Fix neng communication with AAI

Add support with Basic Auth Disable hostname validation as k8s service name might not be listed within the cert Add support to trustore client side. Change-Id: I279df2b5e2fadd425fbeb3dc53ff72d8e3dcfe87 Issue-ID: CCSDK-600 Signed-off-by: Alexis de Talhouët <adetalhouet89@gmail.com>
author: Alexis de Talhouët <adetalhouet89@gmail.com> 2018-09-27 23:11:31 +0200
committer: Alexis de Talhouët <alexis.de_talhouet@bell.ca> 2018-10-03 00:33:07 +0000
commit: 9fa7b8cf6018acf37716a8df3f1bafd7c2ea8ac1 (patch)
tree: 5caf2f80d0e2b23cbbd1e91296faa8392704c81b /ms
parent: 6739059550022e2a2db5ee81d2e42e282e2ebb09 (diff)
5 files changed, 41 insertions, 39 deletions
diff --git a/ms/neng/opt/etc/config/application-live.properties b/ms/neng/opt/etc/config/application-live.properties
index 1af9d48f..7b919afb 100644
--- a/ms/neng/opt/etc/config/application-live.properties
+++ b/ms/neng/opt/etc/config/application-live.properties
@@ -39,5 +39,6 @@ policymgr.ecompRequestId=${pol_req_id}
 #Interface with A&AI
 aai.certPassword=${aai_cert_pass}
 aai.cert=${aai_cert_path}
-aai.uRIBase=${aai_uri}
+aai.basicAuth=Basic ${aai_auth}
+aai.uriBase=${aai_uri}
 aai.fromAppId=namegen-mS
diff --git a/ms/neng/src/main/docker/startService.sh b/ms/neng/src/main/docker/startService.sh
index 17f53ce5..be45897f 100644
--- a/ms/neng/src/main/docker/startService.sh
+++ b/ms/neng/src/main/docker/startService.sh
@@ -28,7 +28,8 @@ APP_ARGS=${APP_ARGS}" -Dpol_env="${POL_ENV}
 APP_ARGS=${APP_ARGS}" -Dpol_req_id="${POL_REQ_ID}
 APP_ARGS=${APP_ARGS}" -Daai_cert_pass="${AAI_CERT_PASS}
 APP_ARGS=${APP_ARGS}" -Daai_cert_path="${AAI_CERT_PATH}
-APP_ARGS=${APP_ARGS}" -Daai_uri="${AAI_URI}            
+APP_ARGS=${APP_ARGS}" -Daai_uri="${AAI_URI}
+APP_ARGS=${APP_ARGS}" -Daai_auth="${AAIC_AUTH}
 APP_ARGS=${APP_ARGS}" -cp /opt/etc/config"
 
 echo "APP_ARGS ="${APP_ARGS}
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java
index e91ee331..cbc6da5b 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java
@@ -46,6 +46,7 @@ public class AaiAuthorizationInterceptor implements ClientHttpRequestInterceptor
         httpRequest.getHeaders().clear();
         httpRequest.getHeaders().add("x-FromAppId", aaiProps.getFromAppId());
         httpRequest.getHeaders().add("x-TransactionId", aaiProps.getTransactionId());
+        httpRequest.getHeaders().add("Authorization", aaiProps.getBasicAuth());
         httpRequest.getHeaders().add("Accept", "application/json");
         httpRequest.getHeaders().add("Content-Type", "application/json");
         return executionChain.execute(httpRequest, body);
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java
index dd831e87..628cd052 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java
@@ -35,6 +35,7 @@ public class AaiProps {
     String fromAppId;
     String transactionId;
     String accept;
+    String basicAuth;
 
     /**
      * The certificate password. 
@@ -101,4 +102,12 @@ public class AaiProps {
     public void setAccept(String accept) {
         this.accept = accept;
     }
+
+    public String getBasicAuth() {
+        return basicAuth;
+    }
+
+    public void setBasicAuth(String basicAuth) {
+        this.basicAuth = basicAuth;
+    }
 }
diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java
index db8d4429..4dd45725 100644
--- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java
+++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,17 +21,14 @@
 package org.onap.ccsdk.apps.ms.neng.service.extinf.impl;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
 import java.net.URI;
-import java.security.KeyStore;
 import java.util.logging.Logger;
-import javax.net.ssl.SSLContext;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
 import org.apache.http.client.HttpClient;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.impl.client.HttpClientBuilder;
 import org.onap.ccsdk.apps.ms.neng.core.exceptions.NengException;
 import org.onap.ccsdk.apps.ms.neng.core.resource.model.AaiResponse;
 import org.onap.ccsdk.apps.ms.neng.core.rs.interceptors.AaiAuthorizationInterceptor;
@@ -44,7 +41,6 @@ import org.springframework.http.RequestEntity;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.stereotype.Service;
-import org.springframework.util.ResourceUtils;
 import org.springframework.web.client.HttpClientErrorException;
 import org.springframework.web.client.RestTemplate;
 
