diff options
author | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2019-03-05 11:31:48 +0100 |
---|---|---|
committer | Zlatko Murgoski <zlatko.murgoski@nokia.com> | 2019-03-15 20:06:59 +0100 |
commit | 0f2c2039cd9d9b26482fc7488ae1bdf99f2544f5 (patch) | |
tree | 77bf8a43c44e5bb5ad991324f806b990f67edcee /src/main/java/org/onap/dcae/restapi/ServletConfig.java | |
parent | 4b8692b6fed457a9d194557abe681832fad4f576 (diff) |
Collector authentication enhancement
Collector authentication enhancement
Change-Id: I03a05cb83dd8c498fb218e82e9b3958348fbb4ac
Issue-ID: DCAEGEN2-1101
Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'src/main/java/org/onap/dcae/restapi/ServletConfig.java')
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ServletConfig.java | 112 |
1 files changed, 22 insertions, 90 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ServletConfig.java b/src/main/java/org/onap/dcae/restapi/ServletConfig.java index e66f3f1f..e68ddcdf 100644 --- a/src/main/java/org/onap/dcae/restapi/ServletConfig.java +++ b/src/main/java/org/onap/dcae/restapi/ServletConfig.java @@ -21,23 +21,17 @@ package org.onap.dcae.restapi; -import static java.nio.file.Files.readAllBytes; - -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.security.KeyStoreException; +import java.util.HashMap; +import java.util.Map; import org.onap.dcae.ApplicationException; import org.onap.dcae.ApplicationSettings; -import org.onap.dcae.common.SSLContextCreator; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.onap.dcae.common.configuration.AuthMethod; +import org.onap.dcae.common.configuration.AuthMethodType; +import org.onap.dcae.common.configuration.BasicAuth; +import org.onap.dcae.common.configuration.CertAuth; +import org.onap.dcae.common.configuration.CertBasicAuth; +import org.onap.dcae.common.configuration.NoAuth; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.web.server.Ssl; import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; import org.springframework.stereotype.Component; @@ -45,90 +39,28 @@ import org.springframework.stereotype.Component; @Component public class ServletConfig implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> { - private static final Logger log = LoggerFactory.getLogger(ServletConfig.class); - @Autowired private ApplicationSettings properties; @Override public void customize(ConfigurableServletWebServerFactory container) { - final boolean hasClientTlsAuthentication = properties.clientTlsAuthenticationEnabled(); - if (hasClientTlsAuthentication || properties.authorizationEnabled()) { - container.setSsl(hasClientTlsAuthentication ? httpsContextWithTlsAuthentication() : simpleHttpsContext()); - int port = properties.httpsPort(); - container.setPort(port); - log.info("Application https port: " + port); - } else { - int port = properties.httpPort(); - container.setPort(port); - log.info("Application http port: " + port); - } - - } - - private SSLContextCreator simpleHttpsContextBuilder() { - log.info("Enabling SSL"); - - final Path keyStorePath = toAbsolutePath(properties.keystoreFileLocation()); - log.info("Using keyStore path: " + keyStorePath); - - final Path keyStorePasswordLocation = toAbsolutePath(properties.keystorePasswordFileLocation()); - final String keyStorePassword = getKeyStorePassword(keyStorePasswordLocation); - log.info("Using keyStore password from: " + keyStorePasswordLocation); - return SSLContextCreator.create(keyStorePath, getKeyStoreAlias(keyStorePath, keyStorePassword), keyStorePassword); - } - - private String getKeyStoreAlias(Path keyStorePath, String keyStorePassword) { - KeyStore keyStore = getKeyStore(); - try(InputStream keyStoreData = new FileInputStream(keyStorePath.toString())){ - keyStore.load(keyStoreData, keyStorePassword.toCharArray()); - String alias = keyStore.aliases().nextElement(); - log.info("Actual key store alias is: " + alias); - return alias; - } catch (IOException | GeneralSecurityException ex) { - log.error("Cannot load Key Store alias cause: " + ex); - throw new ApplicationException(ex); - } - } - - private KeyStore getKeyStore() { - try { - return KeyStore.getInstance(KeyStore.getDefaultType()); - } catch (KeyStoreException ex) { - log.error("Cannot create Key Store instance cause: " + ex); - throw new ApplicationException(ex); - } - } - - private Ssl simpleHttpsContext() { - return simpleHttpsContextBuilder().build(); - } - - private Ssl httpsContextWithTlsAuthentication() { - final SSLContextCreator sslContextCreator = simpleHttpsContextBuilder(); - - log.info("Enabling TLS client authorization"); - - final Path trustStore = toAbsolutePath(properties.truststoreFileLocation()); - log.info("Using trustStore path: " + trustStore); - - final Path trustPasswordFileLocation = toAbsolutePath(properties.truststorePasswordFileLocation()); - final String trustStorePassword = getKeyStorePassword(trustPasswordFileLocation); - log.info("Using trustStore password from: " + trustPasswordFileLocation); - - return sslContextCreator.withTlsClientAuthentication(trustStore, trustStorePassword).build(); + provideAuthConfigurations(container).getOrDefault(properties.authMethod(), + notSupportedOperation()).configure(); } - private Path toAbsolutePath(final String path) { - return Paths.get(path).toAbsolutePath(); + private Map<String, AuthMethod> provideAuthConfigurations(ConfigurableServletWebServerFactory container) { + Map<String, AuthMethod> authMethods = new HashMap<>(); + authMethods.put(AuthMethodType.CERT_ONLY.value(), new CertAuth(container, properties)); + authMethods.put(AuthMethodType.BASIC_AUTH.value(), new BasicAuth(container, properties)); + authMethods.put(AuthMethodType.CERT_BASIC_AUTH.value(), new CertBasicAuth(container, properties)); + authMethods.put(AuthMethodType.NO_AUTH.value(), new NoAuth(container, properties)); + return authMethods; } - private String getKeyStorePassword(final Path location) { - try { - return new String(readAllBytes(location)); - } catch (IOException e) { - log.error("Could not read keystore password from: '" + location + "'.", e); - throw new ApplicationException(e); - } + private AuthMethod notSupportedOperation() { + return () -> { + throw new ApplicationException( + "Provided auth method not allowed: " + properties.authMethod()); + }; } }
\ No newline at end of file |