diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java | 131 | ||||
-rw-r--r-- | src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java | 56 | ||||
-rw-r--r-- | src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java | 123 | ||||
-rw-r--r-- | src/main/resources/application.properties | 16 | ||||
-rw-r--r-- | src/main/resources/logback-default.xml | 8 | ||||
-rw-r--r-- | src/main/resources/system.properties | 19 |
6 files changed, 117 insertions, 236 deletions
diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java index 93432c9f2..13dccdacb 100644 --- a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java @@ -22,49 +22,22 @@ */ package org.onap.clamp.clds.config; -import java.util.Properties; - import javax.servlet.Filter; import org.onap.clamp.clds.filter.ClampCadiFilter; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; -@Component @Configuration @Profile("clamp-aaf-authentication") -@ConfigurationProperties(prefix = "clamp.config.cadi") public class AAFConfiguration { - private static final String CADI_KEY_FILE = "cadi_keyfile"; - private static final String CADI_LOG_LEVEL = "cadi_loglevel"; - private static final String LATITUDE = "cadi_latitude"; - private static final String LONGITUDE = "cadi_longitude"; - private static final String LOCATE_URL = "aaf_locate_url"; - private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url"; - private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url"; - private static final String AAF_ENV = "aaf_env"; - private static final String AAF_URL = "aaf_url"; - private static final String X509_ISSUERS = "cadi_x509_issuers"; - - private String keyFile; - private String cadiLoglevel; - private String cadiLatitude; - private String cadiLongitude; - private String aafLocateUrl; - private String oauthTokenUrl; - private String oauthIntrospectUrl; - private String aafEnv; - private String aafUrl; - private String cadiX509Issuers; /** * Method to return clamp cadi filter. - * + * * @return Filter */ @Bean(name = "cadiFilter") @@ -74,7 +47,7 @@ public class AAFConfiguration { /** * Method to register cadi filter. - * + * * @return FilterRegistrationBean */ @Bean @@ -87,104 +60,4 @@ public class AAFConfiguration { registration.setOrder(0); return registration; } - - public String getKeyFile() { - return keyFile; - } - - public void setKeyFile(String keyFile) { - this.keyFile = keyFile; - } - - public String getCadiLoglevel() { - return cadiLoglevel; - } - - public void setCadiLoglevel(String cadiLoglevel) { - this.cadiLoglevel = cadiLoglevel; - } - - public String getCadiLatitude() { - return cadiLatitude; - } - - public void setCadiLatitude(String cadiLatitude) { - this.cadiLatitude = cadiLatitude; - } - - public String getCadiLongitude() { - return cadiLongitude; - } - - public void setCadiLongitude(String cadiLongitude) { - this.cadiLongitude = cadiLongitude; - } - - public String getAafLocateUrl() { - return aafLocateUrl; - } - - public void setAafLocateUrl(String aafLocateUrl) { - this.aafLocateUrl = aafLocateUrl; - } - - public String getOauthTokenUrl() { - return oauthTokenUrl; - } - - public void setOauthTokenUrl(String oauthTokenUrl) { - this.oauthTokenUrl = oauthTokenUrl; - } - - public String getOauthIntrospectUrl() { - return oauthIntrospectUrl; - } - - public void setOauthIntrospectUrl(String oauthIntrospectUrl) { - this.oauthIntrospectUrl = oauthIntrospectUrl; - } - - public String getAafEnv() { - return aafEnv; - } - - public void setAafEnv(String aafEnv) { - this.aafEnv = aafEnv; - } - - public String getAafUrl() { - return aafUrl; - } - - public void setAafUrl(String aafUrl) { - this.aafUrl = aafUrl; - } - - public String getCadiX509Issuers() { - return cadiX509Issuers; - } - - public void setCadiX509Issuers(String cadiX509Issuers) { - this.cadiX509Issuers = cadiX509Issuers; - } - - public Properties getProperties() { - Properties prop = System.getProperties(); - //prop.put("cadi_prop_files", ""); - prop.put(CADI_KEY_FILE, keyFile); - prop.put(CADI_LOG_LEVEL, cadiLoglevel); - prop.put(LATITUDE, cadiLatitude); - prop.put(LONGITUDE, cadiLongitude); - prop.put(LOCATE_URL, aafLocateUrl); - if (oauthTokenUrl != null) { - prop.put(OAUTH_TOKEN_URL, oauthTokenUrl); - } - if (oauthIntrospectUrl != null) { - prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl); - } - prop.put(AAF_ENV, aafEnv); - prop.put(AAF_URL, aafUrl); - prop.put(X509_ISSUERS, cadiX509Issuers); - return prop; - } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java deleted file mode 100644 index 6a97f2356..000000000 --- a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java +++ /dev/null @@ -1,56 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ -package org.onap.clamp.clds.config; - -import org.springframework.context.annotation.Configuration; - -import javax.annotation.PostConstruct; - -import org.springframework.beans.factory.annotation.Value; - -@Configuration -public class SSLConfiguration { - private static final String TRUST_STORE = "javax.net.ssl.trustStore"; - private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword"; - private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType"; - - @Value("${server.ssl.trust:none}") - private String sslTruststoreFile; - @Value("${server.ssl.trust-password:none}") - private String sslTruststorePw; - @Value("${server.ssl.trust-type:none}") - private String sslTruststoreType; - - @PostConstruct - private void configureSSL() { - if (!sslTruststoreFile.equals("none")) { - System.setProperty(TRUST_STORE, sslTruststoreFile); - } - if (!sslTruststoreType.equals("none")) { - System.setProperty(TRUST_STORE_TYPE, sslTruststoreType); - } - if (!sslTruststorePw.equals("none")) { - System.setProperty(TRUST_STORE_PW, sslTruststorePw); - } - } -} diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java index ed3dcb46a..f058a9e6a 100644 --- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -22,59 +22,122 @@ */ package org.onap.clamp.clds.filter; -import java.util.Properties; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.StandardCopyOption; import javax.servlet.FilterConfig; import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.CadiFilter; -import org.onap.clamp.clds.config.AAFConfiguration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.ApplicationContext; public class ClampCadiFilter extends CadiFilter { - private static final String CADI_TRUST_STORE = "cadi_truststore"; - private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password"; - private static final String CADI_KEY_STORE = "cadi_keystore"; - private static final String CADI_KEY_STORE_PW = "cadi_keystore_password"; - private static final String ALIAS = "cadi_alias"; + private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class); + + @Autowired + private ApplicationContext appContext; - @Value("${server.ssl.key-store:none}") - private String keyStore; + @Value("${server.ssl.key-store:#{null}}") + private String keyStore; - @Value("${clamp.config.cadi.cadiKeystorePassword:none}") - private String keyStorePass; + @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}") + private String keyStorePass; - @Value("${server.ssl.trust:none}") - private String trustStore; + @Value("${server.ssl.trust-store:#{null}}") + private String trustStore; - @Value("${clamp.config.cadi.cadiTruststorePassword:none}") - private String trustStorePass; + @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}") + private String trustStorePass; @Value("${server.ssl.key-alias:clamp@clamp.onap.org}") - private String alias; + private String alias; - @Autowired - private AAFConfiguration aafConfiguration; + @Value("${clamp.config.cadi.keyFile:#{null}}") + private String keyFile; + + @Value("${clamp.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${clamp.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${clamp.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${clamp.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}") + private String oauthTokenUrl; + + @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}") + private String oauthIntrospectUrl; + + @Value("${clamp.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${clamp.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}") + private String cadiX509Issuers; + + private void checkIfNullProperty(String key, String value) { + /* When value is null, so not defined in application.properties + set nothing in System properties */ + if (value != null) { + /* Ensure that any properties already defined in System.prop by JVM params + won't be overwritten by Spring application.properties values */ + System.setProperty(key, System.getProperty(key, value)); + } + } @Override public void init(FilterConfig filterConfig) throws ServletException { - Properties props = aafConfiguration.getProperties(); - props.setProperty(CADI_KEY_STORE, trimFileName(keyStore)); - props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore)); - props.setProperty(ALIAS, alias); - props.setProperty(CADI_KEY_STORE_PW, keyStorePass); - props.setProperty(CADI_TRUST_STORE_PW, trustStorePass); + // set some properties in System so that Cadi filter will find its config + // The JVM values set will always overwrite the Spring