From 9fa7b8cf6018acf37716a8df3f1bafd7c2ea8ac1 Mon Sep 17 00:00:00 2001 From: Alexis de Talhouët Date: Thu, 27 Sep 2018 23:11:31 +0200 Subject: Fix neng communication with AAI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support with Basic Auth Disable hostname validation as k8s service name might not be listed within the cert Add support to trustore client side. Change-Id: I279df2b5e2fadd425fbeb3dc53ff72d8e3dcfe87 Issue-ID: CCSDK-600 Signed-off-by: Alexis de Talhouët --- ms/neng/src/main/docker/startService.sh | 3 +- .../interceptors/AaiAuthorizationInterceptor.java | 1 + .../ccsdk/apps/ms/neng/extinf/props/AaiProps.java | 9 +++ .../neng/service/extinf/impl/AaiServiceImpl.java | 64 +++++++++------------- 4 files changed, 39 insertions(+), 38 deletions(-) (limited to 'ms/neng/src') diff --git a/ms/neng/src/main/docker/startService.sh b/ms/neng/src/main/docker/startService.sh index 17f53ce5..be45897f 100644 --- a/ms/neng/src/main/docker/startService.sh +++ b/ms/neng/src/main/docker/startService.sh @@ -28,7 +28,8 @@ APP_ARGS=${APP_ARGS}" -Dpol_env="${POL_ENV} APP_ARGS=${APP_ARGS}" -Dpol_req_id="${POL_REQ_ID} APP_ARGS=${APP_ARGS}" -Daai_cert_pass="${AAI_CERT_PASS} APP_ARGS=${APP_ARGS}" -Daai_cert_path="${AAI_CERT_PATH} -APP_ARGS=${APP_ARGS}" -Daai_uri="${AAI_URI} +APP_ARGS=${APP_ARGS}" -Daai_uri="${AAI_URI} +APP_ARGS=${APP_ARGS}" -Daai_auth="${AAIC_AUTH} APP_ARGS=${APP_ARGS}" -cp /opt/etc/config" echo "APP_ARGS ="${APP_ARGS} diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java index e91ee331..cbc6da5b 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/core/rs/interceptors/AaiAuthorizationInterceptor.java @@ -46,6 +46,7 @@ public class AaiAuthorizationInterceptor implements ClientHttpRequestInterceptor httpRequest.getHeaders().clear(); httpRequest.getHeaders().add("x-FromAppId", aaiProps.getFromAppId()); httpRequest.getHeaders().add("x-TransactionId", aaiProps.getTransactionId()); + httpRequest.getHeaders().add("Authorization", aaiProps.getBasicAuth()); httpRequest.getHeaders().add("Accept", "application/json"); httpRequest.getHeaders().add("Content-Type", "application/json"); return executionChain.execute(httpRequest, body); diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java index dd831e87..628cd052 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/extinf/props/AaiProps.java @@ -35,6 +35,7 @@ public class AaiProps { String fromAppId; String transactionId; String accept; + String basicAuth; /** * The certificate password. @@ -101,4 +102,12 @@ public class AaiProps { public void setAccept(String accept) { this.accept = accept; } + + public String getBasicAuth() { + return basicAuth; + } + + public void setBasicAuth(String basicAuth) { + this.basicAuth = basicAuth; + } } diff --git a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java index db8d4429..4dd45725 100644 --- a/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java +++ b/ms/neng/src/main/java/org/onap/ccsdk/apps/ms/neng/service/extinf/impl/AaiServiceImpl.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,17 +21,14 @@ package org.onap.ccsdk.apps.ms.neng.service.extinf.impl; import com.fasterxml.jackson.databind.ObjectMapper; -import java.io.File; -import java.io.FileInputStream; -import java.io.InputStream; import java.net.URI; -import java.security.KeyStore; import java.util.logging.Logger; -import javax.net.ssl.SSLContext; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import org.apache.http.client.HttpClient; -import org.apache.http.conn.ssl.TrustSelfSignedStrategy; -import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.apache.http.impl.client.HttpClientBuilder; import org.onap.ccsdk.apps.ms.neng.core.exceptions.NengException; import org.onap.ccsdk.apps.ms.neng.core.resource.model.AaiResponse; import org.onap.ccsdk.apps.ms.neng.core.rs.interceptors.AaiAuthorizationInterceptor; @@ -44,7 +41,6 @@ import org.springframework.http.RequestEntity; import org.springframework.http.ResponseEntity; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.stereotype.Service; -import org.springframework.util.ResourceUtils; import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; @@ -53,11 +49,14 @@ import org.springframework.web.client.RestTemplate; */ @Service public class AaiServiceImpl { + private static final Logger log = Logger.getLogger(AaiServiceImpl.class.getName()); - @Autowired AaiProps aaiProps; + @Autowired + AaiProps aaiProps; RestTemplate restTemplate; - @Autowired AaiAuthorizationInterceptor authInt; + @Autowired + AaiAuthorizationInterceptor authInt; @Autowired @Qualifier("aaiRestTempBuilder") @@ -65,24 +64,25 @@ public class AaiServiceImpl { /** * Validates the given network element name against A&AI, using the given URL. - * @param url the URL for A&AI - * @param name a generated network element name - * @return true if the element name is valid + * + * @param url the URL for A&AI + * @param name a generated network element name + * @return true if the element name is valid */ public boolean validate(String url, String name) throws Exception { AaiResponse resp = makeOutboundCall(url, name); return !resp.isRecFound(); } - + public void setAaiRestTempBuilder(RestTemplateBuilder aaiRestTempBuilder) { this.aaiRestTempBuilder = aaiRestTempBuilder; } public void setRestTemplate(RestTemplate restTemplate) { this.restTemplate = restTemplate; - } - + } + AaiResponse makeOutboundCall(String url, String name) throws Exception { String uri = aaiProps.getUriBase() + url + name; log.info("AAI URI - " + uri); @@ -109,33 +109,23 @@ public class AaiServiceImpl { throw new NengException("Error while validating name with AAI"); } } - + AaiResponse buildResponse(boolean found) { AaiResponse aaiResp = new AaiResponse(); aaiResp.setRecFound(found); return aaiResp; } - RestTemplate getRestTemplate() throws Exception { + RestTemplate getRestTemplate() { if (this.restTemplate == null) { - char[] password = aaiProps.getCertPassword().toCharArray(); - KeyStore ks = keyStore(aaiProps.getCert(), password); - SSLContextBuilder builder = SSLContextBuilder.create().loadKeyMaterial(ks, password); - SSLContext sslContext = builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(); - HttpClient client = HttpClients.custom().setSSLContext(sslContext).build(); - RestTemplateBuilder restBld = aaiRestTempBuilder.additionalInterceptors(authInt); + System.setProperty("javax.net.ssl.trustStore", aaiProps.getCert()); + System.setProperty("javax.net.ssl.trustStorePassword", aaiProps.getCertPassword()); + RestTemplateBuilder restBld = aaiRestTempBuilder.additionalInterceptors(authInt); + HttpClient client = HttpClientBuilder.create() + .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) + .build(); this.restTemplate = restBld.requestFactory(new HttpComponentsClientHttpRequestFactory(client)).build(); } return this.restTemplate; } - - KeyStore keyStore(String file, char[] password) throws Exception { - KeyStore keyStore = KeyStore.getInstance("PKCS12"); - File key = ResourceUtils.getFile(file); - try (InputStream in = new FileInputStream(key)) { - keyStore.load(in, password); - } - return keyStore; - } - } -- cgit 1.2.3-korg