Adding client cert SSL support for AAI Rest client

Change-Id: I6fd32c777d610c3f4e222fa0c55552968342b43a Issue-ID: LOG-808 Signed-off-by: Geora Basky <georab@amdocs.com>
author: Geora Basky <georab@amdocs.com> 2018-11-13 16:13:31 -0500
committer: Geora Basky <georab@amdocs.com> 2018-11-13 16:19:34 -0500
commit: 794fe767942bbdc3f21c46fa2da841817106105b (patch)
tree: 8e666156d30dac1c292bcdea255f2a4cbd7a3bdd
parent: 46116d2c304dc3df4de06cee353da52daa9ce8ab (diff)
4 files changed, 96 insertions, 1 deletions
diff --git a/config/application.properties b/config/application.properties
index 6084aa0..b37456a 100644
--- a/config/application.properties
+++ b/config/application.properties
@@ -38,6 +38,10 @@ aai.servicePort=9507
 aai.username=AAI
 aai.password=OBF:1gfr1ev31gg7
 aai.httpProtocol=https
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
 aai.connectionTimeout=5000
 aai.readTimeout=1000
 
diff --git a/src/main/java/org/onap/pomba/contextbuilder/sdnc/AAIBasicAuthCondition.java b/src/main/java/org/onap/pomba/contextbuilder/sdnc/AAIBasicAuthCondition.java
new file mode 100644
index 0000000..29f3291
--- /dev/null
+++ b/src/main/java/org/onap/pomba/contextbuilder/sdnc/AAIBasicAuthCondition.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.pomba.contextbuilder.sdnc;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+public class AAIBasicAuthCondition implements Condition {
+
+    @Override
+    public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata)
+    {
+        String authenticionMode = conditionContext.getEnvironment().getProperty("aai.authentication");
+        return authenticionMode.equalsIgnoreCase("basic_auth");
+    }
+}
diff --git a/src/main/java/org/onap/pomba/contextbuilder/sdnc/AAIClientCertCondition.java b/src/main/java/org/onap/pomba/contextbuilder/sdnc/AAIClientCertCondition.java
new file mode 100644
index 0000000..113ba31
--- /dev/null
+++ b/src/main/java/org/onap/pomba/contextbuilder/sdnc/AAIClientCertCondition.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.pomba.contextbuilder.sdnc;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+public class AAIClientCertCondition implements Condition {
+
+    @Override
+    public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata)
+    {
+        String authenticionMode = conditionContext.getEnvironment().getProperty("aai.authentication");
+        return authenticionMode.equalsIgnoreCase("client_cert");
+    }
+}
diff --git a/src/main/java/org/onap/pomba/contextbuilder/sdnc/SdncConfiguration.java b/src/main/java/org/onap/pomba/contextbuilder/sdnc/SdncConfiguration.java
index bc2ca64..7317143 100644
--- a/src/main/java/org/onap/pomba/contextbuilder/sdnc/SdncConfiguration.java
+++ b/src/main/java/org/onap/pomba/contextbuilder/sdnc/SdncConfiguration.java
@@ -22,8 +22,10 @@ import java.util.Base64;
 import javax.ws.rs.ApplicationPath;
 import org.eclipse.jetty.util.security.Password;
 import org.onap.aai.restclient.client.RestClient;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.stereotype.Component;
 
 @Component
@@ -72,6 +74,18 @@ public class SdncConfiguration {
     @Value("${aai.httpProtocol}")
     private String aaiHttpProtocol;
 
+    @Value("${aai.authentication}")
+    private String authenticationMode;
+
+    @Value("${aai.trustStorePath}")
+    private String trustStorePath;
+
+    @Value("${aai.keyStorePath}")
+    private String keyStorePath;
+
+    @Value("${aai.keyStorePassword}")
+    private String keyStorePassword;
+
     @Value("${aai.connectionTimeout}")
     private Integer aaiConnectionTimeout;
 
@@ -131,8 +145,9 @@ public class SdncConfiguration {
         return (BASIC + encodedAuth);
     }
 
+    @Conditional(AAIBasicAuthCondition.class)
     @Bean(name="aaiClient")
-    public RestClient restClient() {
+    public RestClient restClientWithBasicAuth() {
         RestClient restClient = new RestClient();
         restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(aaiConnectionTimeout).readTimeoutMs(aaiReadTimeout);
         restClient.basicAuthUsername(aaiUsername);
@@ -140,6 +155,18 @@ public class SdncConfiguration {
         return restClient;
     }
 
+    @Conditional(AAIClientCertCondition.class)
+    @Bean(name="aaiClient")
+    public RestClient restClientWithClientCert() {
+        RestClient restClient = new RestClient();
+        System.out.println("in client cert");
+        if (httpProtocol.equals("https"))
+            restClient.validateServerHostname(false).validateServerCertChain(false).trustStore(trustStorePath).clientCertFile(keyStorePath).clientCertPassword(keyStorePassword).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
+        else
+            restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
+        return restClient;
+    }
+
     @Bean(name="aaiBaseUrl")
     public String getAaiURL() {
         return httpProtocol + "://" + aaiHost + ":" + aaiPort;
author	Geora Basky <georab@amdocs.com>	2018-11-13 16:13:31 -0500
committer	Geora Basky <georab@amdocs.com>	2018-11-13 16:19:34 -0500
commit	794fe767942bbdc3f21c46fa2da841817106105b (patch)
tree	8e666156d30dac1c292bcdea255f2a4cbd7a3bdd
parent	46116d2c304dc3df4de06cee353da52daa9ce8ab (diff)