ones. + checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile)); + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl); + checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl); + + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers); + checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore)); + checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore)); + checkIfNullProperty(Config.CADI_ALIAS, alias); + checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass); super.init(filterConfig); } - private String trimFileName (String fileName) { - int index= fileName.indexOf("file:"); - if (index == -1) { - return fileName; - } else { - return fileName.substring(index+5); + private String convertSpringToPath(String fileName) { + try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) { + if (!fileName.contains("file:")) { + File targetFile = new File(appContext.getResource(fileName).getFilename()); + java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING); + return targetFile.getPath(); + } else { + return appContext.getResource(fileName).getFile().getPath(); + } + } catch (IOException e) { + logger.error("Unable to open and copy the file: " + fileName, e); + return null; } + } } diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 552efbc7c..b5069159f 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -55,15 +55,19 @@ info.build.version=@project.version@ ### HTTP (Redirected to HTTPS) and HTTPS Example: ### -------------------------------------------- server.port=8443 -server.ssl.client-auth=want -server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12 +## Config part for Server certificates +# Can be a classpath parameter instead of file:/ +server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12 server.ssl.key-store-password=China in the Spring server.ssl.key-password=China in the Spring server.ssl.key-store-type=PKCS12 -server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks -server.ssl.trust-pass=changeit -server.ssl.trust-type=JKS server.ssl.key-alias=clamp@clamp.onap.org + +## Config part for Client certificates +server.ssl.client-auth=need +server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks +server.ssl.trust-store-password=changeit + server.http-to-https-redirection.port=8080 server.servlet.context-path=/ @@ -228,7 +232,7 @@ clamp.config.security.permission.type.template=org.onap.clamp.clds.template clamp.config.security.permission.instance=dev #AAF related parameters -clamp.config.cadi.keyFile=/opt/clamp/config/org.onap.clamp.keyfile +clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile clamp.config.cadi.cadiLoglevel=DEBUG clamp.config.cadi.cadiLatitude=37.78187 clamp.config.cadi.cadiLongitude=-122.26147 diff --git a/src/main/resources/logback-default.xml b/src/main/resources/logback-default.xml index 37cdf7637..c2524bec2 100644 --- a/src/main/resources/logback-default.xml +++ b/src/main/resources/logback-default.xml @@ -10,18 +10,15 @@ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/> <property name="p_thr" value="%thread"/> <property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/> - <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|{p_exc}|%msg%n"/> + <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/> <!-- Example evaluator filter applied against console appender --> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> - <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level> - <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter --> - <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <level>INFO</level> </filter> <encoder> - <pattern>${debugPattern}</pattern> + <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern> </encoder> </appender> @@ -181,7 +178,6 @@ <logger name="ch.qos.logback.core" level="INFO" /> <!-- logback jms appenders & loggers definition starts here --> - <!-- logback jms appenders & loggers definition starts here --> <appender name="auditLogs" class="ch.qos.logback.core.rolling.RollingFileAppender"> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> diff --git a/src/main/resources/system.properties b/src/main/resources/system.properties index a24b6202e..f95fc7009 100644 --- a/src/main/resources/system.properties +++ b/src/main/resources/system.properties @@ -5,22 +5,23 @@ # Copyright (C) 2017-2018 AT&T Intellectual Property. All rights # reserved. # ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END============================================ # =================================================================== -# -### +# +### Static JVM parameters can be set here by the dev team +### These will be loaded at Clamp startup # # JVM SSL/TLS properties -jdk.tls.client.protocols=TLSv1.1,TLSv1.2 +jdk.tls.client.protocols=TLSv1.1,TLSv1.2 https.protocols=TLSv1.1,TLSv1.2 |