2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END============================================
20 * ===================================================================
24 package org.onap.clamp.clds.filter;
26 import com.att.eelf.configuration.EELFLogger;
27 import com.att.eelf.configuration.EELFManager;
29 import java.io.ByteArrayInputStream;
31 import java.io.IOException;
32 import java.io.InputStream;
33 import java.nio.file.StandardCopyOption;
34 import java.security.cert.CertificateException;
35 import java.security.cert.CertificateFactory;
36 import java.security.cert.X509Certificate;
38 import javax.servlet.FilterChain;
39 import javax.servlet.FilterConfig;
40 import javax.servlet.ServletException;
41 import javax.servlet.ServletRequest;
42 import javax.servlet.ServletResponse;
43 import javax.servlet.http.HttpServletRequest;
45 import org.onap.aaf.cadi.config.Config;
46 import org.onap.aaf.cadi.filter.CadiFilter;
47 import org.springframework.beans.factory.annotation.Autowired;
48 import org.springframework.beans.factory.annotation.Value;
49 import org.springframework.context.ApplicationContext;
51 public class ClampCadiFilter extends CadiFilter {
52 private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class);
55 private ApplicationContext appContext;
57 @Value("${server.ssl.key-store:#{null}}")
58 private String keyStore;
60 @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}")
61 private String keyStorePass;
63 @Value("${server.ssl.trust-store:#{null}}")
64 private String trustStore;
66 @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}")
67 private String trustStorePass;
69 @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
72 @Value("${clamp.config.cadi.keyFile:#{null}}")
73 private String keyFile;
75 @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
76 private String cadiLoglevel;
78 @Value("${clamp.config.cadi.cadiLatitude:#{null}}")
79 private String cadiLatitude;
81 @Value("${clamp.config.cadi.cadiLongitude:#{null}}")
82 private String cadiLongitude;
84 @Value("${clamp.config.cadi.aafLocateUrl:#{null}}")
85 private String aafLocateUrl;
87 @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}")
88 private String oauthTokenUrl;
90 @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}")
91 private String oauthIntrospectUrl;
93 @Value("${clamp.config.cadi.aafEnv:#{null}}")
94 private String aafEnv;
96 @Value("${clamp.config.cadi.aafUrl:#{null}}")
97 private String aafUrl;
99 @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
100 private String cadiX509Issuers;
102 private void checkIfNullProperty(String key, String value) {
104 * When value is null, so not defined in application.properties set nothing in
109 * Ensure that any properties already defined in System.prop by JVM params won't
110 * be overwritten by Spring application.properties values
112 System.setProperty(key, System.getProperty(key, value));
117 public void init(FilterConfig filterConfig) throws ServletException {
118 // set some properties in System so that Cadi filter will find its config
119 // The JVM values set will always overwrite the Spring ones.
120 checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile));
121 checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
122 checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
123 checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
125 checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
126 checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl);
127 checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl);
129 checkIfNullProperty(Config.AAF_ENV, aafEnv);
130 checkIfNullProperty(Config.AAF_URL, aafUrl);
131 checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers);
132 checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore));
133 checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore));
134 checkIfNullProperty(Config.CADI_ALIAS, alias);
135 checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass);
136 checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass);
138 super.init(filterConfig);
142 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
143 throws IOException, ServletException {
145 String certHeader = ((HttpServletRequest) request).getHeader("X-SSL-Cert");
146 if (certHeader != null) {
148 CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
149 X509Certificate cert = (X509Certificate) certificateFactory
150 .generateCertificate(new ByteArrayInputStream(certHeader.getBytes()));
151 request.setAttribute("javax.servlet.request.X509Certificate", cert);
154 } catch (CertificateException e) {
155 logger.error("Unable to inject the X.509 certificate", e);
157 super.doFilter(request, response, chain);
160 private String convertSpringToPath(String fileName) {
161 try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
162 if (!fileName.contains("file:")) {
163 File targetFile = new File(appContext.getResource(fileName).getFilename());
164 java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
165 return targetFile.getPath();
167 return appContext.getResource(fileName).getFile().getPath();
169 } catch (IOException e) {
170 logger.error("Unable to open and copy the file: " + fileName, e);