From 65f4a56f694099f7a25d252c264eda1437b85c23 Mon Sep 17 00:00:00 2001
From: Geora Barsky <georab@amdocs.com>
Date: Tue, 6 Nov 2018 22:42:23 -0500
Subject: Adding support to SSL client cert

Issue-ID: LOG-807
Change-Id: I7e3e72467ebd1326f981806e78401b208e5ae525
Signed-off-by: Geora Barsky <georab@amdocs.com>
---
 config/application.properties                      |  7 ++++-
 .../contextbuilder/aai/AAIBasicAuthCondition.java  | 32 ++++++++++++++++++++++
 .../contextbuilder/aai/AAIClientCertCondition.java | 32 ++++++++++++++++++++++
 .../pomba/contextbuilder/aai/AAIConfiguration.java | 29 ++++++++++++++++++--
 4 files changed, 97 insertions(+), 3 deletions(-)
 create mode 100644 src/main/java/org/onap/pomba/contextbuilder/aai/AAIBasicAuthCondition.java
 create mode 100644 src/main/java/org/onap/pomba/contextbuilder/aai/AAIClientCertCondition.java

diff --git a/config/application.properties b/config/application.properties
index dd5a9ac..bb02e75 100644
--- a/config/application.properties
+++ b/config/application.properties
@@ -26,8 +26,13 @@ server.tomcat.max-threads=200
 server.tomcat.min-spare-threads=25
 
 # AAI REST Client Configuration
-aai.serviceName=10.69.100.132
+aai.serviceName=aai.onap
 aai.servicePort=8443
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
 aai.username=AAI
 aai.password=OBF:1gfr1ev31gg7
 aai.httpProtocol=https
diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/AAIBasicAuthCondition.java b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIBasicAuthCondition.java
new file mode 100644
index 0000000..dfadbb4
--- /dev/null
+++ b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIBasicAuthCondition.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.pomba.contextbuilder.aai;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+public class AAIBasicAuthCondition implements Condition {
+
+    @Override
+    public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata)
+    {
+        String authenticionMode = conditionContext.getEnvironment().getProperty("aai.authentication");
+        return authenticionMode.equalsIgnoreCase("basic_auth");
+    }
+}
diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/AAIClientCertCondition.java b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIClientCertCondition.java
new file mode 100644
index 0000000..19b42b1
--- /dev/null
+++ b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIClientCertCondition.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.pomba.contextbuilder.aai;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+public class AAIClientCertCondition implements Condition {
+
+    @Override
+    public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata)
+    {
+        String authenticionMode = conditionContext.getEnvironment().getProperty("aai.authentication");
+        return authenticionMode.equalsIgnoreCase("client_cert");
+    }
+}
diff --git a/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java
index 22f7b5e..3035d1b 100644
--- a/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java
+++ b/src/main/java/org/onap/pomba/contextbuilder/aai/AAIConfiguration.java
@@ -25,6 +25,7 @@ import org.onap.aai.restclient.client.RestClient;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.stereotype.Component;
 
 
@@ -47,7 +48,18 @@ public class AAIConfiguration {
     @Autowired
     @Value("${aai.httpProtocol}")
     private String httpProtocol;
-
+    @Autowired
+    @Value("${aai.authentication}")
+    private String authenticationMode;
+    @Autowired
+    @Value("${aai.trustStorePath}")
+    private String trustStorePath;
+    @Autowired
+    @Value("${aai.keyStorePath}")
+    private String keyStorePath;
+    @Autowired
+    @Value("${aai.keyStorePassword}")
+    private String keyStorePassword;
     @Autowired
     @Value("${aai.connectionTimeout}")
     private Integer connectionTimeout;
@@ -79,14 +91,27 @@ public class AAIConfiguration {
         return ("Basic " + encodedAuth);
     }
 
+    @Conditional(AAIBasicAuthCondition.class)
     @Bean(name="aaiClient")
-    public RestClient restClient() {
+    public RestClient restClientWithBasicAuth() {
+        System.out.println("in basic auth");
         RestClient restClient = new RestClient();
         restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
         restClient.basicAuthUsername(username);
         restClient.basicAuthPassword(Password.deobfuscate(password));
         return restClient;
+    }
 
+    @Conditional(AAIClientCertCondition.class)
+    @Bean(name="aaiClient")
+    public RestClient restClientWithClientCert() {
+        RestClient restClient = new RestClient();
+        System.out.println("in client cert");
+        if (httpProtocol.equals("https"))
+            restClient.validateServerHostname(false).validateServerCertChain(false).trustStore(trustStorePath).clientCertFile(keyStorePath).clientCertPassword(keyStorePassword).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
+        else
+            restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
+        return restClient;
     }
 
     @Bean(name="aaiBaseUrl")
-- 
cgit 1.2.3-korg