContext sslContext = sslContextBuilder + SSLContext sslContext = sslContextBuilder .loadTrustMaterial(ResourceUtils.getFile(trustStore), trustStorePassword) .build(); - HttpClient client = HttpClients.custom() + HttpClient client = HttpClients.custom() .setSSLContext(sslContext) .setSSLHostnameVerifier((s, sslSession) -> true) .build(); - RestTemplate restTemplate = builder + restTemplate = builder .requestFactory(new HttpComponentsClientHttpRequestFactory(client)) .build(); + }else { + restTemplate = builder.build(); + } + restTemplate.setErrorHandler(new ResponseErrorHandler() { @Override diff --git a/aai-schema-service/src/test/resources/application-test.properties b/aai-schema-service/src/test/resources/application-test.properties index 2e0cda1..5f57a30 100644 --- a/aai-schema-service/src/test/resources/application-test.properties +++ b/aai-schema-service/src/test/resources/application-test.properties @@ -12,20 +12,23 @@ jetty.threadPool.maxThreads=200 jetty.threadPool.minThreads=8 #The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads server.tomcat.max-idle-time=60000 + # If you get an application startup failure that the port is already taken # If thats not it, please check if the key-store file path makes sense server.local.startpath=src/main/resources/ server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties server.port=8452 +security.require-ssl=false +server.ssl.enabled=false # Server SSL Related Attributes -server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore -server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore -server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.client-auth=want -server.ssl.key-store-type=JKS +#server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +#server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore +#server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) +#server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore +#server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) +#server.ssl.client-auth=want +#server.ssl.key-store-type=JKS # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema |