Revert "Support SIP TLS"

This reverts commit a2feaf9b65cbba66181fb560b5815a62427d65cc. Reason for revert: deployment issue Change-Id: Ic21e213493f51d0c11778187ab054881bba7c21e Issue-ID: SDC-4483 Signed-off-by: MichaelMorris <michael.morris@est.tech>
author: MichaelMorris <michael.morris@est.tech> 2023-06-02 11:38:36 +0000
committer: Vasyl Razinkov <vasyl.razinkov@est.tech> 2023-06-02 16:21:12 +0000
commit: 222555c7995645416a47bc52ed8837e3afde8e21 (patch)
tree: 0eae25247dfbc06538a9170dc5ab9a8addeb5bb3 /catalog-be
parent: 9fb750f15ee84c4318d729c91c4ba50b61d73b3e (diff)
8 files changed, 196 insertions, 76 deletions
diff --git a/catalog-be/pom.xml b/catalog-be/pom.xml
index d503b0b36a..d1f0d2e479 100644
--- a/catalog-be/pom.xml
+++ b/catalog-be/pom.xml
@@ -1,6 +1,6 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
     <artifactId>catalog-be</artifactId>
@@ -19,7 +19,6 @@
         <maven-dependency-plugin.version>3.2.0</maven-dependency-plugin.version>
         <replacer.plugin.version>1.5.3</replacer.plugin.version>
         <ui.version>${project.version}</ui.version>
-        <io.github.hakky54.version>7.4.11</io.github.hakky54.version>
     </properties>
 
     <dependencies>
@@ -221,11 +220,11 @@
             </exclusions>
         </dependency>
 
-        <dependency>
-            <groupId>io.micrometer</groupId>
-            <artifactId>micrometer-registry-prometheus</artifactId>
-            <version>${micrometer.version}</version>
-        </dependency>
+      <dependency>
+          <groupId>io.micrometer</groupId>
+          <artifactId>micrometer-registry-prometheus</artifactId>
+          <version>${micrometer.version}</version>
+      </dependency>
 
         <dependency>
             <groupId>ch.qos.logback</groupId>
@@ -632,6 +631,7 @@
             <scope>compile</scope>
         </dependency>
 
+
         <!-- CAMBRIA CLIENT for U-EB -->
         <dependency>
             <groupId>com.att.nsa</groupId>
@@ -834,6 +834,31 @@
             </exclusions>
         </dependency>
 
+        <!-- CADI -->
+        <dependency>
+            <groupId>org.onap.aaf.authz</groupId>
+            <artifactId>aaf-cadi-aaf</artifactId>
+            <version>${cadi.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.datastax.cassandra</groupId>
+                    <artifactId>cassandra-driver-core</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>slf4j-log4j12</artifactId>
+                </exclusion>
+                <exclusion>
+                    <artifactId>log4j</artifactId>
+                    <groupId>log4j</groupId>
+                </exclusion>
+                <exclusion>
+                    <groupId>javax.servlet</groupId>
+                    <artifactId>javax.servlet-api</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
         <!-- TEST -->
         <dependency>
             <groupId>org.assertj</groupId>
@@ -1045,17 +1070,6 @@
             <artifactId>kafka-clients</artifactId>
         </dependency>
 
-        <dependency>
-            <groupId>io.github.hakky54</groupId>
-            <artifactId>sslcontext-kickstart-for-jetty</artifactId>
-            <version>${io.github.hakky54.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>io.github.hakky54</groupId>
-            <artifactId>sslcontext-kickstart</artifactId>
-            <version>${io.github.hakky54.version}</version>
-        </dependency>
-
     </dependencies>
 
     <build>
diff --git a/catalog-be/src/main/docker/backend/Dockerfile b/catalog-be/src/main/docker/backend/Dockerfile
index c5c36d6bc0..d33f67c156 100644
--- a/catalog-be/src/main/docker/backend/Dockerfile
+++ b/catalog-be/src/main/docker/backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM onap/integration-java11:10.0.0
+FROM onap/integration-java11:9.0.0
 
