2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2018 European Software Marketing Ltd.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.aaf.cadi.sidecar.rproxy;
22 import java.io.IOException;
23 import java.security.GeneralSecurityException;
24 import java.util.HashMap;
25 import java.util.Properties;
26 import javax.annotation.PostConstruct;
27 import javax.annotation.Resource;
28 import javax.net.ssl.SSLContext;
29 import org.apache.http.conn.ssl.NoopHostnameVerifier;
30 import org.apache.http.impl.client.HttpClientBuilder;
31 import org.apache.http.impl.client.HttpClients;
32 import org.apache.http.ssl.SSLContextBuilder;
33 import org.eclipse.jetty.util.security.Password;
34 import org.onap.aaf.cadi.filter.CadiFilter;
35 import org.onap.aaf.cadi.sidecar.rproxy.config.ForwardProxyProperties;
36 import org.onap.aaf.cadi.sidecar.rproxy.config.PrimaryServiceProperties;
37 import org.onap.aaf.cadi.sidecar.rproxy.config.ReverseProxySSLProperties;
38 import org.onap.aaf.cadi.sidecar.rproxy.mocks.ReverseProxyMockCadiFilter;
39 import org.springframework.beans.factory.annotation.Autowired;
40 import org.springframework.boot.autoconfigure.SpringBootApplication;
41 import org.springframework.boot.builder.SpringApplicationBuilder;
42 import org.springframework.boot.context.properties.EnableConfigurationProperties;
43 import org.springframework.boot.web.client.RestTemplateBuilder;
44 import org.springframework.boot.web.servlet.FilterRegistrationBean;
45 import org.springframework.boot.web.servlet.RegistrationBean;
46 import org.springframework.boot.web.servlet.ServletComponentScan;
47 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
48 import org.springframework.context.annotation.Bean;
49 import org.springframework.context.annotation.Profile;
50 import org.springframework.context.annotation.PropertySource;
51 import org.springframework.core.env.Environment;
52 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
53 import org.springframework.util.ResourceUtils;
54 import org.springframework.web.client.RestTemplate;
56 @SpringBootApplication
58 @EnableConfigurationProperties(ReverseProxySSLProperties.class)
59 @PropertySource("file:${CONFIG_HOME}/reverse-proxy.properties")
60 public class ReverseProxyApplication extends SpringBootServletInitializer {
62 private static final String CADI_TRUSTSTORE_PASS = "cadi_truststore_password";
65 private Environment env;
68 * Spring Boot Initialisation.
70 * @param args main args
72 public static void main(String[] args) {
73 String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD");
74 if (keyStorePassword == null || keyStorePassword.isEmpty()) {
75 throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set");
77 HashMap<String, Object> props = new HashMap<>();
78 props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
79 new ReverseProxyApplication()
80 .configure(new SpringApplicationBuilder(ReverseProxyApplication.class).properties(props)).run(args);
84 * Set required trust store system properties using values from application.properties
87 public void setSystemProperties() {
88 String keyStorePath = env.getProperty("server.ssl.key-store");
89 if (keyStorePath != null) {
90 String keyStorePassword = env.getProperty("server.ssl.key-store-password");
92 if (keyStorePassword != null) {
93 System.setProperty("javax.net.ssl.keyStore", keyStorePath);
94 System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
95 System.setProperty("javax.net.ssl.trustStore", keyStorePath);
96 System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
98 throw new IllegalArgumentException("Env property server.ssl.key-store-password not set");
104 private ReverseProxySSLProperties reverseProxySSLProperties;
107 Properties cadiProps;
109 @Bean(name = "ForwardProxyProperties")
110 public ForwardProxyProperties forwardProxyProperties() {
111 return new ForwardProxyProperties();
114 @Bean(name = "PrimaryServiceProperties")
115 public PrimaryServiceProperties primaryServiceProperties() {
116 return new PrimaryServiceProperties();
121 public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
122 return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build()));
125 @Profile("noHostVerification")
127 public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder)
128 throws GeneralSecurityException, IOException {
129 return new RestTemplate(new HttpComponentsClientHttpRequestFactory(
130 getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build()));
133 private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
135 SSLContext sslContext = SSLContextBuilder.create()
136 .loadKeyMaterial(ResourceUtils.getFile(reverseProxySSLProperties.getClientcert()),
137 reverseProxySSLProperties.getKeystorePassword().toCharArray(),
138 reverseProxySSLProperties.getKeystorePassword().toCharArray())
139 .loadTrustMaterial(ResourceUtils.getFile(reverseProxySSLProperties.getKeystore()),
140 reverseProxySSLProperties.getKeystorePassword().toCharArray())
143 return HttpClients.custom().setSSLContext(sslContext);
148 public FilterRegistrationBean<CadiFilter> registerCADIFilter() {
150 FilterRegistrationBean<CadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
152 filterRegistrationBean.setFilter(new CadiFilter());
153 filterRegistrationBean.addUrlPatterns("/*");
154 filterRegistrationBean.setName("CADIFilter");
155 filterRegistrationBean.setOrder(RegistrationBean.HIGHEST_PRECEDENCE);
157 // Deobfuscate truststore password
158 String trustStorePassword = cadiProps.getProperty(CADI_TRUSTSTORE_PASS);
159 if (trustStorePassword != null) {
160 cadiProps.setProperty(CADI_TRUSTSTORE_PASS, Password.deobfuscate(trustStorePassword));
163 // Add filter init params
164 cadiProps.forEach((k, v) -> filterRegistrationBean.addInitParameter((String) k, (String) v));
166 return filterRegistrationBean;
171 public FilterRegistrationBean<ReverseProxyMockCadiFilter> registerMockCADIFilter() {
173 FilterRegistrationBean<ReverseProxyMockCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
175 filterRegistrationBean.setFilter(new ReverseProxyMockCadiFilter());
176 filterRegistrationBean.addUrlPatterns("/*");
177 filterRegistrationBean.setName("CADIFilter");
178 filterRegistrationBean.setOrder(RegistrationBean.HIGHEST_PRECEDENCE);
180 return filterRegistrationBean;