Changes for backend to support SSL

Changes to support starting in https mode and changes to support making a secured call to the SDC backend
(cherry picked from commit 820f4ec65a28ed822d4205b05ac6fbbd910a46cc)

Issue-ID: SDC-2405

Change-Id: I0588484fdcb0903934814906672f4fc9a76eca2c
Signed-off-by: ilanap <ilanap@amdocs.com>

3 files changed, 225 insertions, 13 deletions

diff --git a/workflow-designer-ui/src/main/frontend/yarn.lock b/workflow-designer-ui/src/main/frontend/yarn.lock
index 9670e720..633f8b3a 100644
--- a/workflow-designer-ui/src/main/frontend/yarn.lock
+++ b/workflow-designer-ui/src/main/frontend/yarn.lock
@@ -8292,19 +8292,21 @@ on-headers@~1.0.1:
   version "1.0.1"
   resolved "https://registry.yarnpkg.com/on-headers/-/on-headers-1.0.1.tgz#928f5d0f470d49342651ea6794b0857c100693f7"
 
-onap-ui-common@1.0.100:
-  version "1.0.100"
-  resolved "https://registry.yarnpkg.com/onap-ui-common/-/onap-ui-common-1.0.100.tgz#c0dae1d3d1c3fd2b866340d27a1179ed10a3a860"
-  integrity sha512-d+eaYgVgrj9B8/3iVDlkxO2jiE7wXFrvMogxxHsyM8E0Fa7wXGEGwohA4JD5nGydT84dU2vPzwkby7SZNgGpKA==
+onap-ui-common@1.0.101:
+  version "1.0.101"
+  resolved "https://registry.yarnpkg.com/onap-ui-common/-/onap-ui-common-1.0.101.tgz#c79b8fb903b7d2d3f959e3b5c27b561b563d961b"
 
