diff options
author | Alexis de Talhouët <adetalhouet89@gmail.com> | 2018-09-27 23:11:31 +0200 |
---|---|---|
committer | Alexis de Talhouët <alexis.de_talhouet@bell.ca> | 2018-10-03 00:33:07 +0000 |
commit | 9fa7b8cf6018acf37716a8df3f1bafd7c2ea8ac1 (patch) | |
tree | 5caf2f80d0e2b23cbbd1e91296faa8392704c81b | |
parent | 6739059550022e2a2db5ee81d2e42e282e2ebb09 (diff) |
Fix neng communication with AAI
Add support with Basic Auth
Disable hostname validation as k8s service name might not be listed
within the cert
Add support to trustore client side.
Change-Id: I279df2b5e2fadd425fbeb3dc53ff72d8e3dcfe87
Issue-ID: CCSDK-600
Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
5 files changed, 41 insertions, 39 deletions
diff --git a/ms/neng/opt/etc/config/application-live.properties b/ms/neng/opt/etc/config/application-live.properties index 1af9d48f..7b919afb 100644 --- a/ms/neng/opt/etc/config/application-live.properties +++ b/ms/neng/opt/etc/config/application-live.properties @@ -39,5 +39,6 @@ policymgr.ecompRequestId=${pol_req_id} #Interface with A&AI aai.certPassword=${aai_cert_pass} aai.cert=${aai_cert_path} -aai.uRIBase=${aai_uri} +aai.basicAuth=Basic ${aai_auth} +aai.uriBase=${aai_uri} aai.fromAppId=namegen-mS diff --git a/ms/neng/src/main/docker/startService.sh b/ms/neng/src/main/docker/startService.sh index 17f53ce5..be45897f 100644 --- a/ms/neng/src/main/docker/startService.sh +++ b/ms/neng/src/main/docker/startService.sh @@ -28,7 +28,8 @@ APP_ARGS=${APP_ARGS}" -Dpol_env="${POL_ENV} APP_ARGS=${APP_ARGS}" -Dpol_req_id="${POL_REQ_ID} APP_ARGS=${APP_ARGS}" -Daai_cert_pass="${AAI_CERT_PASS} APP_ARGS=${APP_ARGS}" -Daai_cert_path="${AAI_CERT_PATH} -APP_ARGS=${APP_ARGS}" -Daai_uri="${AAI_URI} +APP_ARGS=${APP_ARGS}" -Daai_uri="${AAI_URI} +APP_ARGS=${APP_ARGS}" -Daai_auth="${AAIC_AUTH} APP_ARGS=${APP_ARGS}" -cp /opt/etc/config" echo "APP_ARGS ="${APP_ARGS} diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java index e91ee331..cbc6da5b 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java @@ -46,6 +46,7 @@ public class AaiAuthorizationInterceptor implements ClientHttpRequestInterceptor httpRequest.getHeaders().clear(); httpRequest.getHeaders().add("x-FromAppId", aaiProps.getFromAppId()); httpRequest.getHeaders().add("x-TransactionId", aaiProps.getTransactionId()); + httpRequest.getHeaders().add("Authorization", aaiProps.getBasicAuth()); httpRequest.getHeaders().add("Accept", "application/json"); httpRequest.getHeaders().add("Content-Type", "application/json"); return executionChain.execute(httpRequest, body); diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java index dd831e87..628cd052 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java @@ -35,6 +35,7 @@ public class AaiProps { String fromAppId; String transactionId; String accept; + String basicAuth; /** * The certificate password. @@ -101,4 +102,12 @@ public class AaiProps { public void setAccept(String accept) { this.accept = accept; } + + public String getBasicAuth() { + return basicAuth; + } + + public void setBasicAuth(String basicAuth) { + this.basicAuth = basicAuth; + } } diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java index db8d4429..4dd45725 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,17 +21,14 @@ package org.onap.ccsdk.apps.ms.neng.service.extinf.impl; import com.fasterxml.jackson.databind.ObjectMapper; -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; import java.net.URI; -import java.security.KeyStore; import java.util.logging.Logger; -import javax.net.ssl.SSLContext; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import