diff options
Diffstat (limited to 'src/main/java/org/onap/dcae/restapi/ServletConfig.java')
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ServletConfig.java | 56 |
1 files changed, 42 insertions, 14 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ServletConfig.java b/src/main/java/org/onap/dcae/restapi/ServletConfig.java index 871904c6..49455e54 100644 --- a/src/main/java/org/onap/dcae/restapi/ServletConfig.java +++ b/src/main/java/org/onap/dcae/restapi/ServletConfig.java @@ -22,6 +22,7 @@ package org.onap.dcae.restapi; import org.onap.dcae.ApplicationSettings; +import org.onap.dcae.commonFunction.SSLContextCreator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -31,6 +32,7 @@ import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerF import org.springframework.stereotype.Component; import java.io.IOException; +import java.nio.file.Path; import java.nio.file.Paths; import static java.nio.file.Files.readAllBytes; @@ -45,31 +47,57 @@ public class ServletConfig implements WebServerFactoryCustomizer<ConfigurableSer @Override public void customize(ConfigurableServletWebServerFactory container) { - if (properties.authorizationEnabled()) { - container.setSsl(createSSL()); + final boolean hasClientTlsAuthentication = properties.clientTlsAuthenticationEnabled(); + + if (hasClientTlsAuthentication || properties.authorizationEnabled()) { + container.setSsl(hasClientTlsAuthentication ? httpsContextWithTlsAuthentication() : simpleHttpsContext()); container.setPort(properties.httpsPort()); } else { container.setPort(properties.httpPort()); } } - private Ssl createSSL() { + private SSLContextCreator simpleHttpsContextBuilder() { log.info("Enabling SSL"); - Ssl ssl = new Ssl(); - ssl.setEnabled(true); - String keyStore = Paths.get(properties.keystoreFileLocation()).toAbsolutePath().toString(); + + final Path keyStore = toAbsolutePath(properties.keystoreFileLocation()); log.info("Using keyStore path: " + keyStore); - ssl.setKeyStore(keyStore); - String keyPasswordFileLocation = Paths.get(properties.keystorePasswordFileLocation()).toAbsolutePath().toString(); - log.info("Using keyStore password from: " + keyPasswordFileLocation); - ssl.setKeyPassword(getKeyStorePassword(keyPasswordFileLocation)); - ssl.setKeyAlias(properties.keystoreAlias()); - return ssl; + + final Path keyStorePasswordLocation = toAbsolutePath(properties.keystorePasswordFileLocation()); + final String keyStorePassword = getKeyStorePassword(keyStorePasswordLocation); + log.info("Using keyStore password from: " + keyStorePasswordLocation); + + final String alias = properties.keystoreAlias(); + + return SSLContextCreator.create(keyStore, alias, keyStorePassword); + } + + private Ssl simpleHttpsContext() { + return simpleHttpsContextBuilder().build(); + } + + private Ssl httpsContextWithTlsAuthentication() { + final SSLContextCreator sslContextCreator = simpleHttpsContextBuilder(); + + log.info("Enabling TLS client authorization"); + + final Path trustStore = toAbsolutePath(properties.truststoreFileLocation()); + log.info("Using trustStore path: " + trustStore); + + final Path trustPasswordFileLocation = toAbsolutePath(properties.truststorePasswordFileLocation()); + final String trustStorePassword = getKeyStorePassword(trustPasswordFileLocation); + log.info("Using trustStore password from: " + trustPasswordFileLocation); + + return sslContextCreator.withTlsClientAuthentication(trustStore, trustStorePassword).build(); + } + + private Path toAbsolutePath(final String path) { + return Paths.get(path).toAbsolutePath(); } - private String getKeyStorePassword(String location) { + private String getKeyStorePassword(final Path location) { try { - return new String(readAllBytes(Paths.get(location))); + return new String(readAllBytes(location)); } catch (IOException e) { log.error("Could not read keystore password from: '" + location + "'.", e); throw new RuntimeException(e); |