aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/src/main/java/org/openecomp
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2023-05-05 11:57:56 +0100
committerVasyl Razinkov <vasyl.razinkov@est.tech>2023-05-08 13:11:02 +0000
commita2feaf9b65cbba66181fb560b5815a62427d65cc (patch)
treebe49cc57d447f7bb94e717e1ee970d4b095e1473 /catalog-be/src/main/java/org/openecomp
parentaf3fdfce91aeea1804c76a8571c102b78dde3794 (diff)
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3 Issue-ID: SDC-4483
Diffstat (limited to 'catalog-be/src/main/java/org/openecomp')
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java151
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java1
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java52
3 files changed, 48 insertions, 156 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java
deleted file mode 100644
index 7edd1621b1..0000000000
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * SDC
- * ================================================================================
- * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.openecomp.sdc.be.filters;
-
-import java.io.IOException;
-import java.util.function.Supplier;
-import javax.annotation.Priority;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.cadi.filter.CadiFilter;
-import org.openecomp.sdc.be.components.impl.CADIHealthCheck;
-import org.openecomp.sdc.be.config.CadiFilterParams;
-import org.openecomp.sdc.be.config.ConfigurationManager;
-import org.openecomp.sdc.be.impl.WebAppContextWrapper;
-import org.openecomp.sdc.common.api.Constants;
-import org.openecomp.sdc.common.api.HealthCheckInfo;
-import org.openecomp.sdc.common.log.wrappers.Logger;
-import org.openecomp.sdc.common.util.ThreadLocalsHolder;
-import org.springframework.web.context.WebApplicationContext;
-
-@Priority(2)
-public class BeCadiServletFilter extends CadiFilter {
-
- private static final Logger log = Logger.getLogger(BeCadiServletFilter.class);
- private static final String BE_CADI_SERVICE_FILTER = "BeCadiServletFilter: ";
- private ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager();
-
- public BeCadiServletFilter() {
- super();
- log.debug(BE_CADI_SERVICE_FILTER);
- }
-
- /**
- * This constructor to be used when directly constructing and placing in HTTP Engine
- *
- * @param access
- * @param moreTafLurs
- * @throws ServletException
- */
- public BeCadiServletFilter(Access access, Object... moreTafLurs) throws ServletException {
- super(access, moreTafLurs);
- log.debug(BE_CADI_SERVICE_FILTER);
- }
-
- /**
- * Use this to pass in a PreContructed CADI Filter, but with initializing... let Servlet do it
- *
- * @param init
- * @param access
- * @param moreTafLurs
- * @throws ServletException
- */
- public BeCadiServletFilter(boolean init, PropAccess access, Object... moreTafLurs) throws ServletException {
- super(init, access, moreTafLurs);
- log.debug(BE_CADI_SERVICE_FILTER);
- }
-
- private void checkIfNullProperty(String key, String value) {
- /* When value is null, so not defined in application.properties
- set nothing in System properties */
- if (value != null) {
- /* Ensure that any properties already defined in System.prop by JVM params
- won't be overwritten by Spring application.properties values */
- System.setProperty(key, System.getProperty(key, value));
- }
- }
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- // set some properties in System so that Cadi filter will find its config
-
- // The JVM values set will always overwrite the Spring ones.
- CadiFilterParams cadiFilterParams = configurationManager.getConfiguration().getCadiFilterParams();
- checkIfNullProperty(Config.HOSTNAME, cadiFilterParams.getHostname());
- log.debug("BeCadiServletFilter: HOSTNAME", cadiFilterParams.getHostname());
- checkIfNullProperty(Config.CADI_KEYFILE, cadiFilterParams.getCadi_keyfile());
- checkIfNullProperty(Config.CADI_LOGLEVEL, cadiFilterParams.getCadi_loglevel());
- checkIfNullProperty(Config.CADI_LATITUDE, cadiFilterParams.getAFT_LATITUDE());
- checkIfNullProperty(Config.CADI_LONGITUDE, cadiFilterParams.getAFT_LONGITUDE());
- checkIfNullProperty(Config.AAF_URL, cadiFilterParams.getAaf_url());
- //checkIfNullProperty(Config.AAF_LOCATE_URL, cadiFilterParams.getAafLocateUrl());
- checkIfNullProperty(Config.AAF_APPID, cadiFilterParams.getAaf_id());
- checkIfNullProperty(Config.AAF_APPPASS, cadiFilterParams.getAaf_password());
- checkIfNullProperty(Config.AAF_ENV, cadiFilterParams.getAFT_ENVIRONMENT());
- checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiFilterParams.getCadiX509Issuers());
- checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiFilterParams.getCadi_truststore());
- checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiFilterParams.getCadi_truststore_password());
- super.init(filterConfig);
- log.debug("BeCadiServletFilter finishing init(), Current status of CADI would be UP");
- if (!isNeedAuth()) {
- CADIHealthCheck.getCADIHealthCheckInstance().setIsCADIUp(HealthCheckInfo.HealthCheckStatus.DOWN);
- } else {
- CADIHealthCheck.getCADIHealthCheckInstance().setIsCADIUp(HealthCheckInfo.HealthCheckStatus.UP);
- }
- }