org.apache.http.client.HttpClient; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.impl.client.HttpClientBuilder; import org.onap.ccsdk.apps.ms.neng.core.exceptions.NengException; import org.onap.ccsdk.apps.ms.neng.core.resource.model.AaiResponse; import org.onap.ccsdk.apps.ms.neng.core.rs.interceptors.AaiAuthorizationInterceptor; @@ -44,7 +41,6 @@ import org.springframework.http.RequestEntity; import org.springframework.http.ResponseEntity; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.stereotype.Service; -import org.springframework.util.ResourceUtils; import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; @@ -53,11 +49,14 @@ import org.springframework.web.client.RestTemplate; */ @Service public class AaiServiceImpl { + private static final Logger log = Logger.getLogger(AaiServiceImpl.class.getName()); - @Autowired AaiProps aaiProps; + @Autowired + AaiProps aaiProps; RestTemplate restTemplate; - @Autowired AaiAuthorizationInterceptor authInt; + @Autowired + AaiAuthorizationInterceptor authInt; @Autowired @Qualifier("aaiRestTempBuilder") @@ -65,24 +64,25 @@ public class AaiServiceImpl { /** * Validates the given network element name against A&AI, using the given URL. - * @param url the URL for A&AI - * @param name a generated network element name - * @return true if the element name is valid + * + * @param url the URL for A&AI + * @param name a generated network element name + * @return true if the element name is valid */ public boolean validate(String url, String name) throws Exception { AaiResponse resp = makeOutboundCall(url, name); return !resp.isRecFound(); } - + public void setAaiRestTempBuilder(RestTemplateBuilder aaiRestTempBuilder) { this.aaiRestTempBuilder = aaiRestTempBuilder; } public void setRestTemplate(RestTemplate restTemplate) { this.restTemplate = restTemplate; - } - + } + AaiResponse makeOutboundCall(String url, String name) throws Exception { String uri = aaiProps.getUriBase() + url + name; log.info("AAI URI - " + uri); @@ -109,33 +109,23 @@ public class AaiServiceImpl { throw new NengException("Error while validating name with AAI"); } } - + AaiResponse buildResponse(boolean found) { AaiResponse aaiResp = new AaiResponse(); aaiResp.setRecFound(found); return aaiResp; } - RestTemplate getRestTemplate() throws Exception { + RestTemplate getRestTemplate() { if (this.restTemplate == null) { - char[] password = aaiProps.getCertPassword().toCharArray(); - KeyStore ks = keyStore(aaiProps.getCert(), password); - SSLContextBuilder builder = SSLContextBuilder.create().loadKeyMaterial(ks, password); - SSLContext sslContext = builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); - HttpClient client = HttpClients.custom().setSSLContext(sslContext).build(); - RestTemplateBuilder restBld = aaiRestTempBuilder.additionalInterceptors(authInt); + System.setProperty("javax.net.ssl.trustStore", aaiProps.getCert()); + System.setProperty("javax.net.ssl.trustStorePassword", aaiProps.getCertPassword()); + RestTemplateBuilder restBld = aaiRestTempBuilder.additionalInterceptors(authInt); + HttpClient client = HttpClientBuilder.create() + .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) + .build(); this.restTemplate = restBld.requestFactory(new HttpComponentsClientHttpRequestFactory(client)).build(); } return this.restTemplate; } - - KeyStore keyStore(String file, char[] password) throws Exception { - KeyStore keyStore = KeyStore.getInstance("PKCS12"); - File key = ResourceUtils.getFile(file); - try (InputStream in = new FileInputStream(key)) { - keyStore.load(in, password); - } - return keyStore; - } - } |