From e1c2aab2796783d8543b340af3f5e5749097087f Mon Sep 17 00:00:00 2001 From: "Determe, Sebastien (sd378r)" Date: Fri, 17 Aug 2018 17:41:15 +0200 Subject: Rework AAF classes Rework AAF integration to be more Spring specific + change console log to previous pattern Issue-ID: CLAMP-210 Change-Id: I689269668f64996f2d07491e420062f5ca0ca1db Signed-off-by: Determe, Sebastien (sd378r) --- pom.xml | 13 ++ .../onap/clamp/clds/config/AAFConfiguration.java | 131 +-------------------- .../onap/clamp/clds/config/SSLConfiguration.java | 56 --------- .../onap/clamp/clds/filter/ClampCadiFilter.java | 123 ++++++++++++++----- src/main/resources/application.properties | 16 ++- src/main/resources/logback-default.xml | 8 +- src/main/resources/system.properties | 19 +-- 7 files changed, 130 insertions(+), 236 deletions(-) delete mode 100644 src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java diff --git a/pom.xml b/pom.xml index 0b072f72..712cadf6 100644 --- a/pom.xml +++ b/pom.xml @@ -627,9 +627,22 @@ + src/main/resources true + + clds/aaf/** + + + + src/main/resources + false + + clds/aaf/** + src/main/docker diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java index 93432c9f..13dccdac 100644 --- a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java @@ -22,49 +22,22 @@ */ package org.onap.clamp.clds.config; -import java.util.Properties; - import javax.servlet.Filter; import org.onap.clamp.clds.filter.ClampCadiFilter; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; -@Component @Configuration @Profile("clamp-aaf-authentication") -@ConfigurationProperties(prefix = "clamp.config.cadi") public class AAFConfiguration { - private static final String CADI_KEY_FILE = "cadi_keyfile"; - private static final String CADI_LOG_LEVEL = "cadi_loglevel"; - private static final String LATITUDE = "cadi_latitude"; - private static final String LONGITUDE = "cadi_longitude"; - private static final String LOCATE_URL = "aaf_locate_url"; - private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url"; - private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url"; - private static final String AAF_ENV = "aaf_env"; - private static final String AAF_URL = "aaf_url"; - private static final String X509_ISSUERS = "cadi_x509_issuers"; - - private String keyFile; - private String cadiLoglevel; - private String cadiLatitude; - private String cadiLongitude; - private String aafLocateUrl; - private String oauthTokenUrl; - private String oauthIntrospectUrl; - private String aafEnv; - private String aafUrl; - private String cadiX509Issuers; /** * Method to return clamp cadi filter. - * + * * @return Filter */ @Bean(name = "cadiFilter") @@ -74,7 +47,7 @@ public class AAFConfiguration { /** * Method to register cadi filter. - * + * * @return FilterRegistrationBean */ @Bean @@ -87,104 +60,4 @@ public class AAFConfiguration { registration.setOrder(0); return registration; } - - public String getKeyFile() { - return keyFile; - } - - public void setKeyFile(String keyFile) { - this.keyFile = keyFile; - } - - public String getCadiLoglevel() { - return cadiLoglevel; - } - - public void setCadiLoglevel(String cadiLoglevel) { - this.cadiLoglevel = cadiLoglevel; - } - - public String getCadiLatitude() { - return cadiLatitude; - } - - public void setCadiLatitude(String cadiLatitude) { - this.cadiLatitude = cadiLatitude; - } - - public String getCadiLongitude() { - return cadiLongitude; - } - - public void setCadiLongitude(String cadiLongitude) { - this.cadiLongitude = cadiLongitude; - } - - public String getAafLocateUrl() { - return aafLocateUrl; - } - - public void setAafLocateUrl(String aafLocateUrl) { - this.aafLocateUrl = aafLocateUrl; - } - - public String getOauthTokenUrl() { - return oauthTokenUrl; - } - - public void setOauthTokenUrl(String oauthTokenUrl) { - this.oauthTokenUrl = oauthTokenUrl; - } - - public String getOauthIntrospectUrl() { - return oauthIntrospectUrl; - } - - public void setOauthIntrospectUrl(String oauthIntrospectUrl) { - this.oauthIntrospectUrl = oauthIntrospectUrl; - } - - public String getAafEnv() { - return aafEnv; - } - - public void setAafEnv(String aafEnv) { - this.aafEnv = aafEnv; - } - - public String getAafUrl() { - return aafUrl; - } - - public void setAafUrl(String aafUrl) { - this.aafUrl = aafUrl; - } - - public String getCadiX509Issuers() { - return cadiX509Issuers; - } - - public void setCadiX509Issuers(String cadiX509Issuers) { - this.cadiX509Issuers = cadiX509Issuers; - } - - public Properties getProperties() { - Properties prop = System.getProperties(); - //prop.put("cadi_prop_files", ""); - prop.put(CADI_KEY_FILE, keyFile); - prop.put(CADI_LOG_LEVEL, cadiLoglevel); - prop.put(LATITUDE, cadiLatitude); - prop.put(LONGITUDE, cadiLongitude); - prop.put(LOCATE_URL, aafLocateUrl); - if (oauthTokenUrl != null) { - prop.put(OAUTH_TOKEN_URL, oauthTokenUrl); - } - if (oauthIntrospectUrl != null) { - prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl); - } - prop.put(AAF_ENV, aafEnv); - prop.put(AAF_URL, aafUrl); - prop.put(X509_ISSUERS, cadiX509Issuers); - return prop; - } } \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java deleted file mode 100644 index 6a97f235..00000000 --- a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java +++ /dev/null @@ -1,56 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ -package org.onap.clamp.clds.config; - -import org.springframework.context.annotation.Configuration; - -import javax.annotation.PostConstruct; - -import org.springframework.beans.factory.annotation.Value; - -@Configuration -public class SSLConfiguration { - private static final String TRUST_STORE = "javax.net.ssl.trustStore"; - private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword"; - private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType"; - - @Value("${server.ssl.trust:none}") - private String sslTruststoreFile; - @Value("${server.ssl.trust-password:none}") - private String sslTruststorePw; - @Value("${server.ssl.trust-type:none}") - private String sslTruststoreType; - - @PostConstruct - private void configureSSL() { - if (!sslTruststoreFile.equals("none")) { - System.setProperty(TRUST_STORE, sslTruststoreFile); - } - if (!sslTruststoreType.equals("none")) { - System.setProperty(TRUST_STORE_TYPE, sslTruststoreType); - } - if (!sslTruststorePw.equals("none")) { - System.setProperty(TRUST_STORE_PW, sslTruststorePw); - } - } -} diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java index ed3dcb46..f058a9e6 100644 --- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -22,59 +22,122 @@ */ package org.onap.clamp.clds.filter; -import java.util.Properties; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.StandardCopyOption; import javax.servlet.FilterConfig; import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.CadiFilter; -import org.onap.clamp.clds.config.AAFConfiguration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.ApplicationContext; public class ClampCadiFilter extends CadiFilter { - private static final String CADI_TRUST_STORE = "cadi_truststore"; - private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password"; - private static final String CADI_KEY_STORE = "cadi_keystore"; - private static final String CADI_KEY_STORE_PW = "cadi_keystore_password"; - private static final String ALIAS = "cadi_alias"; + private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class); + + @Autowired + private ApplicationContext appContext; - @Value("${server.ssl.key-store:none}") - private String keyStore; + @Value("${server.ssl.key-store:#{null}}") + private String keyStore; - @Value("${clamp.config.cadi.cadiKeystorePassword:none}") - private String keyStorePass; + @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}") + private String keyStorePass; - @Value("${server.ssl.trust:none}") - private String trustStore; + @Value("${server.ssl.trust-store:#{null}}") + private String trustStore; - @Value("${clamp.config.cadi.cadiTruststorePassword:none}") - private String trustStorePass; + @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}") + private String trustStorePass; @Value("${server.ssl.key-alias:clamp@clamp.onap.org}") - private String alias; + private String alias; - @Autowired - private AAFConfiguration aafConfiguration; + @Value("${clamp.config.cadi.keyFile:#{null}}") + private String keyFile; + + @Value("${clamp.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${clamp.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${clamp.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${clamp.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}") + private String oauthTokenUrl; + + @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}") + private String oauthIntrospectUrl; + + @Value("${clamp.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${clamp.