diff options
Diffstat (limited to 'src/main/java/org/onap/dcae/restapi/ServletConfig.java')
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ServletConfig.java | 85 |
1 files changed, 22 insertions, 63 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ServletConfig.java b/src/main/java/org/onap/dcae/restapi/ServletConfig.java index 35616ac1..e68ddcdf 100644 --- a/src/main/java/org/onap/dcae/restapi/ServletConfig.java +++ b/src/main/java/org/onap/dcae/restapi/ServletConfig.java @@ -21,87 +21,46 @@ package org.onap.dcae.restapi; +import java.util.HashMap; +import java.util.Map; import org.onap.dcae.ApplicationException; import org.onap.dcae.ApplicationSettings; -import org.onap.dcae.common.SSLContextCreator; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +import org.onap.dcae.common.configuration.AuthMethod; +import org.onap.dcae.common.configuration.AuthMethodType; +import org.onap.dcae.common.configuration.BasicAuth; +import org.onap.dcae.common.configuration.CertAuth; +import org.onap.dcae.common.configuration.CertBasicAuth; +import org.onap.dcae.common.configuration.NoAuth; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.web.server.Ssl; import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; import org.springframework.stereotype.Component; -import java.io.IOException; -import java.nio.file.Path; -import java.nio.file.Paths; - -import static java.nio.file.Files.readAllBytes; - @Component public class ServletConfig implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> { - private static final Logger log = LoggerFactory.getLogger(ServletConfig.class); - @Autowired private ApplicationSettings properties; @Override public void customize(ConfigurableServletWebServerFactory container) { - final boolean hasClientTlsAuthentication = properties.clientTlsAuthenticationEnabled(); - - if (hasClientTlsAuthentication || properties.authorizationEnabled()) { - container.setSsl(hasClientTlsAuthentication ? httpsContextWithTlsAuthentication() : simpleHttpsContext()); - container.setPort(properties.httpsPort()); - } else { - container.setPort(properties.httpPort()); - } - } - - private SSLContextCreator simpleHttpsContextBuilder() { - log.info("Enabling SSL"); - - final Path keyStore = toAbsolutePath(properties.keystoreFileLocation()); - log.info("Using keyStore path: " + keyStore); - - final Path keyStorePasswordLocation = toAbsolutePath(properties.keystorePasswordFileLocation()); - final String keyStorePassword = getKeyStorePassword(keyStorePasswordLocation); - log.info("Using keyStore password from: " + keyStorePasswordLocation); - - final String alias = properties.keystoreAlias(); - - return SSLContextCreator.create(keyStore, alias, keyStorePassword); - } - - private Ssl simpleHttpsContext() { - return simpleHttpsContextBuilder().build(); - } - - private Ssl httpsContextWithTlsAuthentication() { - final SSLContextCreator sslContextCreator = simpleHttpsContextBuilder(); - - log.info("Enabling TLS client authorization"); - - final Path trustStore = toAbsolutePath(properties.truststoreFileLocation()); - log.info("Using trustStore path: " + trustStore); - - final Path trustPasswordFileLocation = toAbsolutePath(properties.truststorePasswordFileLocation()); - final String trustStorePassword = getKeyStorePassword(trustPasswordFileLocation); - log.info("Using trustStore password from: " + trustPasswordFileLocation); - - return sslContextCreator.withTlsClientAuthentication(trustStore, trustStorePassword).build(); + provideAuthConfigurations(container).getOrDefault(properties.authMethod(), + notSupportedOperation()).configure(); } - private Path toAbsolutePath(final String path) { - return Paths.get(path).toAbsolutePath(); + private Map<String, AuthMethod> provideAuthConfigurations(ConfigurableServletWebServerFactory container) { + Map<String, AuthMethod> authMethods = new HashMap<>(); + authMethods.put(AuthMethodType.CERT_ONLY.value(), new CertAuth(container, properties)); + authMethods.put(AuthMethodType.BASIC_AUTH.value(), new BasicAuth(container, properties)); + authMethods.put(AuthMethodType.CERT_BASIC_AUTH.value(), new CertBasicAuth(container, properties)); + authMethods.put(AuthMethodType.NO_AUTH.value(), new NoAuth(container, properties)); + return authMethods; } - private String getKeyStorePassword(final Path location) { - try { - return new String(readAllBytes(location)); - } catch (IOException e) { - log.error("Could not read keystore password from: '" + location + "'.", e); - throw new ApplicationException(e); - } + private AuthMethod notSupportedOperation() { + return () -> { + throw new ApplicationException( + "Provided auth method not allowed: " + properties.authMethod()); + }; } }
\ No newline at end of file |