 USER root
 ARG JETTY_FOLDER=/app/jetty
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index ba94e21449..a3e519826c 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -11,11 +11,11 @@ default['disableHttp'] = true
 #|  Jetty                           |
 #|                                  |
 #+----------------------------------+
+
 default['jetty']['dmaap_truststore_pwd'] = "dmaap_truststore_pwd"
-default['jetty']['keystore_path'] = "etc/org.onap.sdc.p12"
 default['jetty']['keystore_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
 default['jetty']['keymanager_pwd'] = "?(kP!Yur![*!Y5!E^f(ZKc31"
-default['jetty']['truststore_path'] = "etc/org.onap.sdc.trust.jks"
+default['jetty']['truststore_path'] = "#{ENV['JETTY_BASE']}/etc/truststore"
 # TO CHANGE THE TRUSTSTORE CERT THE JVM CONFIGURATION
 # MUST BE ALSO CHANGE IN THE startup.sh FILE
 default['jetty'][:truststore_pwd] = "z+KEj;t+,KN^iimSiS89e#p0"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
index ad66a67e22..5655d0fd6f 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_4_jetty_Modules.rb
@@ -51,10 +51,8 @@ template "ssl-ini" do
   mode "0755"
   variables ({
     :https_port => "#{node['BE'][:https_port]}" ,
-    :jetty_keystore_path => "#{node['jetty'][:keystore_path]}" ,
     :jetty_keystore_pwd => "#{node['jetty'][:keystore_pwd]}" ,
     :jetty_keymanager_pwd => "#{node['jetty'][:keymanager_pwd]}" ,
-    :jetty_truststore_path => "#{node['jetty'][:truststore_path]}",
     :jetty_truststore_pwd => "#{node['jetty'][:truststore_pwd]}"
   })
 end
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
index c489825c7b..278fdea2ae 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/ssl-ini.erb
@@ -42,17 +42,17 @@ jetty.ssl.port=<%= @https_port %>
 ## See http://www.eclipse.org/jetty/documentation/current/configuring-security-secure-passwords.html
 
 ## Keystore file path (relative to $jetty.base)
-jetty.sslContext.keyStorePath=<%= @jetty_keystore_path %>
+jetty.sslContext.keyStorePath=etc/org.onap.sdc.p12
 
 ## Truststore file path (relative to $jetty.base)
-jetty.sslContext.trustStorePath=<%= @jetty_truststore_path %>
+jetty.sslContext.trustStorePath=etc/org.onap.sdc.trust.jks
 
 ## Keystore password
 # jetty.sslContext.keyStorePassword=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
 jetty.sslContext.keyStorePassword=<%= @jetty_keystore_pwd %>
 
 ## Keystore type and provider
-jetty.sslContext.keyStoreType=JKS
+# jetty.sslContext.keyStoreType=JKS
 # jetty.sslContext.keyStoreProvider=
 
 ## KeyManager password
@@ -64,7 +64,7 @@ jetty.sslContext.keyManagerPassword=<%= @jetty_keymanager_pwd %>
 jetty.sslContext.trustStorePassword=<%= @jetty_truststore_pwd %>
 
 ## Truststore type and provider
-jetty.sslContext.trustStoreType=JKS
+# jetty.sslContext.trustStoreType=JKS
 # jetty.sslContext.trustStoreProvider=
 
