watch tls files

Signed-off-by: MichaelMorris <michael.morris@est.tech>
Issue-ID: SDC-4639
Change-Id: Ic9cff09c633770df5171867ca69ed318c2a75f59

4 files changed, 110 insertions, 0 deletions

diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index d6d034fcb6..ada01a96e5 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -21,6 +21,10 @@ beProtocol: https
 beProtocol: http
 <% end -%>
 
+tlsCert: <%= node['BE']['tls_cert'] %>
+tlsKey: <%= node['BE']['tls_key'] %>
+caCert: <%= node['BE']['ca_cert'] %>
+
 # catalog backend ssl port
 beSslPort: <%= @ssl_port %>
 version: 1.1.0
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
index 76be33cedf..00d4e4356e 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
@@ -19,13 +19,22 @@
  */
 package org.openecomp.sdc.be.listen;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
+
+import org.apache.commons.io.filefilter.FileFilterUtils;
+import org.apache.commons.io.filefilter.IOFileFilter;
+import org.apache.commons.io.monitor.FileAlterationListenerAdaptor;
+import org.apache.commons.io.monitor.FileAlterationMonitor;
+import org.apache.commons.io.monitor.FileAlterationObserver;
 import org.openecomp.sdc.be.config.ConfigurationManager;
 import org.openecomp.sdc.be.impl.WebAppContextWrapper;
 import org.openecomp.sdc.be.monitoring.BeMonitoringService;
@@ -50,6 +59,7 @@ public class BEAppContextListener extends AppContextListener implements ServletC
         // Monitoring service
         BeMonitoringService bms = new BeMonitoringService(context.getServletContext());
         bms.start(configurationManager.getConfiguration().getSystemMonitoring().getProbeIntervalInSeconds(15));
+        initTlsFileMonitoring();
         log.debug("After executing {}", this.getClass());
     }
 
@@ -71,4 +81,46 @@ public class BEAppContextListener extends AppContextListener implements ServletC
         }
         return version;
     }
+    
+    private void initTlsFileMonitoring() {
+        final Map<String, IOFileFilter> tlsFileFilters = createTlsFileFilters();
+        if (!tlsFileFilters.isEmpty()) {
+            final TlsFileChangeHandler tlsFileChangeHandler = new TlsFileChangeHandler();
+            tlsFileFilters.entrySet().stream().forEach(entry -> listenForChanges(entry.getKey(), tlsFileChangeHandler, entry.getValue()));
+        }
+    }
+    
+    private Map<String, IOFileFilter> createTlsFileFilters() {        
+        final Map<String, IOFileFilter> filters = new HashMap<>();
+        addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getTlsCert());
+        addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getTlsKey());
+        addFilter(filters, ConfigurationManager.getConfigurationManager().getConfiguration().getCaCert());
+        return filters;
+    }
+    
+    private void addFilter(final Map<String, IOFileFilter> filters, final String path) {
+        if (path != null) {
+            final File file = new File(path);
+            final IOFileFilter caCertFileFilter =
+                    FileFilterUtils.and(FileFilterUtils.fileFileFilter(), FileFilterUtils.nameFileFilter(file.getName()));
+            
+            if (filters.containsKey(file.getParent())) {
+                filters.put(file.getParent(), FileFilterUtils.or(filters.get(file.getParent()), caCertFileFilter));
+            } else {
+                filters.put(file.getParent(), caCertFileFilter);  
+            }
+        }
+    }
+    
+    private void listenForChanges(String path, FileAlterationListenerAdaptor changeListener, IOFileFilter ioFileFilter) {
+        FileAlterationMonitor monitor = new FileAlterationMonitor();
+        final FileAlterationObserver observer = new FileAlterationObserver(path, ioFileFilter);
+        observer.addListener(changeListener);
+        monitor.addObserver(observer);
+        try {
+            monitor.start();
+        } catch (final Exception exception) {
+            log.error("Error starting monitoring of TLS files", exception);
+        }
+    }
 }
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java
new file mode 100644
index 0000000000..7e5671cd19
--- /dev/null
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/TlsFileChangeHandler.java
@@ -0,0 +1,51 @@
+/*
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2023 Nordix Foundation
+ *  ================================================================================
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *  ============LICENSE_END=========================================================
+ */
+package org.openecomp.sdc.be.listen;
+
+import java.io.File;
+
+import org.apache.commons.io.monitor.FileAlterationListenerAdaptor;
+import org.openecomp.sdc.be.config.Configuration;
+import org.openecomp.sdc.be.config.ConfigurationManager;
+import org.openecomp.sdc.common.log.wrappers.Logger;
+
+public class TlsFileChangeHandler extends FileAlterationListenerAdaptor {
+    
+    private static final Logger LOGGER = Logger.getLogger(TlsFileChangeHandler.class.getName());
+    
+    @Override
+    public void onFileChange(File pFile) {
+        final Configuration config  = ConfigurationManager.getConfigurationManager().getConfiguration();
+        if (pFile.getAbsolutePath().equals(config.getTlsCert()) || pFile.getAbsolutePath().equals(config.getTlsKey())) {
+            handleTlsCertChanged();
+        }
+        if (pFile.getAbsolutePath().equals(config.getCaCert())) {
+            handleCaCertChanged();
+        }
+    }
+    
+    private void handleTlsCertChanged() {
+        LOGGER.info("TLS cert/key change detected");
+    }
+    
+    private void handleCaCertChanged() {
+        LOGGER.info("CA cert change detected");
+    }
+    
+}
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
index f945402106..3222c267df 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/be/config/Configuration.java
@@ -66,6 +66,9 @@ public class Configuration extends BasicConfiguration {
      * backend protocol. http | https
      */
     private String beProtocol = "http";
+    private String tlsCert;
+    private String tlsKey;
+    private String caCert;
     private Date released;
     private String version = "1111";
     private String toscaConformanceLevel = "3.0";