aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsebdet <sebastien.determe@intl.att.com>2019-10-03 15:40:19 +0200
committerSébastien Determe <sebastien.determe@intl.att.com>2019-10-03 13:52:43 +0000
commit3ef3b8ea5f14ec3263decd7c6144b46bc9ad12af (patch)
treeff74e58ac93a6e1e73bb318d2a82da4d5c53fd6c
parent69d3050d0df38218b152a3baf33ccbaa36ac4444 (diff)
Add X.509 Injection
Add X.509 injection in the Cadi filter so that the NGinx reverse proxy can forward the certificate that AAF needs Issue-ID: CLAMP-519 Change-Id: I0af8ec795fb61510647d2019f3f6f8f664032f5c Signed-off-by: sebdet <sebastien.determe@intl.att.com>
-rw-r--r--src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java39
1 files changed, 35 insertions, 4 deletions
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
index 586899a13..3a9394227 100644
--- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
@@ -26,13 +26,21 @@ package org.onap.clamp.clds.filter;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.StandardCopyOption;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.filter.CadiFilter;
@@ -92,11 +100,15 @@ public class ClampCadiFilter extends CadiFilter {
private String cadiX509Issuers;
private void checkIfNullProperty(String key, String value) {
- /* When value is null, so not defined in application.properties
- set nothing in System properties */
+ /*
+ * When value is null, so not defined in application.properties set nothing in
+ * System properties
+ */
if (value != null) {
- /* Ensure that any properties already defined in System.prop by JVM params
- won't be overwritten by Spring application.properties values */
+ /*
+ * Ensure that any properties already defined in System.prop by JVM params won't
+ * be overwritten by Spring application.properties values
+ */
System.setProperty(key, System.getProperty(key, value));
}
}
@@ -126,6 +138,25 @@ public class ClampCadiFilter extends CadiFilter {
super.init(filterConfig);
}
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ try {
+ String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
+ if (certHeader != null) {
+
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) certificateFactory
+ .generateCertificate(new ByteArrayInputStream(certHeader.getBytes()));
+ request.setAttribute("javax.servlet.request.X509Certificate", cert);
+
+ }
+ } catch (CertificateException e) {
+ logger.error("Unable to inject the X.509 certificate", e);
+ }
+ super.doFilter(request, response, chain);
+ }
+
private String convertSpringToPath(String fileName) {
try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
if (!fileName.contains("file:")) {