 ## whether client certificate authentication is required
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java
new file mode 100644
index 0000000000..7edd1621b1
--- /dev/null
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BeCadiServletFilter.java
@@ -0,0 +1,151 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.openecomp.sdc.be.filters;
+
+import java.io.IOException;
+import java.util.function.Supplier;
+import javax.annotation.Priority;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import org.onap.aaf.cadi.Access;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.openecomp.sdc.be.components.impl.CADIHealthCheck;
+import org.openecomp.sdc.be.config.CadiFilterParams;
+import org.openecomp.sdc.be.config.ConfigurationManager;
+import org.openecomp.sdc.be.impl.WebAppContextWrapper;
+import org.openecomp.sdc.common.api.Constants;
+import org.openecomp.sdc.common.api.HealthCheckInfo;
+import org.openecomp.sdc.common.log.wrappers.Logger;
+import org.openecomp.sdc.common.util.ThreadLocalsHolder;
+import org.springframework.web.context.WebApplicationContext;
+
+@Priority(2)
+public class BeCadiServletFilter extends CadiFilter {
+
+    private static final Logger log = Logger.getLogger(BeCadiServletFilter.class);
+    private static final String BE_CADI_SERVICE_FILTER = "BeCadiServletFilter: ";
+    private ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager();
+
+    public BeCadiServletFilter() {
+        super();
+        log.debug(BE_CADI_SERVICE_FILTER);
+    }
+
+    /**
+     * This constructor to be used when directly constructing and placing in HTTP Engine
+     *
+     * @param access
+     * @param moreTafLurs
+     * @throws ServletException
+     */
+    public BeCadiServletFilter(Access access, Object... moreTafLurs) throws ServletException {
+        super(access, moreTafLurs);
+        log.debug(BE_CADI_SERVICE_FILTER);
+    }
+
+    /**
+     * Use this to pass in a PreContructed CADI Filter, but with initializing... let Servlet do it
+     *
+     * @param init
+     * @param access
+     * @param moreTafLurs
+     * @throws ServletException
+     */
+    public BeCadiServletFilter(boolean init, PropAccess access, Object... moreTafLurs) throws ServletException {
+        super(init, access, moreTafLurs);
+        log.debug(BE_CADI_SERVICE_FILTER);
+    }
+
+    private void checkIfNullProperty(String key, String value) {
+        /* When value is null, so not defined in application.properties
+           set nothing in System properties */
+        if (value != null) { 
+            /* Ensure that any properties already defined in System.prop by JVM params
+                won't be overwritten by Spring application.properties values */
+            System.setProperty(key, System.getProperty(key, value));
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        // set some properties in System so that Cadi filter will find its config
+
+        // The JVM values set will always overwrite the Spring ones.
+        CadiFilterParams cadiFilterParams = configurationManager.getConfiguration().getCadiFilterParams();
+        checkIfNullProperty(Config.HOSTNAME, cadiFilterParams.getHostname());
+        log.debug("BeCadiServletFilter: HOSTNAME", cadiFilterParams.getHostname());
+        checkIfNullProperty(Config.CADI_KEYFILE, cadiFilterParams.getCadi_keyfile());
+        checkIfNullProperty(Config.CADI_LOGLEVEL, cadiFilterParams.getCadi_loglevel());
+        checkIfNullProperty(Config.CADI_LATITUDE, cadiFilterParams.getAFT_LATITUDE());
+        checkIfNullProperty(Config.CADI_LONGITUDE, cadiFilterParams.getAFT_LONGITUDE());
+        checkIfNullProperty(Config.AAF_URL, cadiFilterParams.getAaf_url());
+        //checkIfNullProperty(Config.AAF_LOCATE_URL, cadiFilterParams.getAafLocateUrl());
+        checkIfNullProperty(Config.AAF_APPID, cadiFilterParams.getAaf_id());
+        checkIfNullProperty(Config.AAF_APPPASS, cadiFilterParams.getAaf_password());
+        checkIfNullProperty(Config.AAF_ENV, cadiFilterParams.getAFT_ENVIRONMENT());
+        checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiFilterParams.getCadiX509Issuers());
+        checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiFilterParams.getCadi_truststore());
+        checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiFilterParams.getCadi_truststore_password());
+        super.init(filterConfig);
+        log.debug("BeCadiServletFilter finishing init(), Current status of CADI would be UP");
+        if (!isNeedAuth()) {
+            CADIHealthCheck.getCADIHealthCheckInstance().setIsCADIUp(HealthCheckInfo.HealthCheckStatus.DOWN);
+        } else {
+            CADIHealthCheck.getCADIHealthCheckInstance().setIsCADIUp(HealthCheckInfo.HealthCheckStatus.UP);
+        }
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        if (ThreadLocalsHolder.isExternalRequest() && isNeedAuth()) {
+            log.debug("doFilter: {}", request.getContentType());
+            HttpServletRequest hreq = (HttpServletRequest) request;
+            log.debug("Need aaf authentication : {}", hreq);
+            ThreadLocalUtils threadLocalUtils = getThreadLocalUtils(((HttpServletRequest) request).getSession().getServletContext());
+            threadLocalUtils.setUserContext((HttpServletRequest) request);
+            super.doFilter(request, response, chain);
+        } else {
+            log.debug("No need aaf authentication");
+            chain.doFilter(request, response);
+        }
+    }
+
+    private boolean isNeedAuth() {
+        return configurationManager.getConfiguration().getAafAuthNeeded();
+    }
+
+    ThreadLocalUtils getThreadLocalUtils(ServletContext context) {
+        return getClassFromWebAppContext(context, () -> ThreadLocalUtils.class);
+    }
+
+    <T> T getClassFromWebAppContext(ServletContext context, Supplier<Class<T>> businessLogicClassGen) {
+        WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context
+            .getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR);
+        WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context);
+        return webApplicationContext.getBean(businessLogicClassGen.get());
+    }
+}
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
index 0bd921db54..76be33cedf 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/listen/BEAppContextListener.java
@@ -39,7 +39,6 @@ public class BEAppContextListener extends AppContextListener implements ServletC
     private static final String MANIFEST_FILE_NAME = "/META-INF/MANIFEST.MF";
     private static final Logger log = Logger.getLogger(BEAppContextListener.class);
 
