From 33d1f5de2733b1b0c27082b5cf4fb491fbc9cf35 Mon Sep 17 00:00:00 2001 From: Geora Barsky Date: Tue, 27 Nov 2018 16:52:45 -0500 Subject: Adding option to support SSL client certificate Issue-ID: LOG-809 Change-Id: Iccac9569d0449b005a367a68e42b25bb71fdb527 Signed-off-by: Geora Barsky --- .../config/application.properties | 5 ++++ .../AAIBasicAuthCondition.java | 32 ++++++++++++++++++++++ .../AAIClientCertCondition.java | 32 ++++++++++++++++++++++ .../servicedecomposition/AAIConfiguration.java | 28 ++++++++++++++++++- 4 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java create mode 100644 pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java (limited to 'pomba') diff --git a/pomba/service-decomposition/config/application.properties b/pomba/service-decomposition/config/application.properties index d5add3a..c43baac 100644 --- a/pomba/service-decomposition/config/application.properties +++ b/pomba/service-decomposition/config/application.properties @@ -21,6 +21,11 @@ basicAuth.password=OBF:1u2a1toa1w8v1tok1u30 # AAI REST Client Configuration aai.serviceName=10.12.6.118 aai.servicePort=8443 +# AAI APIs authentication mode. Valid values: [basic_auth, client_cert] +aai.authentication=basic_auth +aai.trustStorePath=n/a +aai.keyStorePath=n/a +aai.keyStorePassword=n/a aai.username=AAI aai.password=OBF:1gfr1ev31gg7 aai.httpProtocol=https diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java new file mode 100644 index 0000000..512500a --- /dev/null +++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIBasicAuthCondition.java @@ -0,0 +1,32 @@ +/* + * ============LICENSE_START=================================================== + * Copyright (c) 2018 Amdocs + * ============================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================================== + */ +package org.onap.sdnc.apps.pomba.servicedecomposition; + +import org.springframework.context.annotation.Condition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.core.type.AnnotatedTypeMetadata; + +public class AAIBasicAuthCondition implements Condition { + + @Override + public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) + { + String authenticationMode = conditionContext.getEnvironment().getProperty("aai.authentication"); + return authenticationMode.equalsIgnoreCase("basic_auth"); + } +} diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java new file mode 100644 index 0000000..6c77f73 --- /dev/null +++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIClientCertCondition.java @@ -0,0 +1,32 @@ +/* + * ============LICENSE_START=================================================== + * Copyright (c) 2018 Amdocs + * ============================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================================== + */ +package org.onap.sdnc.apps.pomba.servicedecomposition; + +import org.springframework.context.annotation.Condition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.core.type.AnnotatedTypeMetadata; + +public class AAIClientCertCondition implements Condition { + + @Override + public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) + { + String authenticationMode = conditionContext.getEnvironment().getProperty("aai.authentication"); + return authenticationMode.equalsIgnoreCase("client_cert"); + } +} diff --git a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java index a163d2d..ad60b4a 100644 --- a/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java +++ b/pomba/service-decomposition/src/main/java/org/onap/sdnc/apps/pomba/servicedecomposition/AAIConfiguration.java @@ -22,6 +22,7 @@ import org.eclipse.jetty.util.security.Password; import org.onap.aai.restclient.client.RestClient; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Conditional; import org.springframework.stereotype.Component; @Component @@ -44,6 +45,18 @@ public class AAIConfiguration { @Value("${aai.securityProtocol}") private String securityProtocol; + @Value("${aai.authentication}") + private String authenticationMode; + + @Value("${aai.trustStorePath}") + private String trustStorePath; + + @Value("${aai.keyStorePath}") + private String keyStorePath; + + @Value("${aai.keyStorePassword}") + private String keyStorePassword; + @Value("${aai.connectionTimeout}") private Integer connectionTimeout; @@ -72,8 +85,9 @@ public class AAIConfiguration { return "Basic " + Base64.getEncoder().encodeToString((this.username + ":" + Password.deobfuscate(this.password)).getBytes()); } + @Conditional(AAIBasicAuthCondition.class) @Bean(name="aaiClient") - public RestClient restClient() { + public RestClient restClientWithBasicAuth() { return new RestClient() .validateServerHostname(false) .validateServerCertChain(false) @@ -83,6 +97,18 @@ public class AAIConfiguration { .readTimeoutMs(this.readTimeout); } + @Conditional(AAIClientCertCondition.class) + @Bean(name="aaiClient") + public RestClient restClientWithClientCert() { + RestClient restClient = new RestClient(); + System.out.println("in client cert"); + if (httpProtocol.equals("https")) + restClient.validateServerHostname(false).validateServerCertChain(false).trustStore(trustStorePath).clientCertFile(keyStorePath).clientCertPassword(keyStorePassword).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout); + else + restClient.validateServerHostname(false).validateServerCertChain(false).connectTimeoutMs(connectionTimeout).readTimeoutMs(readTimeout); + return restClient; + } + @Bean(name="aaiBaseUrl") public String getURL() { return this.httpProtocol + "://" + this.host + ":" + this.port; -- cgit 1.2.3-korg