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}") + private String cadiX509Issuers; + + private void checkIfNullProperty(String key, String value) { + /* When value is null, so not defined in application.properties + set nothing in System properties */ + if (value != null) { + /* Ensure that any properties already defined in System.prop by JVM params + won't be overwritten by Spring application.properties values */ + System.setProperty(key, System.getProperty(key, value)); + } + } @Override public void init(FilterConfig filterConfig) throws ServletException { - Properties props = aafConfiguration.getProperties(); - props.setProperty(CADI_KEY_STORE, trimFileName(keyStore)); - props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore)); - props.setProperty(ALIAS, alias); - props.setProperty(CADI_KEY_STORE_PW, keyStorePass); - props.setProperty(CADI_TRUST_STORE_PW, trustStorePass); + // set some properties in System so that Cadi filter will find its config + // The JVM values set will always overwrite the Spring ones. + checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile)); + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl); + checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl); + + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers); + checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore)); + checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore)); + checkIfNullProperty(Config.CADI_ALIAS, alias); + checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass); super.init(filterConfig); } - private String trimFileName (String fileName) { - int index= fileName.indexOf("file:"); - if (index == -1) { - return fileName; - } else { - return fileName.substring(index+5); + private String convertSpringToPath(String fileName) { + try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) { + if (!fileName.contains("file:")) { + File targetFile = new File(appContext.getResource(fileName).getFilename()); + java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + return targetFile.getPath(); + } else { + return appContext.getResource(fileName).getFile().getPath(); + } + } catch (IOException e) { + logger.error("Unable to open and copy the file: " + fileName, e); + return null; } + } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 552efbc7..b5069159 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -55,15 +55,19 @@ info.build.version=@project.version@ ### HTTP (Redirected to HTTPS) and HTTPS Example: ### -------------------------------------------- server.port=8443 -server.ssl.client-auth=want -server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12 +## Config part for Server certificates +# Can be a classpath parameter instead of file:/ +server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 server.ssl.key-store-password=China in the Spring server.ssl.key-password=China in the Spring server.ssl.key-store-type=PKCS12 -server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks -server.ssl.trust-pass=changeit -server.ssl.trust-type=JKS server.ssl.key-alias=clamp@clamp.onap.org + +## Config part for Client certificates +server.ssl.client-auth=need +server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks +server.ssl.trust-store-password=changeit + server.http-to-https-redirection.port=8080 server.servlet.context-path=/ @@ -228,7 +232,7 @@ clamp.config.security.permission.type.template=org.onap.clamp.clds.template clamp.config.security.permission.instance=dev #AAF related parameters -clamp.config.cadi.keyFile=/opt/clamp/config/org.onap.clamp.keyfile +clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile clamp.config.cadi.cadiLoglevel=DEBUG clamp.config.cadi.cadiLatitude=37.78187 clamp.config.cadi.cadiLongitude=-122.26147 diff --git a/src/main/resources/logback-default.xml b/src/main/resources/logback-default.xml index 37cdf763..c2524bec 100644 --- a/src/main/resources/logback-default.xml +++ b/src/main/resources/logback-default.xml @@ -10,18 +10,15 @@ - + - - INFO - ${debugPattern} + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n @@ -180,7 +177,6 @@ - diff --git a/src/main/resources/system.properties b/src/main/resources/system.properties index a24b6202..f95fc700 100644 --- a/src/main/resources/system.properties +++ b/src/main/resources/system.properties @@ -5,22 +5,23 @@ # Copyright (C) 2017-2018 AT&T Intellectual Property. All rights # reserved. # ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END============================================ # =================================================================== -# -### +# +### Static JVM parameters can be set here by the dev team +### These will be loaded at Clamp startup # # JVM SSL/TLS properties -jdk.tls.client.protocols=TLSv1.1,TLSv1.2 +jdk.tls.client.protocols=TLSv1.1,TLSv1.2 https.protocols=TLSv1.1,TLSv1.2 -- cgit 1.2.3-korg