Adding option to support SSL client certificate

Issue-ID: LOG-809 Change-Id: Iccac9569d0449b005a367a68e42b25bb71fdb527 Signed-off-by: Geora Barsky <georab@amdocs.com>
author: Geora Barsky <georab@amdocs.com> 2018-11-27 16:52:45 -0500
committer: Geora Barsky <georab@amdocs.com> 2018-11-28 12:33:43 -0500
commit: 33d1f5de2733b1b0c27082b5cf4fb491fbc9cf35 (patch)
tree: 714ddd2e9b5d304ea20d2c32e3507664aca0abd9
parent: 2f93fe9cf3c05d6606e37576121801dbdb98dd68 (diff)
4 files changed, 96 insertions, 1 deletions
diff --git a/pomba/service-decomposition/config/application.properties b/pomba/service-decomposition/config/application.properties
index d5add3a..c43baac 100644
--- a/pomba/service-decomposition/config/application.properties
+++ b/pomba/service-decomposition/config/application.properties
@@ -21,6 +21,11 @@ basicAuth.password=OBF:1u2a1toa1w8v1tok1u30
 # AAI REST Client Configuration
 aai.serviceName=10.12.6.118
 aai.servicePort=8443
+# AAI APIs authentication mode. Valid values: [basic_auth, client_cert]
+aai.authentication=basic_auth
+aai.trustStorePath=n/a
+aai.keyStorePath=n/a
+aai.keyStorePassword=n/a
 aai.username=AAI
 aai.password=OBF:1gfr1ev31gg7
 aai.httpProtocol=https
diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java
new file mode 100644
index 0000000..512500a
--- /dev/null
+++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.sdnc.apps.pomba.servicedecomposition;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+public class AAIBasicAuthCondition implements Condition {
+
+    @Override
+    public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata)
+    {
+        String authenticationMode = conditionContext.getEnvironment().getProperty("aai.authentication");
+        return authenticationMode.equalsIgnoreCase("basic_auth");
+    }
+}
diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java
new file mode 100644
index 0000000..6c77f73
--- /dev/null
+++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java
@@ -0,0 +1,32 @@
+/*
+ * ============LICENSE_START===================================================
+ * Copyright (c) 2018 Amdocs
+ * ============================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=====================================================
+ */
+package org.onap.sdnc.apps.pomba.servicedecomposition;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+public class AAIClientCertCondition implements Condition {
+
+    @Override
+    public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata)
+    {
+        String authenticationMode = conditionContext.getEnvironment().getProperty("aai.authentication");
+        return authenticationMode.equalsIgnoreCase("client_cert");
+    }
+}
diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java
index a163d2d..ad60b4a 100644
--- a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java
+++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java
@@ -22,6 +22,7 @@ import org.eclipse.jetty.util.security.Password;
 import org.onap.aai.restclient.client.RestClient;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Conditional;
 import org.springframework.stereotype.Component;
 
 @Component
@@ -44,6 +45,18 @@ public class AAIConfiguration {
     @Value("${aai.securityProtocol}")
     private String securityProtocol;
 
+    @Value("${aai.authentication}")
+    private String authenticationMode;
+
+    @Value("${aai.trustStorePath}")
+    private String trustStorePath;
+
+    @Value("${aai.keyStorePath}")
+    private String keyStorePath;
+
+    @Value("${aai.keyStorePassword}")
+    private String keyStorePassword;
+
     @Value("${aai.connectionTimeout}")
     private Integer connectionTimeout;
 
@@ -72,8 +85,9 @@ public class AAIConfiguration {
         return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + Password.deobfuscate(this.password)).getBytes());
     }
 
+    @Conditional(AAIBasicAuthCondition.class)
     @Bean(name="aaiClient")
-    public RestClient restClient() {
+    public RestClient restClientWithBasicAuth() {
         return new RestClient()
                 .validateServerHostname(false)
                 .validateServerCertChain(false)
@@ -83,6 +97,18 @@ public class AAIConfiguration {
                 .readTimeoutMs(this.readTimeout);
     }
 
+    @Conditional(AAIClientCertCondition.class)
+    @Bean(name="aaiClient")
+    public RestClient restClientWithClientCert() {
+        RestClient restClient = new RestClient();
+        System.out.println("in client cert");
+        if (httpProtocol.equals("https"))
+            restClient.validateServerHostname(false).validateServerCertChain(false).trustStore(trustStorePath).clientCertFile(keyStorePath).clientCertPassword(keyStorePassword).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
+        else
+            restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout);
+        return restClient;
+    }
+
     @Bean(name="aaiBaseUrl")
     public String getURL() {
         return this.httpProtocol + "://" + this.host + ":" + this.port;
author	Geora Barsky <georab@amdocs.com>	2018-11-27 16:52:45 -0500
committer	Geora Barsky <georab@amdocs.com>	2018-11-28 12:33:43 -0500
commit	33d1f5de2733b1b0c27082b5cf4fb491fbc9cf35 (patch)
tree	714ddd2e9b5d304ea20d2c32e3507664aca0abd9
parent	2f93fe9cf3c05d6606e37576121801dbdb98dd68 (diff)