-    @Override
     public void contextInitialized(ServletContextEvent context) {
         super.contextInitialized(context);
         ConfigurationManager configurationManager = new ConfigurationManager(ExternalConfiguration.getConfigurationSource());
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java
index c423795a2f..b38210116c 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/config/CatalogBESpringConfig.java
@@ -21,11 +21,7 @@
  */
 package org.openecomp.sdc.config;
 
-import nl.altindag.ssl.SSLFactory;
-import nl.altindag.ssl.util.JettySslUtils;
 import org.apache.http.impl.client.CloseableHttpClient;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-import org.onap.config.api.JettySSLUtils;
 import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
 import org.onap.sdc.security.PortalClient;
 import org.openecomp.sdc.be.auditing.impl.ConfigurationProvider;
@@ -33,27 +29,19 @@ import org.openecomp.sdc.be.components.impl.ComponentLocker;
 import org.openecomp.sdc.be.components.impl.aaf.RoleAuthorizationHandler;
 import org.openecomp.sdc.be.components.impl.lock.ComponentLockAspect;
 import org.openecomp.sdc.be.components.lifecycle.LifecycleBusinessLogic;
-import org.openecomp.sdc.be.config.Configuration;
 import org.openecomp.sdc.be.config.ConfigurationManager;
 import org.openecomp.sdc.be.ecomp.converters.AssetMetadataConverter;
 import org.openecomp.sdc.be.filters.FilterConfiguration;
 import org.openecomp.sdc.be.filters.PortalConfiguration;
 import org.openecomp.sdc.be.filters.ThreadLocalUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 
-import javax.net.ssl.SSLSessionContext;
-import javax.net.ssl.X509ExtendedKeyManager;
-import javax.net.ssl.X509ExtendedTrustManager;
-import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.StandardOpenOption;
-
-
 // @formatter:off
-@org.springframework.context.annotation.Configuration
+@Configuration
 @ComponentScan({
     "org.openecomp.sdc.be.user",
     "org.openecomp.sdc.be.facade.operations",
@@ -85,11 +73,10 @@ public class CatalogBESpringConfig {
 
     private static final int BEFORE_TRANSACTION_MANAGER = 0;
     private final ComponentLocker componentLocker;
-    private final JettySSLUtils.JettySslConfig sslConfig;
 
+    @Autowired
     public CatalogBESpringConfig(ComponentLocker componentLocker) {
         this.componentLocker = componentLocker;
-        sslConfig = JettySSLUtils.getSSLConfig();
     }
 
     @Bean(name = "lifecycleBusinessLogic")
@@ -145,36 +132,7 @@ public class CatalogBESpringConfig {
     }
 
     @Bean
-    public Configuration configuration() {
+    public org.openecomp.sdc.be.config.Configuration configuration() {
         return ConfigurationManager.getConfigurationManager().getConfiguration();
     }
-
-    @Bean
-    public SSLFactory sslFactory() throws IOException {
-        return SSLFactory.builder().withSwappableIdentityMaterial()
-                .withIdentityMaterial(Files.newInputStream(Path.of(sslConfig.getKeystorePath()), StandardOpenOption.READ), sslConfig.getKeystorePass().toCharArray(), sslConfig.getKeystoreType()).withSwappableTrustMaterial()
-                .withTrustMaterial(Files.newInputStream(Path.of(sslConfig.getTruststorePath()), StandardOpenOption.READ), sslConfig.getTruststorePass().toCharArray(), sslConfig.getTruststoreType()).withNeedClientAuthentication()
-                .build();
-    }
-
-    @Bean
-    public SslContextFactory.Server sslContextFactory(SSLFactory sslFactory) {
-        return JettySslUtils.forServer(sslFactory);
-    }
-
-    @Bean
-    public X509ExtendedKeyManager keyManager(SSLFactory sslFactory) throws Exception {
-        return sslFactory.getKeyManager().orElseThrow(Exception::new);
-    }
-
-    @Bean
-    public X509ExtendedTrustManager trustManager(SSLFactory sslFactory) throws Exception {
-        return sslFactory.getTrustManager().orElseThrow(Exception::new);
-    }
-
-    @Bean
-    public SSLSessionContext serverSessionContext(SSLFactory sslFactory) {
-        return sslFactory.getSslContext().getServerSessionContext();
-    }
-
 }
author	MichaelMorris <michael.morris@est.tech>	2023-06-02 11:38:36 +0000
committer	Vasyl Razinkov <vasyl.razinkov@est.tech>	2023-06-02 16:21:12 +0000
commit	222555c7995645416a47bc52ed8837e3afde8e21 (patch)
tree	0eae25247dfbc06538a9170dc5ab9a8addeb5bb3 /catalog-be
parent	9fb750f15ee84c4318d729c91c4ba50b61d73b3e (diff)