-onap-ui-react@^0.1.1:
-  version "0.1.1"
-  resolved "https://registry.yarnpkg.com/onap-ui-react/-/onap-ui-react-0.1.1.tgz#3640bdb9fb10f85104ad9dd57a9f320b0703abf3"
-  integrity sha512-hax7WzSMIPll9fHvKVjFbn2dIOh39fWuiy0VQKONq/ccU3f/y08Y6EzJo7rzWcwjt8bp2KDhqNZky0HwIquc6w==
+onap-ui-common@^1.0.101:
+  version "1.0.106"
+  resolved "https://registry.yarnpkg.com/onap-ui-common/-/onap-ui-common-1.0.106.tgz#d7bf8e3eb1c422afcb87fc8f3eaaf5a996aa2947"
+
+onap-ui-react@^1.0.0:
+  version "1.0.2"
+  resolved "https://registry.yarnpkg.com/onap-ui-react/-/onap-ui-react-1.0.2.tgz#e99dc5a924f84a991c71a3e9c05a44a915830168"
   dependencies:
     "@storybook/react" "^3.1.5"
     http-loader "0.0.1"
-    onap-ui-common "1.0.100"
+    onap-ui-common "1.0.101"
     prop-types "^15.6.0"
     react "15.6.2"
     react-dom "15.6.2"
diff --git a/workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java b/workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java
new file mode 100644
index 00000000..8c17a92d
--- /dev/null
+++ b/workflow-designer-ui/src/main/java/org/onap/workflow/web/SSLProxyServlet.java
@@ -0,0 +1,211 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * SDC
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+
+package org.onap.workflow.web;
+
+
+import org.eclipse.jetty.client.HttpClient;
+import org.eclipse.jetty.client.api.Request;
+import org.eclipse.jetty.http.HttpHeader;
+import org.eclipse.jetty.http.HttpScheme;
+import org.eclipse.jetty.proxy.ProxyServlet;
+import org.eclipse.jetty.util.URIUtil;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+
+
+/***
+ * Class that provides the proxy implementation for both secured and unsecured backend connections.
+ *
+ * The following nevironment value is mandatory:
+ * proxyTo - the full URL to the backend server (including protocol and context path if relevant)
+ *
+ * In case of a secured connection (proxyTo starting with https) the following may be set:
+ * sslTrustAll - set to true if all secure connection are accepted
+ * maxPoolConnections - number of connection in the pool, only when overriding the jetty default
+ *
+ * In case of SSL and nto trusting all certificates:
+ * keystorePath - path to the keystore
+ * keystoreType - type of the keystore
+ * keystorePassword - keystore password
+ *
+ * truststorePath - path to the truststore
+ * truststoreType - type of the truststore
+ * truststorePassword - truststore password
+
+ */
+
+public class SSLProxyServlet extends ProxyServlet {
+
+
+    public static final int TIMEOUT = 600000;
+    protected static final String PROXY_TO = "proxyTo";
+    protected static final String TRUST_ALL = "sslTrustAll";
+    protected static final String MAX_POOL_CONNECTIONS = "maxPoolConnections";
+    protected static final String KEYSTORE_PATH = "keystorePath";
+    protected static final String KEYSTORE_TYPE = "keystoreType";
+    protected static final String KEYSTORE_P = "keystorePassword";
+    protected static final String KEYMANAGER_P = "keyManagerPassword";
+    protected static final String KEYSTORE_CYPHER = "keystoreCypher";
+    protected static final String TRUSTSTORE_PATH = "truststorePath";
+    protected static final String TRUSTSTORE_TYPE = "truststoreType";
+    protected static final String TRUSTSTORE_P = "truststorePassword";
+    protected static final String ENDPOINT_IDENTIFICATION_ALGORITHM = "endpointIdentificationAlgorithm";
+    private static final long serialVersionUID = 1L;
+    private static URL proxyUrl = null;
+
+
+    private static void setProxyUrl(URL proxy) {
+        SSLProxyServlet.proxyUrl = proxy;
+    }
+
+    private void initProxyUrl() throws ServletException, MalformedURLException {
+
+        if (SSLProxyServlet.proxyUrl != null)
+            return;
+        String proxyUrlStr = System.getProperty(PROXY_TO);
+        if (proxyUrlStr == null) {
+            throw new ServletException("-D" + PROXY_TO + " must be specified");
+        }
+        setProxyUrl(new URL(proxyUrlStr));
+    }
+
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+        try {
+            initProxyUrl();
+        } catch (MalformedURLException e) {
+            throw new ServletException(e);
+        }
+    }
+
+
+    @Override
+    public void sendProxyRequest(HttpServletRequest request, HttpServletResponse response, Request proxyRequest) {
+
+        @SuppressWarnings("unchecked")
+        Enumeration<String> headerNames = request.getHeaderNames();
+        while (headerNames.hasMoreElements()) {
+            String headerName = headerNames.nextElement();
+            if (!proxyRequest.getHeaders().containsKey(headerName)) {
+                String headerVal = request.getHeader(headerName);
+                proxyRequest.header(headerName, headerVal);
+            }
+        }
+        proxyRequest.getHeaders().remove(HttpHeader.HOST);
+        super.sendProxyRequest(request, response, proxyRequest);
+
+    }
+
+    @Override
+    protected HttpClient newHttpClient() {
+        // ioverride parent method to be able to create a secured client as well.
+        boolean isSecureClient = (
+                proxyUrl.getProtocol() != null &&
+                        proxyUrl.getProtocol().equalsIgnoreCase(HttpScheme.HTTPS.toString()));
+        if ((isSecureClient)) {
+            String trustAll = System.getProperty(TRUST_ALL);
+            SslContextFactory sslContextFactory = null;
+            if (trustAll != null && Boolean.parseBoolean(trustAll) == Boolean.TRUE) {
+                sslContextFactory = new SslContextFactory.Client(true);
+            } else {
+                sslContextFactory = new SslContextFactory.Client(false);
+                // setting up truststore
+                sslContextFactory.setTrustStorePath(System.getProperty(TRUSTSTORE_PATH));
+                sslContextFactory.setTrustStorePassword(System.getProperty(TRUSTSTORE_P));
+                sslContextFactory.setTrustStoreType(System.getProperty(TRUSTSTORE_TYPE));
+                // setting up keystore
+                sslContextFactory.setKeyStorePath(System.getProperty(KEYSTORE_PATH));
+                sslContextFactory.setKeyStorePassword(System.getProperty(KEYSTORE_P));
+                sslContextFactory.setKeyStoreType(System.getProperty(KEYSTORE_TYPE));
+                sslContextFactory.setKeyManagerPassword(System.getProperty(KEYMANAGER_P));
+
+                if (System.getProperty(ENDPOINT_IDENTIFICATION_ALGORITHM) != null &&
+                        !System.getProperty(ENDPOINT_IDENTIFICATION_ALGORITHM).equals("")) {
+                    sslContextFactory
+                            .setEndpointIdentificationAlgorithm(System.getProperty(ENDPOINT_IDENTIFICATION_ALGORITHM));
+                }
+
+                if (System.getProperty(KEYSTORE_CYPHER) != null &&
+                        !System.getProperty(KEYSTORE_CYPHER).equals("")) {
+                    sslContextFactory.setIncludeCipherSuites(System.getProperty(KEYSTORE_CYPHER));
+                }
+            }
+
+            return new HttpClient(sslContextFactory);
+
+        } else {
+            return super.newHttpClient();
+        }
+
+    }
+
+    @Override
+    protected HttpClient createHttpClient() throws ServletException {
+
+        try {
+            initProxyUrl();
+        } catch (MalformedURLException e) {
+            throw new ServletException(e);
+        }
+        // calling the parent and setting the configuration for our implementation
+        HttpClient client = super.createHttpClient();
+        setTimeout(TIMEOUT);
+        client.setIdleTimeout(TIMEOUT);
+        client.setStopTimeout(TIMEOUT);
+        if (System.getProperty(MAX_POOL_CONNECTIONS) != null) {
+            client.setMaxConnectionsPerDestination(
+                    Integer.valueOf(System.getProperty(MAX_POOL_CONNECTIONS)));
+        }
+        return client;
+
+    }
+
+
+
+    @Override
+    protected String rewriteTarget(HttpServletRequest request) {
+
+        String path = proxyUrl.getPath();
+        if (request.getServletPath() != null) {
+            path += request.getServletPath();
+        }
+        if (request.getPathInfo() != null) {
+            path += request.getPathInfo();
+        }
+
+        return URIUtil.newURI(
+                proxyUrl.getProtocol(),
+                proxyUrl.getHost(),
+                proxyUrl.getPort(),
+                path,
+                request.getQueryString());
+    }
+
+}
diff --git a/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml b/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
index a58e1274..279b405e 100644
--- a/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
+++ b/workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
@@ -5,14 +5,13 @@
          version="4.0">
 
     <servlet>
-        <servlet-name>Transparent Proxy</servlet-name>
-        <servlet-class>org.onap.workflow.web.TransparentProxy</servlet-class>
+        <servlet-name>Backend Proxy</servlet-name>
+        <servlet-class>org.onap.workflow.web.SSLProxyServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
         <async-supported>true</async-supported>
     </servlet>
-
     <servlet-mapping>
-        <servlet-name>Transparent Proxy</servlet-name>
+        <servlet-name>Backend Proxy</servlet-name>
         <url-pattern>/wf/*</url-pattern>
         <url-pattern>/v1.0/activity-spec/*</url-pattern>
     </servlet-mapping>