@@ -53,11 +49,14 @@ import org.springframework.web.client.RestTemplate;
  */
 @Service
 public class AaiServiceImpl {
+
     private static final Logger log = Logger.getLogger(AaiServiceImpl.class.getName());
 
-    @Autowired AaiProps aaiProps;
+    @Autowired
+    AaiProps aaiProps;
     RestTemplate restTemplate;
-    @Autowired AaiAuthorizationInterceptor authInt;
+    @Autowired
+    AaiAuthorizationInterceptor authInt;
 
     @Autowired
     @Qualifier("aaiRestTempBuilder")
@@ -65,24 +64,25 @@ public class AaiServiceImpl {
 
     /**
      * Validates the given network element name against A&AI, using the given URL.
-     * @param url   the URL for A&AI
-     * @param name  a generated network element name
-     * @return      true if the element name is valid
+     *
+     * @param url the URL for A&AI
+     * @param name a generated network element name
+     * @return true if the element name is valid
      */
     public boolean validate(String url, String name) throws Exception {
         AaiResponse resp = makeOutboundCall(url, name);
         return !resp.isRecFound();
     }
 
-    
+
     public void setAaiRestTempBuilder(RestTemplateBuilder aaiRestTempBuilder) {
         this.aaiRestTempBuilder = aaiRestTempBuilder;
     }
 
     public void setRestTemplate(RestTemplate restTemplate) {
         this.restTemplate = restTemplate;
-    }    
-    
+    }
+
     AaiResponse makeOutboundCall(String url, String name) throws Exception {
         String uri = aaiProps.getUriBase() + url + name;
         log.info("AAI URI - " + uri);
@@ -109,33 +109,23 @@ public class AaiServiceImpl {
             throw new NengException("Error while validating name with AAI");
         }
     }
-    
+
     AaiResponse buildResponse(boolean found) {
         AaiResponse aaiResp = new AaiResponse();
         aaiResp.setRecFound(found);
         return aaiResp;
     }
 
-    RestTemplate getRestTemplate() throws Exception {
+    RestTemplate getRestTemplate() {
         if (this.restTemplate == null) {
-            char[] password = aaiProps.getCertPassword().toCharArray();
-            KeyStore ks = keyStore(aaiProps.getCert(), password);
-            SSLContextBuilder builder = SSLContextBuilder.create().loadKeyMaterial(ks, password); 
-            SSLContext sslContext = builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();
-            HttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
-            RestTemplateBuilder restBld = aaiRestTempBuilder.additionalInterceptors(authInt); 
+            System.setProperty("javax.net.ssl.trustStore", aaiProps.getCert());
+            System.setProperty("javax.net.ssl.trustStorePassword", aaiProps.getCertPassword());
+            RestTemplateBuilder restBld = aaiRestTempBuilder.additionalInterceptors(authInt);
+            HttpClient client = HttpClientBuilder.create()
+                .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
+                .build();
             this.restTemplate = restBld.requestFactory(new HttpComponentsClientHttpRequestFactory(client)).build();
         }
         return this.restTemplate;
     }
-
-    KeyStore keyStore(String file, char[] password) throws Exception {
-        KeyStore keyStore = KeyStore.getInstance("PKCS12");
-        File key = ResourceUtils.getFile(file);
-        try (InputStream in = new FileInputStream(key)) {
-            keyStore.load(in, password);
-        }
-        return keyStore;
-    }
-    
 }
author	Alexis de Talhouët <adetalhouet89@gmail.com>	2018-09-27 23:11:31 +0200
committer	Alexis de Talhouët <alexis.de_talhouet@bell.ca>	2018-10-03 00:33:07 +0000
commit	9fa7b8cf6018acf37716a8df3f1bafd7c2ea8ac1 (patch)
tree	5caf2f80d0e2b23cbbd1e91296faa8392704c81b /ms
parent	6739059550022e2a2db5ee81d2e42e282e2ebb09 (diff)