diff options
author | sebdet <sebastien.determe@intl.att.com> | 2019-10-03 15:40:19 +0200 |
---|---|---|
committer | Sébastien Determe <sebastien.determe@intl.att.com> | 2019-10-03 13:52:43 +0000 |
commit | 3ef3b8ea5f14ec3263decd7c6144b46bc9ad12af (patch) | |
tree | ff74e58ac93a6e1e73bb318d2a82da4d5c53fd6c | |
parent | 69d3050d0df38218b152a3baf33ccbaa36ac4444 (diff) |
Add X.509 Injection
Add X.509 injection in the Cadi filter so that the NGinx reverse proxy
can forward the certificate that AAF needs
Issue-ID: CLAMP-519
Change-Id: I0af8ec795fb61510647d2019f3f6f8f664032f5c
Signed-off-by: sebdet <sebastien.determe@intl.att.com>
-rw-r--r-- | src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java index 586899a1..3a939422 100644 --- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -26,13 +26,21 @@ package org.onap.clamp.clds.filter; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.nio.file.StandardCopyOption; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.CadiFilter; @@ -92,11 +100,15 @@ public class ClampCadiFilter extends CadiFilter { private String cadiX509Issuers; private void checkIfNullProperty(String key, String value) { - /* When value is null, so not defined in application.properties - set nothing in System properties */ + /* + * When value is null, so not defined in application.properties set nothing in + * System properties + */ if (value != null) { - /* Ensure that any properties already defined in System.prop by JVM params - won't be overwritten by Spring application.properties values */ + /* + * Ensure that any properties already defined in System.prop by JVM params won't + * be overwritten by Spring application.properties values + */ System.setProperty(key, System.getProperty(key, value)); } } @@ -126,6 +138,25 @@ public class ClampCadiFilter extends CadiFilter { super.init(filterConfig); } + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + try { + String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert"); + if (certHeader != null) { + + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate) certificateFactory + .generateCertificate(new ByteArrayInputStream(certHeader.getBytes())); + request.setAttribute("javax.servlet.request.X509Certificate", cert); + + } + } catch (CertificateException e) { + logger.error("Unable to inject the X.509 certificate", e); + } + super.doFilter(request, response, chain); + } + private String convertSpringToPath(String fileName) { try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) { if (!fileName.contains("file:")) { |