aboutsummaryrefslogtreecommitdiffstats
path: root/runtime/src/main/java/org/onap/policy/clamp/clds/filter/ClampCadiFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'runtime/src/main/java/org/onap/policy/clamp/clds/filter/ClampCadiFilter.java')
-rw-r--r--runtime/src/main/java/org/onap/policy/clamp/clds/filter/ClampCadiFilter.java190
1 files changed, 190 insertions, 0 deletions
diff --git a/runtime/src/main/java/org/onap/policy/clamp/clds/filter/ClampCadiFilter.java b/runtime/src/main/java/org/onap/policy/clamp/clds/filter/ClampCadiFilter.java
new file mode 100644
index 000000000..6fa8ecb2b
--- /dev/null
+++ b/runtime/src/main/java/org/onap/policy/clamp/clds/filter/ClampCadiFilter.java
@@ -0,0 +1,190 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+
+package org.onap.policy.clamp.clds.filter;
+
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.StandardCopyOption;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.policy.clamp.clds.util.ResourceFileUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.ApplicationContext;
+
+public class ClampCadiFilter extends CadiFilter {
+ private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class);
+
+ @Autowired
+ private ApplicationContext appContext;
+
+ @Value("${server.ssl.key-store:#{null}}")
+ private String keyStore;
+
+ @Value("${server.ssl.key-store-password:#{null}}")
+ private String keyStorePass;
+
+ @Value("${server.ssl.trust-store:#{null}}")
+ private String trustStore;
+
+ @Value("${server.ssl.trust-store-password:#{null}}")
+ private String trustStorePass;
+
+ @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
+ private String alias;
+
+ @Value("${clamp.config.keyFile:#{null}}")
+ private String keyFile;
+
+ @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${clamp.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${clamp.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${clamp.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}")
+ private String oauthTokenUrl;
+
+ @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}")
+ private String oauthIntrospectUrl;
+
+ @Value("${clamp.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${clamp.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
+ private String cadiX509Issuers;
+
+ @Value("${clamp.config.caCerts:#{null}}")
+ private String caCertsPath;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, so not defined in application.properties set nothing in
+ * System properties
+ */
+ if (value != null) {
+ /*
+ * Ensure that any properties already defined in System.prop by JVM params won't
+ * be overwritten by Spring application.properties values
+ */
+ System.setProperty(key, System.getProperty(key, value));
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ // set some properties in System so that Cadi filter will find its config
+ // The JVM values set will always overwrite the Spring ones.
+ checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile));
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl);
+ checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl);
+
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers);
+ checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore));
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore));
+ checkIfNullProperty(Config.CADI_ALIAS, alias);
+ checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass);
+
+ super.init(filterConfig);
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+ try {
+ String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
+ if (certHeader != null) {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) certificateFactory
+ .generateCertificate(new ByteArrayInputStream(
+ URLDecoder.decode(certHeader, StandardCharsets.UTF_8.toString()).getBytes()));
+ X509Certificate caCert = (X509Certificate) certificateFactory
+ .generateCertificate(new ByteArrayInputStream(
+ ResourceFileUtils.getResourceAsString(this.caCertsPath).getBytes()));
+
+ X509Certificate[] certifArray = ((X509Certificate[]) request
+ .getAttribute("javax.servlet.request.X509Certificate"));
+ if (certifArray == null) {
+ certifArray = new X509Certificate[] { cert, caCert };
+ request.setAttribute("javax.servlet.request.X509Certificate", certifArray);
+ } else {
+ certifArray[0] = cert;
+ certifArray[1] = caCert;
+ }
+ }
+
+ } catch (CertificateException e) {
+ logger.error("Unable to inject the X.509 certificate", e);
+ }
+ super.doFilter(request, response, chain);
+ }
+
+ private String convertSpringToPath(String fileName) {
+ try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
+ if (!fileName.contains("file:")) {
+ File targetFile = new File(appContext.getResource(fileName).getFilename());
+ java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+ return targetFile.getPath();
+ } else {
+ return appContext.getResource(fileName).getFile().getPath();
+ }
+ } catch (IOException e) {
+ logger.error("Unable to open and copy the file: " + fileName, e);
+ return null;
+ }
+
+ }
+}