From 3ef3b8ea5f14ec3263decd7c6144b46bc9ad12af Mon Sep 17 00:00:00 2001 From: sebdet Date: Thu, 3 Oct 2019 15:40:19 +0200 Subject: Add X.509 Injection Add X.509 injection in the Cadi filter so that the NGinx reverse proxy can forward the certificate that AAF needs Issue-ID: CLAMP-519 Change-Id: I0af8ec795fb61510647d2019f3f6f8f664032f5c Signed-off-by: sebdet --- .../onap/clamp/clds/filter/ClampCadiFilter.java | 39 +++++++++++++++++++--- 1 file changed, 35 insertions(+), 4 deletions(-) (limited to 'src/main') diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java index 586899a13..3a9394227 100644 --- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -26,13 +26,21 @@ package org.onap.clamp.clds.filter; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.nio.file.StandardCopyOption; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.CadiFilter; @@ -92,11 +100,15 @@ public class ClampCadiFilter extends CadiFilter { private String cadiX509Issuers; private void checkIfNullProperty(String key, String value) { - /* When value is null, so not defined in application.properties - set nothing in System properties */ + /* + * When value is null, so not defined in application.properties set nothing in + * System properties + */ if (value != null) { - /* Ensure that any properties already defined in System.prop by JVM params - won't be overwritten by Spring application.properties values */ + /* + * Ensure that any properties already defined in System.prop by JVM params won't + * be overwritten by Spring application.properties values + */ System.setProperty(key, System.getProperty(key, value)); } } @@ -126,6 +138,25 @@ public class ClampCadiFilter extends CadiFilter { super.init(filterConfig); } + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + try { + String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert"); + if (certHeader != null) { + + CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate) certificateFactory + .generateCertificate(new ByteArrayInputStream(certHeader.getBytes())); + request.setAttribute("javax.servlet.request.X509Certificate", cert); + + } + } catch (CertificateException e) { + logger.error("Unable to inject the X.509 certificate", e); + } + super.doFilter(request, response, chain); + } + private String convertSpringToPath(String fileName) { try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) { if (!fileName.contains("file:")) { -- cgit 1.2.3-korg