diff options
author | vasraz <vasyl.razinkov@est.tech> | 2023-05-05 11:57:56 +0100 |
---|---|---|
committer | Vasyl Razinkov <vasyl.razinkov@est.tech> | 2023-05-08 13:11:02 +0000 |
commit | a2feaf9b65cbba66181fb560b5815a62427d65cc (patch) | |
tree | be49cc57d447f7bb94e717e1ee970d4b095e1473 /catalog-be/src/main/java/org/openecomp | |
parent | af3fdfce91aeea1804c76a8571c102b78dde3794 (diff) |
Support SIP TLS
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Icbadd04cfa87302491c59f2e4a39ef92aaafcaa3
Issue-ID: SDC-4483
Diffstat (limited to 'catalog-be/src/main/java/org/openecomp')
3 files changed, 48 insertions, 156 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java deleted file mode 100644 index 7edd1621b1..0000000000 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java +++ /dev/null @@ -1,151 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * SDC - * ================================================================================ - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.openecomp.sdc.be.filters; - -import java.io.IOException; -import java.util.function.Supplier; -import javax.annotation.Priority; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletContext; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.filter.CadiFilter; -import org.openecomp.sdc.be.components.impl.CADIHealthCheck; -import org.openecomp.sdc.be.config.CadiFilterParams; -import org.openecomp.sdc.be.config.ConfigurationManager; -import org.openecomp.sdc.be.impl.WebAppContextWrapper; -import org.openecomp.sdc.common.api.Constants; -import org.openecomp.sdc.common.api.HealthCheckInfo; -import org.openecomp.sdc.common.log.wrappers.Logger; -import org.openecomp.sdc.common.util.ThreadLocalsHolder; -import org.springframework.web.context.WebApplicationContext; - -@Priority(2) -public class BeCadiServletFilter extends CadiFilter { - - private static final Logger log = Logger.getLogger(BeCadiServletFilter.class); - private static final String BE_CADI_SERVICE_FILTER = "BeCadiServletFilter: "; - private ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager(); - - public BeCadiServletFilter() { - super(); - log.debug(BE_CADI_SERVICE_FILTER); - } - - /** - * This constructor to be used when directly constructing and placing in HTTP Engine - * - * @param access - * @param moreTafLurs - * @throws ServletException - */ - public BeCadiServletFilter(Access access, Object... moreTafLurs) throws ServletException { - super(access, moreTafLurs); - log.debug(BE_CADI_SERVICE_FILTER); - } - - /** - * Use this to pass in a PreContructed CADI Filter, but with initializing... let Servlet do it - * - * @param init - * @param access - * @param moreTafLurs - * @throws ServletException - */ - public BeCadiServletFilter(boolean init, PropAccess access, Object... moreTafLurs) throws ServletException { - super(init, access, moreTafLurs); - log.debug(BE_CADI_SERVICE_FILTER); - } - - private void checkIfNullProperty(String key, String value) { - /* When value is null, so not defined in application.properties - set nothing in System properties */ - if (value != null) { - /* Ensure that any properties already defined in System.prop by JVM params - won't be overwritten by Spring application.properties values */ - System.setProperty(key, System.getProperty(key, value)); - } - } - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - // set some properties in System so that Cadi filter will find its config - - // The JVM values set will always overwrite the Spring ones. - CadiFilterParams cadiFilterParams = configurationManager.getConfiguration().getCadiFilterParams(); - checkIfNullProperty(Config.HOSTNAME, cadiFilterParams.getHostname()); - log.debug("BeCadiServletFilter: HOSTNAME", cadiFilterParams.getHostname()); - checkIfNullProperty(Config.CADI_KEYFILE, cadiFilterParams.getCadi_keyfile()); - checkIfNullProperty(Config.CADI_LOGLEVEL, cadiFilterParams.getCadi_loglevel()); - checkIfNullProperty(Config.CADI_LATITUDE, cadiFilterParams.getAFT_LATITUDE()); - checkIfNullProperty(Config.CADI_LONGITUDE, cadiFilterParams.getAFT_LONGITUDE()); - checkIfNullProperty(Config.AAF_URL, cadiFilterParams.getAaf_url()); - //checkIfNullProperty(Config.AAF_LOCATE_URL, cadiFilterParams.getAafLocateUrl()); - checkIfNullProperty(Config.AAF_APPID, cadiFilterParams.getAaf_id()); - checkIfNullProperty(Config.AAF_APPPASS, cadiFilterParams.getAaf_password()); - checkIfNullProperty(Config.AAF_ENV, cadiFilterParams.getAFT_ENVIRONMENT()); - checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiFilterParams.getCadiX509Issuers()); - checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiFilterParams.getCadi_truststore()); - checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiFilterParams.getCadi_truststore_password()); - super.init(filterConfig); - log.debug("BeCadiServletFilter finishing init(), Current status of CADI would be UP"); - if (!isNeedAuth()) { - CADIHealthCheck.getCADIHealthCheckInstance().setIsCADIUp(HealthCheckInfo.HealthCheckStatus.DOWN); - } else { - CADIHealthCheck.getCADIHealthCheckInstance().setIsCADIUp(HealthCheckInfo.HealthCheckStatus.UP); - } - } - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - if (ThreadLocalsHolder.isExternalRequest() && isNeedAuth()) { - log.debug("doFilter: {}", request.getContentType()); - HttpServletRequest hreq = (HttpServletRequest) request; - log.debug("Need aaf authentication : {}", hreq); - ThreadLocalUtils threadLocalUtils = getThreadLocalUtils(((HttpServletRequest) request).getSession().getServletContext()); - threadLocalUtils.setUserContext((HttpServletRequest) request); - super.doFilter(request, response, chain); - } else { - log.debug("No need aaf authentication"); - chain.doFilter(request, response); - } - } - - private boolean isNeedAuth() { - return configurationManager.getConfiguration().getAafAuthNeeded(); - } - - ThreadLocalUtils getThreadLocalUtils(ServletContext context) { - return getClassFromWebAppContext(context, () -> ThreadLocalUtils.class); - } - - <T> T getClassFromWebAppContext(ServletContext context, Supplier<Class<T>> businessLogicClassGen) { - WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context - .getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR); - WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context); - return webApplicationContext.getBean(businessLogicClassGen.get()); - } -} diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java index 76be33cedf..0bd921db54 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java @@ -39,6 +39,7 @@ public class BEAppContextListener extends AppContextListener implements ServletC private static final String MANIFEST_FILE_NAME = "/META-INF/MANIFEST.MF"; private static final Logger log = Logger.getLogger(BEAppContextListener.class); + @Override public void contextInitialized(ServletContextEvent context) { super.contextInitialized(context); ConfigurationManager configurationManager = new ConfigurationManager(ExternalConfiguration.getConfigurationSource()); diff --git a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java index b38210116c..c423795a2f 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java @@ -21,7 +21,11 @@ */ package org.openecomp.sdc.config; +import nl.altindag.ssl.SSLFactory; +import nl.altindag.ssl.util.JettySslUtils; import org.apache.http.impl.client.CloseableHttpClient; +import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.onap.config.api.JettySSLUtils; import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; import org.onap.sdc.security.PortalClient; import org.openecomp.sdc.be.auditing.impl.ConfigurationProvider; @@ -29,19 +33,27 @@ import org.openecomp.sdc.be.components.impl.ComponentLocker; import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler; import org.openecomp.sdc.be.components.impl.lock.ComponentLockAspect; import org.openecomp.sdc.be.components.lifecycle.LifecycleBusinessLogic; +import org.openecomp.sdc.be.config.Configuration; import org.openecomp.sdc.be.config.ConfigurationManager; import org.openecomp.sdc.be.ecomp.converters.AssetMetadataConverter; import org.openecomp.sdc.be.filters.FilterConfiguration; import org.openecomp.sdc.be.filters.PortalConfiguration; import org.openecomp.sdc.be.filters.ThreadLocalUtils; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; +import javax.net.ssl.SSLSessionContext; +import javax.net.ssl.X509ExtendedKeyManager; +import javax.net.ssl.X509ExtendedTrustManager; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.StandardOpenOption; + + // @formatter:off -@Configuration +@org.springframework.context.annotation.Configuration @ComponentScan({ "org.openecomp.sdc.be.user", "org.openecomp.sdc.be.facade.operations", @@ -73,10 +85,11 @@ public class CatalogBESpringConfig { private static final int BEFORE_TRANSACTION_MANAGER = 0; private final ComponentLocker componentLocker; + private final JettySSLUtils.JettySslConfig sslConfig; - @Autowired public CatalogBESpringConfig(ComponentLocker componentLocker) { this.componentLocker = componentLocker; + sslConfig = JettySSLUtils.getSSLConfig(); } @Bean(name = "lifecycleBusinessLogic") @@ -132,7 +145,36 @@ public class CatalogBESpringConfig { } @Bean - public org.openecomp.sdc.be.config.Configuration configuration() { + public Configuration configuration() { return ConfigurationManager.getConfigurationManager().getConfiguration(); } + + @Bean + public SSLFactory sslFactory() throws IOException { + return SSLFactory.builder().withSwappableIdentityMaterial() + .withIdentityMaterial(Files.newInputStream(Path.of(sslConfig.getKeystorePath()), StandardOpenOption.READ), sslConfig.getKeystorePass().toCharArray(), sslConfig.getKeystoreType()).withSwappableTrustMaterial() + .withTrustMaterial(Files.newInputStream(Path.of(sslConfig.getTruststorePath()), StandardOpenOption.READ), sslConfig.getTruststorePass().toCharArray(), sslConfig.getTruststoreType()).withNeedClientAuthentication() + .build(); + } + + @Bean + public SslContextFactory.Server sslContextFactory(SSLFactory sslFactory) { + return JettySslUtils.forServer(sslFactory); + } + + @Bean + public X509ExtendedKeyManager keyManager(SSLFactory sslFactory) throws Exception { + return sslFactory.getKeyManager().orElseThrow(Exception::new); + } + + @Bean + public X509ExtendedTrustManager trustManager(SSLFactory sslFactory) throws Exception { + return sslFactory.getTrustManager().orElseThrow(Exception::new); + } + + @Bean + public SSLSessionContext serverSessionContext(SSLFactory sslFactory) { + return sslFactory.getSslContext().getServerSessionContext(); + } + } |