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
- if (ThreadLocalsHolder.isExternalRequest() && isNeedAuth()) {
- log.debug("doFilter: {}", request.getContentType());
- HttpServletRequest hreq = (HttpServletRequest) request;
- log.debug("Need aaf authentication : {}", hreq);
- ThreadLocalUtils threadLocalUtils = getThreadLocalUtils(((HttpServletRequest) request).getSession().getServletContext());
- threadLocalUtils.setUserContext((HttpServletRequest) request);
- super.doFilter(request, response, chain);
- } else {
- log.debug("No need aaf authentication");
- chain.doFilter(request, response);
- }
- }
-
- private boolean isNeedAuth() {
- return configurationManager.getConfiguration().getAafAuthNeeded();
- }
-
- ThreadLocalUtils getThreadLocalUtils(ServletContext context) {
- return getClassFromWebAppContext(context, () -> ThreadLocalUtils.class);
- }
-
- <T> T getClassFromWebAppContext(ServletContext context, Supplier<Class<T>> businessLogicClassGen) {
- WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context
- .getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR);
- WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context);
- return webApplicationContext.getBean(businessLogicClassGen.get());
- }
-}
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
index 76be33cedf..0bd921db54 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
@@ -39,6 +39,7 @@ public class BEAppContextListener extends AppContextListener implements ServletC
private static final String MANIFEST_FILE_NAME = "/META-INF/MANIFEST.MF";
private static final Logger log = Logger.getLogger(BEAppContextListener.class);
+ @Override
public void contextInitialized(ServletContextEvent context) {
super.contextInitialized(context);
ConfigurationManager configurationManager = new ConfigurationManager(ExternalConfiguration.getConfigurationSource());
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java
index b38210116c..c423795a2f 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java
@@ -21,7 +21,11 @@
*/
package org.openecomp.sdc.config;
+import nl.altindag.ssl.SSLFactory;
+import nl.altindag.ssl.util.JettySslUtils;
import org.apache.http.impl.client.CloseableHttpClient;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.onap.config.api.JettySSLUtils;
import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
import org.onap.sdc.security.PortalClient;
import org.openecomp.sdc.be.auditing.impl.ConfigurationProvider;
@@ -29,19 +33,27 @@ import org.openecomp.sdc.be.components.impl.ComponentLocker;
import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler;
import org.openecomp.sdc.be.components.impl.lock.ComponentLockAspect;
import org.openecomp.sdc.be.components.lifecycle.LifecycleBusinessLogic;
+import org.openecomp.sdc.be.config.Configuration;
import org.openecomp.sdc.be.config.ConfigurationManager;
import org.openecomp.sdc.be.ecomp.converters.AssetMetadataConverter;
import org.openecomp.sdc.be.filters.FilterConfiguration;
import org.openecomp.sdc.be.filters.PortalConfiguration;
import org.openecomp.sdc.be.filters.ThreadLocalUtils;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
+
+
// @formatter:off
-@Configuration
+@org.springframework.context.annotation.Configuration
@ComponentScan({
"org.openecomp.sdc.be.user",
"org.openecomp.sdc.be.facade.operations",
@@ -73,10 +85,11 @@ public class CatalogBESpringConfig {
private static final int BEFORE_TRANSACTION_MANAGER = 0;
private final ComponentLocker componentLocker;
+ private final JettySSLUtils.JettySslConfig sslConfig;
- @Autowired
public CatalogBESpringConfig(ComponentLocker componentLocker) {
this.componentLocker = componentLocker;
+ sslConfig = JettySSLUtils.getSSLConfig();
}
@Bean(name = "lifecycleBusinessLogic")
@@ -132,7 +145,36 @@ public class CatalogBESpringConfig {
}
@Bean
- public org.openecomp.sdc.be.config.Configuration configuration() {
+ public Configuration configuration() {
return ConfigurationManager.getConfigurationManager().getConfiguration();
}
+
+ @Bean
+ public SSLFactory sslFactory() throws IOException {
+ return SSLFactory.builder().withSwappableIdentityMaterial()
+ .withIdentityMaterial(Files.newInputStream(Path.of(sslConfig.getKeystorePath()), StandardOpenOption.READ), sslConfig.getKeystorePass().toCharArray(), sslConfig.getKeystoreType()).withSwappableTrustMaterial()
+ .withTrustMaterial(Files.newInputStream(Path.of(sslConfig.getTruststorePath()), StandardOpenOption.READ), sslConfig.getTruststorePass().toCharArray(), sslConfig.getTruststoreType()).withNeedClientAuthentication()
+ .build();
+ }
+
+ @Bean
+ public SslContextFactory.Server sslContextFactory(SSLFactory sslFactory) {
+ return JettySslUtils.forServer(sslFactory);
+ }
+
+ @Bean
+ public X509ExtendedKeyManager keyManager(SSLFactory sslFactory) throws Exception {
+ return sslFactory.getKeyManager().orElseThrow(Exception::new);
+ }
+
+ @Bean
+ public X509ExtendedTrustManager trustManager(SSLFactory sslFactory) throws Exception {
+ return sslFactory.getTrustManager().orElseThrow(Exception::new);
+ }
+
+ @Bean
+ public SSLSessionContext serverSessionContext(SSLFactory sslFactory) {
+ return sslFactory.getSslContext().getServerSessionContext();
+ }
+
}